Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS984.roa
File:                     AS984.roa (raw, json)
Hash identifier:          ccEpMa4QSz2R1eq9MoE/ULYgXfRq6s7iBO/SP6xpjlc=
Subject key identifier:   43:35:D1:C4:4E:BD:2F:C3:09:ED:C0:66:3F:AC:14:D2:A6:6B:8C:E9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4D0471F3D04B90F7F114435D7510811DE9BC2E68
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS984.roa
Signing time:             Mon 23 Mar 2026 11:24:40 +0000
ROA not before:           Mon 23 Mar 2026 11:19:40 +0000
ROA not after:            Mon 22 Mar 2027 11:24:40 +0000
asID:                     984
IP address blocks:        2a13:9500:8c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:04:71:f3:d0:4b:90:f7:f1:14:43:5d:75:10:81:1d:e9:bc:2e:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 23 11:19:40 2026 GMT
            Not After : Mar 22 11:24:40 2027 GMT
        Subject: CN=4335D1C44EBD2FC309EDC0663FAC14D2A66B8CE9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1b:a2:e1:bc:23:c3:5f:aa:b1:86:4d:cd:d1:
                    f2:ef:9c:e9:47:23:04:98:83:12:06:4e:35:b4:2c:
                    4c:34:b8:96:d5:fc:d2:9c:cd:55:88:c5:56:ab:59:
                    fb:bc:a0:f2:dc:21:b7:d8:8c:01:27:2c:e5:2b:71:
                    ff:96:76:f6:c5:91:43:ab:cd:6e:6d:ce:0c:cc:4b:
                    2d:c6:7e:14:ee:2d:d5:3e:8c:8f:d3:8d:0e:63:58:
                    01:d4:e5:fa:0c:dc:39:1d:b6:68:d7:e9:96:0a:25:
                    74:8b:8d:3e:97:34:85:01:54:2e:7c:e6:bf:0b:9a:
                    1c:00:8e:1d:a4:fd:1a:a8:0c:6b:69:dd:b3:0e:82:
                    d5:62:24:fc:ac:dc:d1:86:d8:76:4a:b4:21:46:a4:
                    5b:9b:21:77:8c:15:da:1f:c7:a3:c5:88:ea:4c:fe:
                    ad:00:7a:81:ff:14:14:e5:35:70:34:0f:b3:e9:9c:
                    4a:2d:f2:f7:13:e6:c2:5d:78:b6:12:b1:90:b1:45:
                    27:67:7a:77:4a:dd:67:58:ea:aa:51:b7:41:39:ff:
                    c7:e2:bb:14:2d:21:12:3d:91:83:a4:57:0f:05:a0:
                    9d:45:8d:4a:cf:1d:a7:9e:cf:1a:2a:01:65:48:91:
                    ac:1e:23:e8:e4:83:a1:fe:5b:11:70:9f:f1:56:6b:
                    13:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:35:D1:C4:4E:BD:2F:C3:09:ED:C0:66:3F:AC:14:D2:A6:6B:8C:E9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8c::/48

    Signature Algorithm: sha256WithRSAEncryption
         1e:57:d6:c7:5d:6e:a4:05:12:b1:62:74:2c:1e:e0:86:6e:a9:
         5d:49:34:aa:4b:4c:29:4a:a4:47:d0:a8:ea:cb:f8:13:cd:a1:
         89:aa:cd:32:3f:be:06:e5:95:99:30:f0:fd:5a:97:79:ff:0d:
         ca:c3:ff:12:2a:f7:0d:60:43:47:98:0c:9a:be:0d:e3:4b:ed:
         fb:93:95:46:c4:89:3e:4f:80:2d:fd:eb:6e:ff:70:f1:b7:40:
         bd:26:36:79:d5:9f:82:cb:4b:b8:fa:75:be:a4:0d:92:5a:ea:
         8d:8a:55:e2:ec:13:d0:08:a0:05:e8:15:16:44:95:24:36:2f:
         f0:fa:ee:2f:d7:ec:9c:9a:8e:bd:19:8d:2c:14:9d:01:36:9d:
         92:78:6a:60:28:26:ba:65:40:3e:b9:36:6d:5a:41:eb:94:10:
         c2:3c:67:4e:f7:e0:f4:ff:26:d9:0b:db:64:2b:32:d7:3d:3d:
         4e:5b:3e:61:94:7e:d2:48:e0:22:07:c3:00:af:b4:bc:ea:79:
         b1:77:98:8b:35:24:a6:12:07:11:d6:03:58:3f:8b:7e:8f:12:
         02:78:98:e3:36:d3:d6:ee:3d:17:fc:65:ab:b7:70:b4:c9:bb:
         d3:f2:e5:a9:c4:50:ac:79:40:c3:55:ed:3f:1a:81:86:8b:a6:
         2b:52:eb:ff
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTQRx89BLkPfxFENddRCBHem8LmgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjMxMTE5NDBaFw0yNzAzMjIxMTI0NDBaMDMxMTAvBgNV
BAMTKDQzMzVEMUM0NEVCRDJGQzMwOUVEQzA2NjNGQUMxNEQyQTY2QjhDRTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbG6LhvCPDX6qxhk3N0fLvnOlH
IwSYgxIGTjW0LEw0uJbV/NKczVWIxVarWfu8oPLcIbfYjAEnLOUrcf+WdvbFkUOr
zW5tzgzMSy3GfhTuLdU+jI/TjQ5jWAHU5foM3DkdtmjX6ZYKJXSLjT6XNIUBVC58
5r8LmhwAjh2k/RqoDGtp3bMOgtViJPys3NGG2HZKtCFGpFubIXeMFdofx6PFiOpM
/q0AeoH/FBTlNXA0D7PpnEot8vcT5sJdeLYSsZCxRSdnendK3WdY6qpRt0E5/8fi
uxQtIRI9kYOkVw8FoJ1FjUrPHaeezxoqAWVIkaweI+jkg6H+WxFwn/FWaxNBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQzXRxE69L8MJ7cBmP6wU0qZrjOkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTOTg0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOVAACM
MA0GCSqGSIb3DQEBCwUAA4IBAQAeV9bHXW6kBRKxYnQsHuCGbqldSTSqS0wpSqRH
0Kjqy/gTzaGJqs0yP74G5ZWZMPD9Wpd5/w3Kw/8SKvcNYENHmAyavg3jS+37k5VG
xIk+T4At/etu/3Dxt0C9JjZ51Z+Cy0u4+nW+pA2SWuqNilXi7BPQCKAF6BUWRJUk
Ni/w+u4v1+ycmo69GY0sFJ0BNp2SeGpgKCa6ZUA+uTZtWkHrlBDCPGdO9+D0/ybZ
C9tkKzLXPT1OWz5hlH7SSOAiB8MAr7S86nmxd5iLNSSmEgcR1gNYP4t+jxICeJjj
NtPW7j0X/GWrt3C0ybvT8uWpxFCseUDDVe0/GoGGi6YrUuv/
-----END CERTIFICATE-----