Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213413.roa
File:                     AS213413.roa (raw, json)
Hash identifier:          3c1hWasQ6oR47DW69BjOlhSzAR0ojanmFQMPMB1IhF4=
Subject key identifier:   3E:81:1D:D2:AD:CB:62:6D:82:02:98:C7:A5:C4:98:18:C8:D1:AF:DB
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       75C486C5BC16E9D1DAA4AF6B791E3ADFBFDE5096
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213413.roa
Signing time:             Sun 21 Sep 2025 10:44:21 +0000
ROA not before:           Sun 21 Sep 2025 10:39:21 +0000
ROA not after:            Sun 20 Sep 2026 10:44:21 +0000
asID:                     213413
IP address blocks:        2a14:7584:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:c4:86:c5:bc:16:e9:d1:da:a4:af:6b:79:1e:3a:df:bf:de:50:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep 21 10:39:21 2025 GMT
            Not After : Sep 20 10:44:21 2026 GMT
        Subject: CN=3E811DD2ADCB626D820298C7A5C49818C8D1AFDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:af:5f:19:22:05:34:50:a0:64:c9:d2:a8:
                    a4:c3:46:4c:53:fc:be:95:15:0e:bb:ed:93:af:3a:
                    39:f1:bb:dd:b2:02:69:64:1d:8c:d7:f6:f4:f4:46:
                    46:50:a1:b1:0b:20:63:25:7d:df:4a:91:14:6e:b2:
                    6d:62:3d:14:0c:a0:3d:49:ca:9e:c5:67:46:62:bd:
                    76:e7:ba:c9:07:d3:f8:15:30:2d:98:84:1d:ec:45:
                    2f:e3:80:7a:10:ee:16:fd:28:00:94:e2:11:be:3e:
                    dd:e5:5b:8b:4b:94:44:13:b3:03:9b:33:3e:17:2f:
                    18:77:33:09:81:8d:77:da:8f:2d:44:28:c0:92:d1:
                    08:50:bd:f2:47:55:6f:df:78:7d:46:6b:45:2b:8e:
                    d7:4b:7c:4c:60:68:66:1b:39:98:b2:98:b8:d7:d6:
                    c6:9f:e9:6b:2c:06:11:f9:93:c9:a7:dc:16:49:43:
                    a5:02:f5:99:47:31:a9:65:d8:da:9b:41:27:62:cb:
                    85:a7:df:86:18:fd:bf:07:08:c7:59:b0:83:f0:52:
                    81:e6:ee:a4:eb:74:a0:4f:f6:e5:99:4c:e1:a7:b4:
                    0e:ad:58:de:82:3d:b7:16:5d:1a:f3:9e:e7:1c:b0:
                    34:c2:95:71:b6:fd:cd:54:e4:32:21:4b:c3:0c:24:
                    45:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:81:1D:D2:AD:CB:62:6D:82:02:98:C7:A5:C4:98:18:C8:D1:AF:DB
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213413.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         0d:e4:a4:a2:cd:93:59:40:97:56:58:94:4a:5f:1c:30:6b:39:
         e6:bd:d1:d1:bb:79:25:6d:f9:e1:00:fc:4c:ef:3d:22:19:2c:
         3c:4d:cf:52:c6:60:a3:48:32:fb:78:1b:1a:53:13:41:0b:7f:
         29:fe:b6:03:c5:2f:50:e4:3d:3c:b2:00:62:c8:67:4a:d5:63:
         57:f9:09:70:34:f8:50:74:0e:0e:1a:e4:64:d7:bc:c3:06:3d:
         11:2e:84:fd:dc:a4:57:5d:89:3c:2f:a2:35:7f:63:b7:14:50:
         46:08:35:1d:0e:b3:81:d3:f3:54:7f:5c:ba:4d:70:2e:5d:0b:
         fe:e1:59:dc:ef:05:84:cd:48:97:6e:f3:dd:44:0c:16:eb:cd:
         03:d0:12:2f:4a:fb:66:41:46:70:9a:83:41:f3:8b:b2:84:30:
         b8:b6:ba:7e:64:9a:32:df:77:13:9a:fc:98:02:2f:f9:83:2d:
         da:b3:af:ec:b4:af:85:72:3e:c1:7b:ac:5e:9b:ac:ce:70:19:
         f7:06:0d:8a:87:bf:d8:c0:50:80:da:04:03:df:f3:8f:f1:17:
         83:e2:95:53:04:0c:1c:77:5b:cf:ca:e2:5e:57:51:84:8f:d8:
         34:53:cf:33:f9:3c:3c:64:20:fa:c0:d0:70:35:3a:48:0e:37:
         fa:58:76:7d
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUdcSGxbwW6dHapK9reR4637/eUJYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MjExMDM5MjFaFw0yNjA5MjAxMDQ0MjFaMDMxMTAvBgNV
BAMTKDNFODExREQyQURDQjYyNkQ4MjAyOThDN0E1QzQ5ODE4QzhEMUFGREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRK9fGSIFNFCgZMnSqKTDRkxT
/L6VFQ677ZOvOjnxu92yAmlkHYzX9vT0RkZQobELIGMlfd9KkRRusm1iPRQMoD1J
yp7FZ0ZivXbnuskH0/gVMC2YhB3sRS/jgHoQ7hb9KACU4hG+Pt3lW4tLlEQTswOb
Mz4XLxh3MwmBjXfajy1EKMCS0QhQvfJHVW/feH1Ga0UrjtdLfExgaGYbOZiymLjX
1saf6WssBhH5k8mn3BZJQ6UC9ZlHMall2NqbQSdiy4Wn34YY/b8HCMdZsIPwUoHm
7qTrdKBP9uWZTOGntA6tWN6CPbcWXRrznuccsDTClXG2/c1U5DIhS8MMJEU7AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUPoEd0q3LYm2CApjHpcSYGMjRr9swHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNDEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
hCAwDQYJKoZIhvcNAQELBQADggEBAA3kpKLNk1lAl1ZYlEpfHDBrOea90dG7eSVt
+eEA/EzvPSIZLDxNz1LGYKNIMvt4GxpTE0ELfyn+tgPFL1DkPTyyAGLIZ0rVY1f5
CXA0+FB0Dg4a5GTXvMMGPREuhP3cpFddiTwvojV/Y7cUUEYINR0Os4HT81R/XLpN
cC5dC/7hWdzvBYTNSJdu891EDBbrzQPQEi9K+2ZBRnCag0Hzi7KEMLi2un5kmjLf
dxOa/JgCL/mDLdqzr+y0r4VyPsF7rF6brM5wGfcGDYqHv9jAUIDaBAPf84/xF4Pi
lVMEDBx3W8/K4l5XUYSP2DRTzzP5PDxkIPrA0HA1OkgON/pYdn0=
-----END CERTIFICATE-----