Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa
File:                     AS215353.roa (raw, json)
Hash identifier:          dDNwNfo2tTJ5ISM5W2NefQ548Z/QBUXpDciJbGDxPbA=
Subject key identifier:   C8:B2:8E:B2:CF:3F:10:46:7A:28:5A:C7:AB:70:0C:43:87:99:37:BE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5BBA5EC3AB4FFC1DF911003FED4AF36B43BA563F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa
Signing time:             Thu 07 Aug 2025 09:01:12 +0000
ROA not before:           Thu 07 Aug 2025 08:56:12 +0000
ROA not after:            Thu 06 Aug 2026 09:01:12 +0000
asID:                     215353
IP address blocks:        2a13:9500:bf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:ba:5e:c3:ab:4f:fc:1d:f9:11:00:3f:ed:4a:f3:6b:43:ba:56:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  7 08:56:12 2025 GMT
            Not After : Aug  6 09:01:12 2026 GMT
        Subject: CN=C8B28EB2CF3F10467A285AC7AB700C43879937BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f1:2b:ec:77:f1:86:de:04:0c:a6:47:37:a1:
                    8c:6e:1f:ed:76:64:30:ad:ac:d8:db:50:94:27:8a:
                    00:de:7a:48:07:50:00:3c:82:f6:20:55:e3:f7:62:
                    8f:84:77:b2:ce:ab:d9:eb:e5:48:f7:b0:05:0c:1a:
                    6c:45:81:42:4f:f2:6f:90:16:6b:a9:ad:d7:1e:f3:
                    95:56:f1:04:3d:25:55:ca:9b:57:f0:b9:d1:68:01:
                    3f:14:21:da:21:17:a6:e8:8d:7b:9c:c6:cb:96:98:
                    fa:7c:54:7b:7f:a5:a3:ab:55:d9:d0:66:ef:65:37:
                    ac:9b:9a:7d:d4:68:48:2f:36:fe:dd:88:af:27:e0:
                    b3:45:c9:5f:ec:75:45:51:a8:96:e6:fb:96:a0:ba:
                    fe:1e:79:be:66:35:f6:b5:27:cc:90:32:0d:e5:48:
                    7b:d4:6a:a0:f2:b0:f2:48:59:c7:db:9b:ce:5a:3a:
                    14:0e:b6:47:d8:6c:98:9f:76:b6:6a:cb:3b:4b:d4:
                    eb:74:9b:87:b1:9b:87:5b:9f:7f:67:c0:5b:f0:eb:
                    b5:60:31:af:4e:43:82:12:a5:6d:0b:e5:c3:df:92:
                    4a:02:24:94:58:cb:f2:c0:d4:65:20:75:1b:6a:db:
                    ba:49:a6:69:69:18:72:d2:ed:be:48:65:34:07:67:
                    28:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:B2:8E:B2:CF:3F:10:46:7A:28:5A:C7:AB:70:0C:43:87:99:37:BE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215353.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:bf::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:45:6b:bf:67:85:d8:e0:76:51:3d:4c:eb:2f:52:24:95:c7:
         c5:55:c2:b4:5a:d9:cb:00:b7:87:41:9b:7f:13:a5:f6:96:0e:
         5b:a9:78:80:93:5a:bc:96:39:ad:0c:04:85:72:63:9b:22:b7:
         3d:97:a1:2c:36:7b:f7:f5:6f:1f:80:f2:39:c3:ee:e6:48:23:
         3c:c3:a2:cb:f0:4d:8e:88:fe:e5:7c:c3:32:d8:08:d3:a4:86:
         b5:fb:0f:df:1c:8b:93:2d:7d:04:83:03:07:85:fa:cf:b1:9d:
         6f:fa:61:85:54:cd:bb:02:df:79:fc:33:b7:4c:66:ec:ba:3c:
         b6:62:d7:b7:10:b2:8e:d5:d5:00:6c:a9:5c:10:70:d8:4c:c0:
         07:cd:d4:51:b8:9b:8b:d1:fc:4f:fb:41:59:32:9f:86:61:18:
         82:b1:0f:51:3e:f0:75:ea:5a:6c:c3:f8:05:7a:e1:8d:39:af:
         96:ed:48:74:9b:bc:6a:86:63:76:69:14:6d:e7:6f:b9:93:df:
         33:f6:c7:cb:83:2d:08:53:32:0c:e0:c3:c7:48:c8:69:db:f2:
         11:cb:d6:e0:ab:32:5e:73:d5:8e:78:63:6e:09:f8:a8:87:17:
         aa:a1:82:7a:a9:2c:ed:a9:8c:46:5c:d1:22:f1:3d:4a:23:c1:
         30:a3:ab:8a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUW7pew6tP/B35EQA/7Urza0O6Vj8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDcwODU2MTJaFw0yNjA4MDYwOTAxMTJaMDMxMTAvBgNV
BAMTKEM4QjI4RUIyQ0YzRjEwNDY3QTI4NUFDN0FCNzAwQzQzODc5OTM3QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc8Svsd/GG3gQMpkc3oYxuH+12
ZDCtrNjbUJQnigDeekgHUAA8gvYgVeP3Yo+Ed7LOq9nr5Uj3sAUMGmxFgUJP8m+Q
Fmuprdce85VW8QQ9JVXKm1fwudFoAT8UIdohF6bojXucxsuWmPp8VHt/paOrVdnQ
Zu9lN6ybmn3UaEgvNv7diK8n4LNFyV/sdUVRqJbm+5aguv4eeb5mNfa1J8yQMg3l
SHvUaqDysPJIWcfbm85aOhQOtkfYbJifdrZqyztL1Ot0m4exm4dbn39nwFvw67Vg
Ma9OQ4ISpW0L5cPfkkoCJJRYy/LA1GUgdRtq27pJpmlpGHLS7b5IZTQHZyhVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyLKOss8/EEZ6KFrHq3AMQ4eZN74wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAC/MA0GCSqGSIb3DQEBCwUAA4IBAQAJRWu/Z4XY4HZRPUzrL1IklcfFVcK0WtnL
ALeHQZt/E6X2lg5bqXiAk1q8ljmtDASFcmObIrc9l6EsNnv39W8fgPI5w+7mSCM8
w6LL8E2OiP7lfMMy2AjTpIa1+w/fHIuTLX0EgwMHhfrPsZ1v+mGFVM27At95/DO3
TGbsujy2Yte3ELKO1dUAbKlcEHDYTMAHzdRRuJuL0fxP+0FZMp+GYRiCsQ9RPvB1
6lpsw/gFeuGNOa+W7Uh0m7xqhmN2aRRt52+5k98z9sfLgy0IUzIM4MPHSMhp2/IR
y9bgqzJec9WOeGNuCfiohxeqoYJ6qSztqYxGXNEi8T1KI8Ewo6uK
-----END CERTIFICATE-----