Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216182.roa
File:                     AS216182.roa (raw, json)
Hash identifier:          uIFvROseknqAZbLzxLmQVHa+/lPEZpXP6pgUFiCx0qI=
Subject key identifier:   B1:73:FA:72:3E:DC:A6:09:66:86:EF:88:02:97:B0:CF:0A:EB:AB:F9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1411FFCAFC60CC7F4672B8C849A5AA784C6EC449
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216182.roa
Signing time:             Sun 10 Aug 2025 10:42:08 +0000
ROA not before:           Sun 10 Aug 2025 10:37:08 +0000
ROA not after:            Sun 09 Aug 2026 10:42:08 +0000
asID:                     216182
IP address blocks:        2a13:9500:c2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:11:ff:ca:fc:60:cc:7f:46:72:b8:c8:49:a5:aa:78:4c:6e:c4:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 10 10:37:08 2025 GMT
            Not After : Aug  9 10:42:08 2026 GMT
        Subject: CN=B173FA723EDCA6096686EF880297B0CF0AEBABF9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ee:67:83:72:2f:c1:b7:92:cf:07:cb:02:6f:
                    aa:c8:48:17:61:4d:cf:a8:bb:48:a2:e4:20:3b:aa:
                    2f:95:3f:9d:38:74:1f:2c:3d:c3:4e:fe:7c:bd:16:
                    7e:79:2c:7a:58:50:b3:62:6b:d4:24:e6:64:27:ba:
                    40:44:9c:2a:86:10:d1:b0:fd:58:fa:4a:64:5b:67:
                    c9:36:3b:51:2d:4d:7d:81:b9:f1:0a:07:66:d4:67:
                    63:7d:f1:4d:77:f0:65:78:5a:f0:d0:fb:a3:5b:e6:
                    e0:2a:fe:f8:bc:63:0e:87:9f:53:e6:47:3a:3e:f0:
                    08:de:6a:5a:52:73:ec:7a:b4:cd:b7:60:6b:63:4f:
                    b3:18:e6:da:74:31:e2:26:f1:74:25:a7:4b:5e:78:
                    b0:25:c4:b1:6b:22:0c:ad:07:68:36:1c:dc:ad:2a:
                    1c:88:ab:7b:c0:60:49:ef:9f:41:04:d2:b4:61:9e:
                    42:dc:aa:75:e8:ec:10:ef:ed:a7:6a:4e:75:c0:f0:
                    65:a1:b0:f8:76:15:c8:eb:6f:6a:5d:ef:de:da:3c:
                    84:8c:b1:88:34:73:22:a9:2c:16:fb:00:35:5c:1f:
                    a3:4c:3e:20:4d:f0:b1:b6:73:24:75:b0:31:4f:00:
                    b5:7f:9b:1b:a7:63:02:40:3d:b6:6b:75:15:4f:40:
                    3e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:73:FA:72:3E:DC:A6:09:66:86:EF:88:02:97:B0:CF:0A:EB:AB:F9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216182.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:c2::/48

    Signature Algorithm: sha256WithRSAEncryption
         7e:40:38:6b:a5:89:4e:60:39:2c:c2:a1:66:69:58:c8:40:bc:
         6f:cd:fe:1e:21:ee:a8:3a:cd:84:10:c3:4a:fe:81:a8:7f:58:
         b3:e1:50:bf:60:c2:45:11:a2:72:95:cc:f1:60:b5:0a:32:6b:
         54:d9:c1:d4:26:44:4b:fe:8d:7f:a1:9b:03:ab:42:ac:74:68:
         dd:bf:b7:57:34:ba:27:d2:5f:94:6a:c1:d9:07:0c:98:a4:5b:
         8e:c7:75:8d:c9:e2:8f:4a:b0:7b:c9:6f:2e:30:35:6b:21:8b:
         11:67:5e:83:07:28:44:26:87:02:2d:9b:e2:59:35:e0:32:6f:
         4e:6f:0c:f7:28:40:68:a3:bc:ec:d3:cd:67:24:1f:ea:7c:b5:
         1d:68:36:59:64:27:5f:8e:0b:df:4b:c5:ae:ca:6a:c0:63:9e:
         87:d0:42:fb:14:35:30:a2:27:03:cb:92:3e:e0:87:1e:3f:fe:
         e7:05:7c:5e:68:a5:b4:f1:57:67:d8:cc:b1:d3:c0:77:30:2f:
         4f:31:fc:a0:9e:17:b1:f5:c8:cf:b7:e4:00:3c:33:f1:ac:43:
         4c:80:5a:b4:05:19:96:36:e9:ec:68:1c:7c:72:62:4f:4e:9b:
         13:3c:e7:13:32:b6:d0:83:eb:06:c8:61:41:d4:85:91:5f:3b:
         1d:e9:46:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFBH/yvxgzH9GcrjISaWqeExuxEkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MTAxMDM3MDhaFw0yNjA4MDkxMDQyMDhaMDMxMTAvBgNV
BAMTKEIxNzNGQTcyM0VEQ0E2MDk2Njg2RUY4ODAyOTdCMENGMEFFQkFCRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDK7meDci/Bt5LPB8sCb6rISBdh
Tc+ou0ii5CA7qi+VP504dB8sPcNO/ny9Fn55LHpYULNia9Qk5mQnukBEnCqGENGw
/Vj6SmRbZ8k2O1EtTX2BufEKB2bUZ2N98U138GV4WvDQ+6Nb5uAq/vi8Yw6Hn1Pm
Rzo+8AjealpSc+x6tM23YGtjT7MY5tp0MeIm8XQlp0teeLAlxLFrIgytB2g2HNyt
KhyIq3vAYEnvn0EE0rRhnkLcqnXo7BDv7adqTnXA8GWhsPh2Fcjrb2pd797aPISM
sYg0cyKpLBb7ADVcH6NMPiBN8LG2cyR1sDFPALV/mxunYwJAPbZrdRVPQD7tAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsXP6cj7cpglmhu+IApewzwrrq/kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADCMA0GCSqGSIb3DQEBCwUAA4IBAQB+QDhrpYlOYDkswqFmaVjIQLxvzf4eIe6o
Os2EEMNK/oGof1iz4VC/YMJFEaJylczxYLUKMmtU2cHUJkRL/o1/oZsDq0KsdGjd
v7dXNLon0l+UasHZBwyYpFuOx3WNyeKPSrB7yW8uMDVrIYsRZ16DByhEJocCLZvi
WTXgMm9Obwz3KEBoo7zs081nJB/qfLUdaDZZZCdfjgvfS8WuymrAY56H0EL7FDUw
oicDy5I+4IceP/7nBXxeaKW08Vdn2Myx08B3MC9PMfygnhex9cjPt+QAPDPxrENM
gFq0BRmWNunsaBx8cmJPTpsTPOcTMrbQg+sGyGFB1IWRXzsd6Ubo
-----END CERTIFICATE-----