Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
File:                     AS214834.roa (raw, json)
Hash identifier:          LFpulaZizqleOBA16tepScdyP++Iqk9doQ/nJB08DiM=
Subject key identifier:   30:9B:AF:B8:FE:2E:37:AB:B3:DD:76:5E:71:87:04:A1:15:09:CA:06
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0C5FB6710E051857851FF4BC8D4B1D5326083DC4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
Signing time:             Tue 05 Aug 2025 07:06:28 +0000
ROA not before:           Tue 05 Aug 2025 07:01:28 +0000
ROA not after:            Tue 04 Aug 2026 07:06:28 +0000
asID:                     214834
IP address blocks:        2a13:9500:63::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:5f:b6:71:0e:05:18:57:85:1f:f4:bc:8d:4b:1d:53:26:08:3d:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  5 07:01:28 2025 GMT
            Not After : Aug  4 07:06:28 2026 GMT
        Subject: CN=309BAFB8FE2E37ABB3DD765E718704A11509CA06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:cb:1b:ad:93:15:9f:14:02:06:30:b0:47:
                    bd:47:b2:40:63:6b:d8:7e:03:0a:17:bf:c9:7c:cd:
                    56:3f:ed:27:a6:67:91:ba:ca:46:67:a0:dd:9e:2d:
                    19:1d:2e:0a:96:ed:26:4b:bf:ef:3d:3c:d5:39:62:
                    8b:26:60:8d:cb:19:9c:85:39:f0:3b:65:09:a2:cb:
                    69:90:93:18:18:ea:c4:b5:cd:e5:0b:c3:11:ae:09:
                    33:71:9f:09:0b:d9:f1:b8:67:9a:df:c1:e2:2f:1e:
                    0a:c4:27:c5:fd:60:b7:71:1b:6c:8f:90:9e:51:1b:
                    71:ec:fa:36:3a:ae:a9:30:38:8e:10:e4:96:cb:b0:
                    4a:be:89:2a:e7:d4:9b:53:0e:78:53:39:a0:fa:15:
                    40:c1:35:12:27:40:7f:27:0c:f4:f3:df:08:14:3a:
                    74:57:16:9a:e9:32:46:88:61:be:0a:ad:9e:08:df:
                    36:43:73:62:06:92:6b:9a:cd:e1:e8:71:d9:9d:d8:
                    0c:ad:42:14:f1:35:c8:d2:5d:f4:46:26:5b:c7:a2:
                    62:77:f8:a0:65:ce:1d:f5:aa:e8:87:c5:53:fd:5a:
                    2f:dc:4b:1a:dd:02:54:d9:db:2f:04:0d:86:86:85:
                    d3:23:46:cd:9d:0d:92:04:2e:2c:0a:ac:9b:4b:a5:
                    27:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:9B:AF:B8:FE:2E:37:AB:B3:DD:76:5E:71:87:04:A1:15:09:CA:06
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:63::/48

    Signature Algorithm: sha256WithRSAEncryption
         95:3f:bb:8a:ff:1d:f9:0e:88:28:53:fb:71:99:c9:bd:63:7a:
         e0:aa:6d:e7:a0:a1:b0:99:de:3b:ba:22:be:67:48:c0:9a:29:
         ae:f3:c6:53:57:45:79:10:ec:ce:05:3e:81:98:10:a5:1a:cf:
         4b:2d:5d:1d:a1:87:5f:36:ba:0b:65:92:f8:d7:8f:63:8a:e3:
         b1:34:82:1f:9b:95:52:65:a3:b9:0e:89:27:a7:12:0c:69:6e:
         5d:31:17:a0:a4:5c:57:a4:73:d5:c0:70:47:48:c3:fb:26:c6:
         1a:08:ad:10:77:8d:a9:4d:ca:a6:83:63:4a:e1:6e:3d:fb:3e:
         a2:bf:5d:78:2a:f8:2f:a0:72:cf:f7:fb:94:81:5a:dc:cc:93:
         7d:69:8b:08:4a:c9:b4:9b:ba:54:3b:e4:f5:87:e2:21:a5:2e:
         29:c4:32:67:2d:30:a2:1f:db:44:4f:3e:95:76:99:8f:6c:b4:
         c2:c9:2a:1e:ae:84:44:be:04:80:71:74:7f:fa:3f:b8:cf:e3:
         e1:29:7c:37:a4:2a:92:d4:8a:69:b2:51:d1:90:51:c4:d1:08:
         fa:e2:1e:33:1e:92:e9:ed:6e:51:07:bc:5f:48:e2:9c:45:1e:
         32:48:1d:d3:fe:ff:b5:71:b7:64:50:35:55:ce:45:2b:ba:24:
         a7:c2:0c:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDF+2cQ4FGFeFH/S8jUsdUyYIPcQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDUwNzAxMjhaFw0yNjA4MDQwNzA2MjhaMDMxMTAvBgNV
BAMTKDMwOUJBRkI4RkUyRTM3QUJCM0RENzY1RTcxODcwNEExMTUwOUNBMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8rcsbrZMVnxQCBjCwR71HskBj
a9h+AwoXv8l8zVY/7SemZ5G6ykZnoN2eLRkdLgqW7SZLv+89PNU5YosmYI3LGZyF
OfA7ZQmiy2mQkxgY6sS1zeULwxGuCTNxnwkL2fG4Z5rfweIvHgrEJ8X9YLdxG2yP
kJ5RG3Hs+jY6rqkwOI4Q5JbLsEq+iSrn1JtTDnhTOaD6FUDBNRInQH8nDPTz3wgU
OnRXFprpMkaIYb4KrZ4I3zZDc2IGkmuazeHocdmd2AytQhTxNcjSXfRGJlvHomJ3
+KBlzh31quiHxVP9Wi/cSxrdAlTZ2y8EDYaGhdMjRs2dDZIELiwKrJtLpSdpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMJuvuP4uN6uz3XZecYcEoRUJygYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABjMA0GCSqGSIb3DQEBCwUAA4IBAQCVP7uK/x35DogoU/txmcm9Y3rgqm3noKGw
md47uiK+Z0jAmimu88ZTV0V5EOzOBT6BmBClGs9LLV0doYdfNroLZZL4149jiuOx
NIIfm5VSZaO5DoknpxIMaW5dMRegpFxXpHPVwHBHSMP7JsYaCK0Qd42pTcqmg2NK
4W49+z6iv114KvgvoHLP9/uUgVrczJN9aYsISsm0m7pUO+T1h+IhpS4pxDJnLTCi
H9tETz6VdpmPbLTCySoeroREvgSAcXR/+j+4z+PhKXw3pCqS1IppslHRkFHE0Qj6
4h4zHpLp7W5RB7xfSOKcRR4ySB3T/v+1cbdkUDVVzkUruiSnwgxA
-----END CERTIFICATE-----