Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44947.roa
File:                     AS44947.roa (raw, json)
Hash identifier:          S5JESySTraEQURy50g7tCHAg8MEbf1mMEd+fHFfy2xE=
Subject key identifier:   5C:8C:E3:7D:70:2A:7C:AE:27:1F:B4:27:20:D7:22:B6:D9:4C:4F:81
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       101F6C2B4854F62DB0CFABC303271BBBAA3117FB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44947.roa
Signing time:             Sat 28 Jun 2025 07:09:31 +0000
ROA not before:           Sat 28 Jun 2025 07:04:31 +0000
ROA not after:            Sat 27 Jun 2026 07:09:31 +0000
asID:                     44947
IP address blocks:        2a13:9500:9a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:1f:6c:2b:48:54:f6:2d:b0:cf:ab:c3:03:27:1b:bb:aa:31:17:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 28 07:04:31 2025 GMT
            Not After : Jun 27 07:09:31 2026 GMT
        Subject: CN=5C8CE37D702A7CAE271FB42720D722B6D94C4F81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f5:d2:8b:99:8e:f5:e9:f1:3e:86:78:4e:de:
                    d6:40:e2:6e:1d:0a:37:91:d8:ad:a6:79:b1:65:6f:
                    55:8e:b7:5e:eb:07:73:ab:db:a2:50:e1:1d:94:b4:
                    27:43:06:4f:c0:b2:26:06:c1:32:a3:24:2e:a2:36:
                    f1:bb:ff:e2:80:b9:a4:41:b9:3e:83:82:50:12:57:
                    cb:2a:ab:1b:a3:f0:38:0b:e2:92:b6:bd:ee:86:d7:
                    ab:f3:ce:f5:9b:23:e8:e0:f1:77:cb:5c:95:95:5e:
                    e7:cf:c3:63:9f:81:20:ec:48:d9:69:67:70:2a:ea:
                    92:80:7c:46:98:86:84:f0:bf:bb:c0:e2:2e:fa:a9:
                    93:3e:9d:f9:59:8a:c6:4b:b9:d4:ae:76:48:35:e8:
                    7e:e0:9c:47:73:99:02:5d:bc:f4:28:61:9a:c0:78:
                    9e:7b:e5:40:e4:6e:62:46:ac:27:28:2e:31:ab:15:
                    29:30:d6:79:02:f7:2e:66:5f:a1:85:5b:cb:65:c3:
                    28:ab:6a:90:83:3a:73:1b:5c:44:8a:b6:cc:70:28:
                    35:d0:49:87:d0:e4:5e:8e:c1:8a:32:9e:e1:a5:dd:
                    e9:2a:2d:10:89:35:1d:87:bc:cb:2b:86:cb:a2:39:
                    03:3c:2c:28:ab:93:9c:a2:04:3d:20:df:e6:c1:1f:
                    d8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:8C:E3:7D:70:2A:7C:AE:27:1F:B4:27:20:D7:22:B6:D9:4C:4F:81
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9a::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:8f:94:51:11:97:b6:58:26:07:cd:50:43:90:4d:4b:d4:e9:
         d9:5d:76:4f:ba:2c:56:c8:8a:3a:2a:9e:f9:3a:76:d4:94:5d:
         cf:31:6f:55:97:a8:00:a9:43:c4:a1:cf:26:11:c0:9a:14:56:
         f8:f7:22:5f:fe:49:5d:d8:27:12:d8:a5:d1:26:fc:33:b6:98:
         41:90:9d:11:a2:3a:56:2d:94:35:33:2f:30:29:ff:30:f4:7a:
         bd:7b:ee:01:19:86:27:71:ef:87:ad:9b:ac:e4:fd:db:13:06:
         ef:f5:7a:98:1e:c7:9a:9d:6e:28:d9:08:a3:52:49:ec:bb:91:
         bd:f9:fa:0a:b4:38:73:21:20:38:06:4b:93:2e:9a:8e:bc:2b:
         cf:57:19:8b:f7:27:1a:6f:5f:a9:dd:7f:62:0a:b3:9a:a0:52:
         89:5e:0c:e1:8a:c5:f3:6c:1d:c9:55:e9:56:b5:03:e6:4b:88:
         e2:0b:94:5e:8c:7e:95:6d:bc:5d:e2:61:53:9a:ef:5d:77:f6:
         e9:27:94:aa:b4:59:60:46:d4:6d:88:71:ec:8b:17:81:ac:4c:
         1b:05:cc:bc:b0:f4:29:eb:95:31:ba:e2:c8:dd:d5:33:04:66:
         2a:b2:77:0b:59:90:94:f4:7d:bf:e2:87:79:92:0e:52:ca:5a:
         6b:4b:2a:7b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUEB9sK0hU9i2wz6vDAycbu6oxF/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjgwNzA0MzFaFw0yNjA2MjcwNzA5MzFaMDMxMTAvBgNV
BAMTKDVDOENFMzdENzAyQTdDQUUyNzFGQjQyNzIwRDcyMkI2RDk0QzRGODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt9dKLmY716fE+hnhO3tZA4m4d
CjeR2K2mebFlb1WOt17rB3Or26JQ4R2UtCdDBk/AsiYGwTKjJC6iNvG7/+KAuaRB
uT6DglASV8sqqxuj8DgL4pK2ve6G16vzzvWbI+jg8XfLXJWVXufPw2OfgSDsSNlp
Z3Aq6pKAfEaYhoTwv7vA4i76qZM+nflZisZLudSudkg16H7gnEdzmQJdvPQoYZrA
eJ575UDkbmJGrCcoLjGrFSkw1nkC9y5mX6GFW8tlwyirapCDOnMbXESKtsxwKDXQ
SYfQ5F6OwYoynuGl3ekqLRCJNR2HvMsrhsuiOQM8LCirk5yiBD0g3+bBH9gJAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUXIzjfXAqfK4nH7QnINcittlMT4EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDQ5NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AJowDQYJKoZIhvcNAQELBQADggEBADWPlFERl7ZYJgfNUEOQTUvU6dlddk+6LFbI
ijoqnvk6dtSUXc8xb1WXqACpQ8ShzyYRwJoUVvj3Il/+SV3YJxLYpdEm/DO2mEGQ
nRGiOlYtlDUzLzAp/zD0er177gEZhidx74etm6zk/dsTBu/1epgex5qdbijZCKNS
Sey7kb35+gq0OHMhIDgGS5Mumo68K89XGYv3JxpvX6ndf2IKs5qgUoleDOGKxfNs
HclV6Va1A+ZLiOILlF6MfpVtvF3iYVOa71139uknlKq0WWBG1G2IceyLF4GsTBsF
zLyw9CnrlTG64sjd1TMEZiqydwtZkJT0fb/ih3mSDlLKWmtLKns=
-----END CERTIFICATE-----