Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213243.roa
File:                     AS213243.roa (raw, json)
Hash identifier:          8TWfr2uFIMti9Z/+JDbd65lQmEioIlpyzGbGS9thmvo=
Subject key identifier:   8D:6A:03:D0:17:E3:93:08:8F:BB:5E:04:97:39:65:7F:C6:66:27:A9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6527B42108DB99FA260AAB15E8AA0850441C598F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213243.roa
Signing time:             Sat 13 Sep 2025 02:23:03 +0000
ROA not before:           Sat 13 Sep 2025 02:18:03 +0000
ROA not after:            Sat 12 Sep 2026 02:23:03 +0000
asID:                     213243
IP address blocks:        2a0f:85c1:ba6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:27:b4:21:08:db:99:fa:26:0a:ab:15:e8:aa:08:50:44:1c:59:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 13 02:18:03 2025 GMT
            Not After : Sep 12 02:23:03 2026 GMT
        Subject: CN=8D6A03D017E393088FBB5E049739657FC66627A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6b:ec:bc:bc:61:7e:50:9e:4b:a3:15:7c:98:
                    3d:8f:23:0c:2c:73:e0:b2:3d:ad:be:f7:c9:b8:15:
                    a6:b4:6d:9d:ca:99:9b:9c:95:5a:99:a4:0a:8e:1e:
                    e3:ea:cf:59:60:a1:ef:82:65:d7:90:eb:59:97:8c:
                    b0:7c:f8:5f:9d:24:4f:c7:dc:4e:23:25:13:05:3d:
                    d2:9d:40:9e:a5:66:b8:e0:4d:d3:50:f7:16:11:ad:
                    1e:c9:26:10:c8:f4:49:22:fb:52:c7:4c:d1:53:60:
                    7c:93:b7:4e:f1:9a:da:e0:b9:53:ab:8e:32:2a:9a:
                    b9:3b:2c:34:1f:90:0e:e3:35:81:0c:a7:44:b9:35:
                    d0:fc:0a:a4:02:bb:93:b2:d7:2d:63:01:6d:61:fe:
                    a6:da:eb:4e:e3:83:ff:df:36:9d:65:9f:ca:50:4f:
                    b8:2e:23:33:e7:da:fd:ed:56:c7:61:13:44:05:50:
                    ae:07:98:40:ce:a0:6b:34:cc:ab:9d:b1:bf:47:fa:
                    0c:88:03:d6:eb:f3:ee:92:0f:82:38:a5:5d:d7:cd:
                    07:e4:f1:cb:d5:4b:21:f4:b5:bd:80:02:d1:4f:30:
                    3d:ed:14:7f:e8:b7:d4:2f:ac:9c:e6:d4:00:c9:15:
                    35:51:e8:c2:57:2c:a0:9e:d2:0d:61:64:b7:62:b5:
                    dd:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:6A:03:D0:17:E3:93:08:8F:BB:5E:04:97:39:65:7F:C6:66:27:A9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213243.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:ba6::/48

    Signature Algorithm: sha256WithRSAEncryption
         bb:31:f7:58:43:3c:f7:b0:48:9f:6d:65:1f:49:ff:87:57:6f:
         a2:81:73:be:48:c0:49:67:19:20:8b:de:63:85:63:9a:e8:70:
         02:9e:0f:be:92:49:ed:55:7d:89:a1:c9:57:84:b3:ac:23:e3:
         f7:57:5a:b8:9d:5e:04:9d:3a:f2:8d:6e:80:e8:22:18:70:71:
         3c:03:eb:88:8a:83:2a:00:cc:5f:07:e4:63:4c:4d:4f:eb:e8:
         ee:db:a8:3f:83:48:63:e0:e7:65:ac:f1:d7:c6:a5:d1:9e:d0:
         11:1c:3c:05:90:a4:1c:29:27:07:c9:27:52:10:6f:29:e0:cc:
         73:0b:7a:fb:f2:f5:df:86:c1:19:18:2f:75:b4:70:a8:06:f9:
         11:53:44:bd:b8:79:11:30:4e:17:27:2b:23:00:a7:95:b8:d7:
         2e:90:0e:8a:bd:2a:f4:f6:df:d4:40:67:70:b7:e9:1f:5e:0b:
         f9:ae:2f:d0:ec:a3:b7:22:05:a0:db:9c:47:47:d1:85:e0:b0:
         f6:9b:af:f7:2f:da:9f:4e:5c:6c:d0:de:29:05:de:1a:22:6b:
         ed:1c:d4:51:0c:f5:23:95:60:f2:a6:dc:03:e9:d8:86:ce:a2:
         ad:88:5c:4a:e4:11:cf:35:79:2c:bc:90:4c:75:80:45:30:f9:
         fc:d2:b1:74
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZSe0IQjbmfomCqsV6KoIUEQcWY8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTMwMjE4MDNaFw0yNjA5MTIwMjIzMDNaMDMxMTAvBgNV
BAMTKDhENkEwM0QwMTdFMzkzMDg4RkJCNUUwNDk3Mzk2NTdGQzY2NjI3QTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVa+y8vGF+UJ5LoxV8mD2PIwws
c+CyPa2+98m4Faa0bZ3KmZuclVqZpAqOHuPqz1lgoe+CZdeQ61mXjLB8+F+dJE/H
3E4jJRMFPdKdQJ6lZrjgTdNQ9xYRrR7JJhDI9Eki+1LHTNFTYHyTt07xmtrguVOr
jjIqmrk7LDQfkA7jNYEMp0S5NdD8CqQCu5Oy1y1jAW1h/qba607jg//fNp1ln8pQ
T7guIzPn2v3tVsdhE0QFUK4HmEDOoGs0zKudsb9H+gyIA9br8+6SD4I4pV3XzQfk
8cvVSyH0tb2AAtFPMD3tFH/ot9QvrJzm1ADJFTVR6MJXLKCe0g1hZLditd3xAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUjWoD0BfjkwiPu14Elzllf8ZmJ6kwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzMjQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQumMA0GCSqGSIb3DQEBCwUAA4IBAQC7MfdYQzz3sEifbWUfSf+HV2+igXO+SMBJ
Zxkgi95jhWOa6HACng++kkntVX2JoclXhLOsI+P3V1q4nV4EnTryjW6A6CIYcHE8
A+uIioMqAMxfB+RjTE1P6+ju26g/g0hj4OdlrPHXxqXRntARHDwFkKQcKScHySdS
EG8p4MxzC3r78vXfhsEZGC91tHCoBvkRU0S9uHkRME4XJysjAKeVuNcukA6KvSr0
9t/UQGdwt+kfXgv5ri/Q7KO3IgWg25xHR9GF4LD2m6/3L9qfTlxs0N4pBd4aImvt
HNRRDPUjlWDyptwD6diGzqKtiFxK5BHPNXksvJBMdYBFMPn80rF0
-----END CERTIFICATE-----