Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa
File:                     AS214838.roa (raw, json)
Hash identifier:          DH3OHJlgzblgFJfEIv1zXmXe//wqIvqH7sOYZtUdhcg=
Subject key identifier:   1E:63:6C:01:1A:D8:F7:67:98:2C:99:05:EF:5B:D2:F6:C0:D7:AC:06
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4899497A8B73BEBAA2E95C6DAB7108F6E0210109
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa
Signing time:             Thu 30 Apr 2026 10:47:07 +0000
ROA not before:           Thu 30 Apr 2026 10:42:07 +0000
ROA not after:            Thu 29 Apr 2027 10:47:07 +0000
asID:                     214838
IP address blocks:        2a13:9500:6f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:99:49:7a:8b:73:be:ba:a2:e9:5c:6d:ab:71:08:f6:e0:21:01:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 30 10:42:07 2026 GMT
            Not After : Apr 29 10:47:07 2027 GMT
        Subject: CN=1E636C011AD8F767982C9905EF5BD2F6C0D7AC06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:4e:08:22:91:d7:e0:f9:77:f6:ed:f2:3a:ca:
                    88:d5:f9:f1:f8:7d:f3:7f:3a:d3:8b:d1:12:76:f6:
                    22:dd:02:da:ea:e2:12:46:4c:6f:4d:8b:f4:70:98:
                    52:e4:32:bf:79:a5:2d:a3:02:07:78:83:12:4f:15:
                    0a:38:86:54:4e:70:5d:23:79:1a:5a:b0:08:40:ea:
                    24:00:78:ef:f8:25:6b:2a:c9:d2:6d:4e:d1:fa:c0:
                    2b:32:b9:3c:3c:e6:67:27:98:c8:04:6c:d3:cc:c0:
                    33:d5:49:f8:74:e7:c2:bc:90:d0:fc:9c:0d:53:04:
                    8f:30:26:9c:70:c3:9d:c5:d1:88:65:4f:5c:d4:0c:
                    f9:47:37:88:48:4f:92:db:d8:c0:c5:0f:a4:46:1b:
                    4a:ad:ca:7f:47:f2:70:ff:c4:b8:a4:e2:9e:2e:68:
                    98:7b:3f:ec:cb:c5:5d:79:c8:be:78:5f:3f:f9:52:
                    f9:da:d1:8c:27:b0:20:d3:9c:67:19:03:1b:5a:55:
                    9b:75:bd:38:62:e6:1e:4c:8c:6a:3b:8a:6c:bc:94:
                    ae:a3:ca:e3:63:b4:df:35:71:bf:b3:da:f9:f3:fc:
                    a4:bc:fe:83:16:75:67:3e:7f:43:42:03:e5:28:e4:
                    19:e1:ea:11:22:8f:75:be:e7:27:11:21:4a:fe:4c:
                    01:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:63:6C:01:1A:D8:F7:67:98:2C:99:05:EF:5B:D2:F6:C0:D7:AC:06
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:6f::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:b9:91:c8:bb:ea:4b:b7:3d:4f:1d:48:75:8f:18:8b:71:fc:
         c5:5b:8b:50:9f:1e:aa:73:85:f6:cf:70:b5:0f:c6:ee:f3:75:
         be:e8:c2:b1:26:40:f5:06:55:0c:d0:7b:7d:e8:b5:c6:95:ef:
         52:e3:38:a1:ba:29:d5:21:1d:c0:98:d9:19:97:bf:f9:8e:65:
         82:ae:e2:7b:9f:6f:3b:e0:f6:87:5d:78:6c:ef:54:d3:a4:7d:
         ed:c1:a4:5f:d3:21:17:30:dc:31:eb:be:85:8e:70:12:06:48:
         a0:2f:48:66:81:5a:fd:d6:8f:ee:74:df:9b:93:a3:50:f3:5d:
         fc:c4:f0:f3:0f:9e:27:08:dc:0c:23:89:00:13:7a:95:c4:aa:
         18:4b:09:f8:71:44:c1:72:b8:51:b1:07:e2:31:59:b0:d0:5b:
         51:95:9c:93:e4:6a:68:48:04:d0:ef:35:94:e1:d9:93:a4:4a:
         aa:6e:48:2a:0d:d2:ee:81:27:c7:df:52:03:67:7a:ab:3f:13:
         e0:e6:30:cd:1b:99:b9:1d:72:a4:69:08:0a:d8:6c:da:0a:25:
         c5:1b:d3:2d:77:6c:4c:29:c6:99:8b:8b:23:a2:c1:08:a8:1d:
         40:f3:8a:09:b7:a1:c6:16:ea:8f:ec:91:17:e0:38:b2:53:dd:
         6f:3d:db:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSJlJeotzvrqi6Vxtq3EI9uAhAQkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MzAxMDQyMDdaFw0yNzA0MjkxMDQ3MDdaMDMxMTAvBgNV
BAMTKDFFNjM2QzAxMUFEOEY3Njc5ODJDOTkwNUVGNUJEMkY2QzBEN0FDMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZTggikdfg+Xf27fI6yojV+fH4
ffN/OtOL0RJ29iLdAtrq4hJGTG9Ni/RwmFLkMr95pS2jAgd4gxJPFQo4hlROcF0j
eRpasAhA6iQAeO/4JWsqydJtTtH6wCsyuTw85mcnmMgEbNPMwDPVSfh058K8kND8
nA1TBI8wJpxww53F0YhlT1zUDPlHN4hIT5Lb2MDFD6RGG0qtyn9H8nD/xLik4p4u
aJh7P+zLxV15yL54Xz/5Uvna0YwnsCDTnGcZAxtaVZt1vThi5h5MjGo7imy8lK6j
yuNjtN81cb+z2vnz/KS8/oMWdWc+f0NCA+Uo5Bnh6hEij3W+5ycRIUr+TAE9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUHmNsARrY92eYLJkF71vS9sDXrAYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABvMA0GCSqGSIb3DQEBCwUAA4IBAQByuZHIu+pLtz1PHUh1jxiLcfzFW4tQnx6q
c4X2z3C1D8bu83W+6MKxJkD1BlUM0Ht96LXGle9S4zihuinVIR3AmNkZl7/5jmWC
ruJ7n2874PaHXXhs71TTpH3twaRf0yEXMNwx676FjnASBkigL0hmgVr91o/udN+b
k6NQ8138xPDzD54nCNwMI4kAE3qVxKoYSwn4cUTBcrhRsQfiMVmw0FtRlZyT5Gpo
SATQ7zWU4dmTpEqqbkgqDdLugSfH31IDZ3qrPxPg5jDNG5m5HXKkaQgK2GzaCiXF
G9Mtd2xMKcaZi4sjosEIqB1A84oJt6HGFuqP7JEX4DiyU91vPdu1
-----END CERTIFICATE-----