Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa
File:                     AS213977.roa (raw, json)
Hash identifier:          6ADRzSDMtq0UYuWTyIemXTsLLW64ep+UXsSJd5O24/o=
Subject key identifier:   E1:D7:A6:59:73:62:67:B4:DF:55:54:0B:1A:0D:B8:0D:36:BB:58:E0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       739FDDA08C8765ADE834408CD9410C75E2A75674
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa
Signing time:             Thu 09 Oct 2025 19:07:56 +0000
ROA not before:           Thu 09 Oct 2025 19:02:56 +0000
ROA not after:            Thu 08 Oct 2026 19:07:56 +0000
asID:                     213977
IP address blocks:        2a0f:85c1:8c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:9f:dd:a0:8c:87:65:ad:e8:34:40:8c:d9:41:0c:75:e2:a7:56:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct  9 19:02:56 2025 GMT
            Not After : Oct  8 19:07:56 2026 GMT
        Subject: CN=E1D7A659736267B4DF55540B1A0DB80D36BB58E0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:91:5d:1e:c6:41:66:36:c9:a1:02:ed:0b:dd:
                    2f:50:c8:a2:c1:1a:0b:05:b7:05:ef:6c:89:06:44:
                    95:43:39:a5:6f:79:1c:d1:03:93:26:6c:7a:32:63:
                    8a:0d:01:9e:85:a5:49:64:49:a2:c8:80:58:e7:63:
                    da:c9:50:a0:c2:46:27:0b:fc:be:7a:af:6d:73:29:
                    9a:21:e2:7b:71:62:1c:27:79:17:fe:60:41:ed:37:
                    bd:dd:c5:df:7e:82:20:9b:30:d6:88:e2:1f:2a:08:
                    fb:58:18:ee:3f:c7:75:ed:f9:37:41:8b:57:f4:70:
                    97:e1:3b:d6:5b:1a:6c:82:a8:e7:c3:f6:45:9d:4b:
                    01:7b:40:0c:9f:79:dc:7a:2e:d3:60:42:4b:22:47:
                    05:84:6e:29:91:7e:7e:52:11:53:a3:be:32:85:8f:
                    68:61:47:e4:52:b0:76:7e:74:74:5c:3f:20:13:7f:
                    fd:85:0a:6d:c3:0f:e5:86:88:d3:5d:49:7a:9c:40:
                    47:8f:bf:38:8f:fa:93:12:50:2f:c9:b6:4f:f9:ef:
                    23:09:cc:2b:5a:4d:a1:6c:67:ee:92:e2:fb:05:27:
                    74:ab:62:17:f8:f2:81:bb:8f:bb:c0:22:19:49:fc:
                    ee:94:86:57:72:c7:da:ae:27:ef:5f:5e:d9:36:6b:
                    71:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:D7:A6:59:73:62:67:B4:DF:55:54:0B:1A:0D:B8:0D:36:BB:58:E0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213977.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         b3:2f:f0:88:8c:e4:12:02:58:f6:16:95:5b:82:09:26:bc:8e:
         98:87:d5:2a:7c:00:6c:7d:d1:c5:c0:db:60:5d:c7:11:bb:d3:
         52:1d:72:12:89:32:e3:65:19:dc:94:34:e5:84:6d:26:13:36:
         3f:61:85:f6:45:8e:3b:84:e9:e6:1b:aa:41:f2:6c:75:95:a2:
         d3:d8:27:de:69:01:69:b5:9b:8e:f3:b6:c8:87:c7:2e:72:4d:
         59:01:61:c1:df:69:6d:3f:a8:1a:13:7c:35:dc:11:4f:1a:eb:
         ef:b3:28:1b:6e:e5:0d:26:7c:27:2e:40:c5:f7:90:8b:94:f2:
         b5:c3:5c:cf:78:0e:83:64:db:6a:48:1c:77:fe:82:5d:d7:24:
         d0:ba:4e:49:6d:d5:34:45:46:43:8b:88:84:75:71:2f:8b:8a:
         34:f8:94:88:32:13:aa:4f:aa:83:e1:32:3f:0b:fb:1b:e1:82:
         c6:5a:83:af:4b:1e:14:78:6a:2f:d5:a8:c6:16:a6:74:ae:6c:
         5f:4d:d8:86:48:0c:50:a7:ad:19:56:2a:63:85:1c:44:7d:a0:
         43:10:c0:13:06:be:d2:ad:5a:42:9f:71:8a:20:fd:45:a4:6b:
         98:19:79:d6:02:a3:9a:c4:78:91:cb:b8:2c:5d:a9:2f:a4:85:
         67:1a:d7:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUc5/doIyHZa3oNECM2UEMdeKnVnQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMDkxOTAyNTZaFw0yNjEwMDgxOTA3NTZaMDMxMTAvBgNV
BAMTKEUxRDdBNjU5NzM2MjY3QjRERjU1NTQwQjFBMERCODBEMzZCQjU4RTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWkV0exkFmNsmhAu0L3S9QyKLB
GgsFtwXvbIkGRJVDOaVveRzRA5MmbHoyY4oNAZ6FpUlkSaLIgFjnY9rJUKDCRicL
/L56r21zKZoh4ntxYhwneRf+YEHtN73dxd9+giCbMNaI4h8qCPtYGO4/x3Xt+TdB
i1f0cJfhO9ZbGmyCqOfD9kWdSwF7QAyfedx6LtNgQksiRwWEbimRfn5SEVOjvjKF
j2hhR+RSsHZ+dHRcPyATf/2FCm3DD+WGiNNdSXqcQEePvziP+pMSUC/Jtk/57yMJ
zCtaTaFsZ+6S4vsFJ3SrYhf48oG7j7vAIhlJ/O6Uhldyx9quJ+9fXtk2a3GlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4demWXNiZ7TfVVQLGg24DTa7WOAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzOTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQjBMA0GCSqGSIb3DQEBCwUAA4IBAQCzL/CIjOQSAlj2FpVbggkmvI6Yh9UqfABs
fdHFwNtgXccRu9NSHXISiTLjZRnclDTlhG0mEzY/YYX2RY47hOnmG6pB8mx1laLT
2CfeaQFptZuO87bIh8cuck1ZAWHB32ltP6gaE3w13BFPGuvvsygbbuUNJnwnLkDF
95CLlPK1w1zPeA6DZNtqSBx3/oJd1yTQuk5JbdU0RUZDi4iEdXEvi4o0+JSIMhOq
T6qD4TI/C/sb4YLGWoOvSx4UeGov1ajGFqZ0rmxfTdiGSAxQp60ZVipjhRxEfaBD
EMATBr7SrVpCn3GKIP1FpGuYGXnWAqOaxHiRy7gsXakvpIVnGtcs
-----END CERTIFICATE-----