Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32167.roa
File:                     AS32167.roa (raw, json)
Hash identifier:          3uBG4Tcz+dJOLPET3piBH1vNgsqHm2so9ANx5ioqJ+0=
Subject key identifier:   E6:F9:FD:08:67:B5:19:58:90:E0:82:3F:E0:44:A5:18:3F:1B:8B:09
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6D6800D1A8D2ED527C821B472B8A2E554F0C3D58
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32167.roa
Signing time:             Fri 20 Jun 2025 16:25:00 +0000
ROA not before:           Fri 20 Jun 2025 16:20:00 +0000
ROA not after:            Fri 19 Jun 2026 16:25:00 +0000
asID:                     32167
IP address blocks:        2a13:9500:95::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:68:00:d1:a8:d2:ed:52:7c:82:1b:47:2b:8a:2e:55:4f:0c:3d:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 16:20:00 2025 GMT
            Not After : Jun 19 16:25:00 2026 GMT
        Subject: CN=E6F9FD0867B5195890E0823FE044A5183F1B8B09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:45:d6:be:0d:ee:be:82:23:cd:cf:20:ce:5a:
                    fc:f7:fc:96:ba:d9:21:01:e0:38:31:de:b1:ff:75:
                    c6:4c:d0:d6:b1:e8:7f:01:38:3b:71:bb:de:9f:51:
                    30:75:35:0f:76:c7:64:23:9c:7c:53:5e:50:17:e9:
                    ae:b3:f8:d2:05:f1:a6:3a:c6:19:77:48:82:af:de:
                    e6:3d:f5:24:5c:e6:44:d3:10:49:91:b4:69:6e:1e:
                    10:2d:30:e0:7c:20:db:f6:06:6c:74:b3:0b:b3:13:
                    00:5b:68:27:bf:2c:cb:75:72:8c:97:4b:b0:fa:46:
                    f2:af:ab:ab:c0:5a:3b:65:01:f7:a0:cc:c3:61:61:
                    bc:7c:0d:88:a0:22:f9:67:8b:e4:91:b6:88:5c:57:
                    22:19:72:19:67:15:37:6c:b7:27:99:b1:9a:f5:3d:
                    4c:79:5b:d1:be:96:19:cf:3c:29:19:6c:1a:c4:b2:
                    e1:50:fe:8f:e0:fe:9a:05:c4:25:cc:c9:46:a8:71:
                    d9:36:71:f6:0b:76:2c:e8:c7:0c:55:02:b2:3a:32:
                    d0:1d:fd:3c:d2:6a:50:9e:0b:6e:34:f0:a4:57:10:
                    3e:2f:3a:d9:3a:11:fd:05:03:3e:1e:40:6c:e8:b5:
                    ba:6e:54:27:14:ec:cd:46:19:6d:ad:ce:11:04:48:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:F9:FD:08:67:B5:19:58:90:E0:82:3F:E0:44:A5:18:3F:1B:8B:09
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS32167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:95::/48

    Signature Algorithm: sha256WithRSAEncryption
         09:c8:aa:92:eb:a9:16:5e:ab:aa:44:40:52:54:8c:58:26:f5:
         13:c6:79:2b:75:ab:6a:c8:d2:c3:06:54:04:4f:b2:11:2e:7c:
         fe:f9:43:c3:00:12:57:c0:84:43:a0:0e:dc:94:79:23:2c:a3:
         dd:9e:9f:1b:63:34:ed:eb:68:40:a2:4f:5d:3b:a6:3e:9a:ba:
         06:27:29:ac:72:9a:97:12:54:5c:e0:8a:95:3b:0d:8f:b5:93:
         22:cb:2c:af:8d:53:2f:22:ed:11:e1:c1:fa:50:dd:8e:ea:d6:
         a6:fa:5c:1f:f4:9d:a0:06:ef:07:73:36:90:19:d1:2f:a2:4c:
         1c:86:da:19:cd:37:64:d3:d2:8f:d9:e6:7a:75:85:10:d8:d7:
         1f:35:96:c6:0f:5d:f9:7f:bf:10:6e:e5:c7:23:0f:f4:77:02:
         2e:6e:d1:13:b0:ce:4d:43:03:6a:3b:3e:09:b2:b7:02:64:ef:
         5e:05:1f:9f:4c:c6:15:40:0e:c5:22:c5:1e:17:57:c1:0b:89:
         a5:0c:b0:bb:09:7e:a0:ab:d9:b8:82:a7:6d:2e:86:da:f3:fd:
         33:e1:5a:c2:8d:58:f2:18:5b:5b:33:c9:95:77:20:aa:4f:36:
         41:c7:e1:53:89:c4:3d:52:50:60:41:c3:8d:32:15:63:c1:24:
         17:10:a7:ee
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUbWgA0ajS7VJ8ghtHK4ouVU8MPVgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjAxNjIwMDBaFw0yNjA2MTkxNjI1MDBaMDMxMTAvBgNV
BAMTKEU2RjlGRDA4NjdCNTE5NTg5MEUwODIzRkUwNDRBNTE4M0YxQjhCMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDURda+De6+giPNzyDOWvz3/Ja6
2SEB4Dgx3rH/dcZM0Nax6H8BODtxu96fUTB1NQ92x2QjnHxTXlAX6a6z+NIF8aY6
xhl3SIKv3uY99SRc5kTTEEmRtGluHhAtMOB8INv2Bmx0swuzEwBbaCe/LMt1coyX
S7D6RvKvq6vAWjtlAfegzMNhYbx8DYigIvlni+SRtohcVyIZchlnFTdstyeZsZr1
PUx5W9G+lhnPPCkZbBrEsuFQ/o/g/poFxCXMyUaocdk2cfYLdizoxwxVArI6MtAd
/TzSalCeC2408KRXED4vOtk6Ef0FAz4eQGzotbpuVCcU7M1GGW2tzhEESOzxAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU5vn9CGe1GViQ4II/4ESlGD8biwkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzIxNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AJUwDQYJKoZIhvcNAQELBQADggEBAAnIqpLrqRZeq6pEQFJUjFgm9RPGeSt1q2rI
0sMGVARPshEufP75Q8MAElfAhEOgDtyUeSMso92enxtjNO3raECiT107pj6augYn
KaxympcSVFzgipU7DY+1kyLLLK+NUy8i7RHhwfpQ3Y7q1qb6XB/0naAG7wdzNpAZ
0S+iTByG2hnNN2TT0o/Z5np1hRDY1x81lsYPXfl/vxBu5ccjD/R3Ai5u0ROwzk1D
A2o7PgmytwJk714FH59MxhVADsUixR4XV8ELiaUMsLsJfqCr2biCp20uhtrz/TPh
WsKNWPIYW1szyZV3IKpPNkHH4VOJxD1SUGBBw40yFWPBJBcQp+4=
-----END CERTIFICATE-----