Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213036.roa
File:                     AS213036.roa (raw, json)
Hash identifier:          3ETG65xoXeLK6q6hRwbw6hnf6GOrVqBY36i1SMdyFw8=
Subject key identifier:   B0:9D:5A:FC:B3:B2:1F:38:C2:1C:0A:C6:8F:60:B5:43:6A:32:DD:9F
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       39CF23F8804253FD9462CCB8224863B651C1C37E
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213036.roa
Signing time:             Sat 13 Sep 2025 02:23:10 +0000
ROA not before:           Sat 13 Sep 2025 02:18:10 +0000
ROA not after:            Sat 12 Sep 2026 02:23:10 +0000
asID:                     213036
IP address blocks:        2a0f:85c1:d41::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:cf:23:f8:80:42:53:fd:94:62:cc:b8:22:48:63:b6:51:c1:c3:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 13 02:18:10 2025 GMT
            Not After : Sep 12 02:23:10 2026 GMT
        Subject: CN=B09D5AFCB3B21F38C21C0AC68F60B5436A32DD9F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:5a:6f:c8:87:9c:dc:d5:bd:d5:c9:40:ff:af:
                    7b:a8:c5:53:fc:4b:41:78:44:8d:2c:5b:17:b9:43:
                    a5:54:6f:6e:84:07:30:79:e0:8a:cd:1f:44:14:18:
                    d0:d2:bd:ab:e1:ea:93:ab:81:43:28:95:f8:72:4c:
                    5d:d8:69:04:88:f3:4e:e8:4d:36:8b:70:7b:ff:1d:
                    94:eb:4a:4c:5a:c3:e7:6e:a0:89:14:8f:9e:dd:53:
                    28:df:c6:e2:0f:f2:6c:8e:73:ba:ac:ee:61:f4:82:
                    c7:23:83:52:88:50:97:5d:52:30:c9:92:9b:77:8d:
                    8d:c5:31:ca:72:56:a7:ce:f1:38:ea:2a:8a:09:4b:
                    8b:86:83:90:bc:16:f6:36:41:81:e6:e2:98:ee:d8:
                    76:4a:ad:40:81:14:c5:ee:da:8a:c9:5c:f2:5d:22:
                    ec:3e:2b:50:3c:3b:dc:70:d6:6b:a8:93:74:25:6d:
                    71:ce:e4:4f:1d:20:1e:40:58:90:f6:aa:50:a5:ce:
                    7d:c7:94:34:71:bd:b0:ca:45:ab:2d:48:1d:0c:9e:
                    b6:54:42:08:75:11:68:b2:62:4e:c7:80:1a:2f:21:
                    18:e1:e7:b7:6b:5e:f4:cb:79:e0:6d:aa:40:4b:30:
                    6c:1a:3b:30:06:4e:40:85:c9:9a:7a:cd:7e:0b:ef:
                    15:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:9D:5A:FC:B3:B2:1F:38:C2:1C:0A:C6:8F:60:B5:43:6A:32:DD:9F
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213036.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d41::/48

    Signature Algorithm: sha256WithRSAEncryption
         1b:8a:de:69:f1:72:49:f9:b5:27:c7:12:64:3f:6a:45:d1:07:
         d8:b6:ef:22:72:6b:e6:68:81:af:4e:2b:a3:61:c1:5d:02:bf:
         7e:24:31:1d:fc:d6:96:e3:f1:82:3e:d3:fb:b6:26:ea:ab:99:
         8d:46:d0:c5:47:66:42:66:96:bd:14:49:41:d3:af:71:e3:fe:
         97:45:f9:ca:db:10:5d:ff:08:19:4e:64:5c:ef:ba:94:20:38:
         64:32:44:15:8f:ce:6a:cf:9d:d9:90:40:97:c2:a0:1a:13:f5:
         98:f6:df:8b:d9:b3:59:2c:af:f1:3c:bd:c6:7c:ac:05:ac:63:
         25:68:ba:eb:33:02:91:8e:be:75:84:89:f7:29:58:03:88:23:
         03:e8:c4:6b:18:d3:d1:95:38:df:f6:91:26:ff:c7:94:82:f9:
         7a:0e:c7:2a:24:3a:be:0c:1b:fe:73:0b:0b:dc:a4:82:cc:1b:
         9e:9c:e2:c2:73:90:1e:79:48:3d:d6:91:79:97:99:e2:85:07:
         f4:d1:5f:c0:fb:6e:d8:1a:7e:91:5c:cd:8a:98:b5:74:9c:10:
         a4:8f:b8:f9:1f:ba:33:76:fb:f1:5a:dd:0f:a8:d5:7d:f3:65:
         86:12:7a:54:ba:b4:12:ea:e5:23:7d:bc:bd:a2:6a:55:d4:44:
         4e:d6:0d:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOc8j+IBCU/2UYsy4IkhjtlHBw34wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTMwMjE4MTBaFw0yNjA5MTIwMjIzMTBaMDMxMTAvBgNV
BAMTKEIwOUQ1QUZDQjNCMjFGMzhDMjFDMEFDNjhGNjBCNTQzNkEzMkREOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Wm/Ih5zc1b3VyUD/r3uoxVP8
S0F4RI0sWxe5Q6VUb26EBzB54IrNH0QUGNDSvavh6pOrgUMolfhyTF3YaQSI807o
TTaLcHv/HZTrSkxaw+duoIkUj57dUyjfxuIP8myOc7qs7mH0gscjg1KIUJddUjDJ
kpt3jY3FMcpyVqfO8TjqKooJS4uGg5C8FvY2QYHm4pju2HZKrUCBFMXu2orJXPJd
Iuw+K1A8O9xw1muok3QlbXHO5E8dIB5AWJD2qlClzn3HlDRxvbDKRastSB0MnrZU
Qgh1EWiyYk7HgBovIRjh57drXvTLeeBtqkBLMGwaOzAGTkCFyZp6zX4L7xXxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsJ1a/LOyHzjCHArGj2C1Q2oy3Z8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzMDM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1BMA0GCSqGSIb3DQEBCwUAA4IBAQAbit5p8XJJ+bUnxxJkP2pF0QfYtu8icmvm
aIGvTiujYcFdAr9+JDEd/NaW4/GCPtP7tibqq5mNRtDFR2ZCZpa9FElB069x4/6X
RfnK2xBd/wgZTmRc77qUIDhkMkQVj85qz53ZkECXwqAaE/WY9t+L2bNZLK/xPL3G
fKwFrGMlaLrrMwKRjr51hIn3KVgDiCMD6MRrGNPRlTjf9pEm/8eUgvl6DscqJDq+
DBv+cwsL3KSCzBuenOLCc5AeeUg91pF5l5nihQf00V/A+27YGn6RXM2KmLV0nBCk
j7j5H7ozdvvxWt0PqNV982WGEnpUurQS6uUjfby9ompV1ERO1g21
-----END CERTIFICATE-----