Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213639.roa
File:                     AS213639.roa (raw, json)
Hash identifier:          WGnzvZqxwxdnzcgBlBX226TYBxbTWem0SAUgzOCR66I=
Subject key identifier:   BD:BF:72:59:73:5E:30:49:B1:47:95:3B:09:F7:CC:EF:A1:6D:AE:05
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5585815EC25CB7EB8A2E9369DF17F0080B1CB84C
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213639.roa
Signing time:             Sun 29 Jun 2025 06:01:19 +0000
ROA not before:           Sun 29 Jun 2025 05:56:19 +0000
ROA not after:            Sun 28 Jun 2026 06:01:19 +0000
asID:                     213639
IP address blocks:        178.95.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Jul 2025 15:47:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:85:81:5e:c2:5c:b7:eb:8a:2e:93:69:df:17:f0:08:0b:1c:b8:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 29 05:56:19 2025 GMT
            Not After : Jun 28 06:01:19 2026 GMT
        Subject: CN=BDBF7259735E3049B147953B09F7CCEFA16DAE05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:1e:f1:dd:56:f8:22:51:eb:4c:49:48:63:01:
                    a5:25:a3:60:49:15:fb:cd:0f:ae:a3:c2:96:1d:5c:
                    0d:f0:27:99:18:61:ac:bb:e3:c9:db:67:ec:e4:b4:
                    e7:ac:9c:a5:85:85:b5:9a:51:e1:fc:e6:18:66:41:
                    d4:70:35:5c:5c:4e:7e:9f:cf:32:be:a8:73:b4:c7:
                    84:09:30:be:23:2e:87:af:12:e1:92:14:88:c8:16:
                    74:55:f2:1e:26:d1:35:37:1c:a8:1b:53:4b:9f:25:
                    b4:b6:32:f6:48:40:81:6d:0e:cf:82:e4:7b:ae:d1:
                    97:1b:7c:e1:f8:b9:72:63:76:f0:48:b1:fb:12:ce:
                    b4:0d:5e:f8:69:a0:dc:de:9b:09:da:bb:f0:53:01:
                    b1:91:50:86:c7:5f:2e:f7:10:52:ef:20:73:62:c0:
                    a9:c8:51:46:8e:9e:8f:e6:a7:b2:15:d8:1f:2a:4e:
                    3d:df:2b:6f:7e:24:ec:5e:a2:29:ea:f8:b5:68:a6:
                    c4:74:01:d1:ea:70:08:c9:6f:34:5e:ec:d7:79:51:
                    70:2d:04:44:45:08:17:d7:64:fd:18:bc:f8:41:29:
                    a9:14:7c:9a:51:e4:db:20:14:6f:c1:d6:0d:10:f7:
                    b4:dc:bb:d0:f0:f0:a3:d5:da:e0:fe:89:15:dc:86:
                    e7:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:BF:72:59:73:5E:30:49:B1:47:95:3B:09:F7:CC:EF:A1:6D:AE:05
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213639.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:75:6e:58:4c:a8:ba:e5:20:e1:97:03:a3:97:b7:79:7f:1d:
         95:d8:05:08:4a:66:29:be:3c:eb:c7:f4:4b:ac:62:23:e3:df:
         40:96:6a:b2:c8:47:bb:59:f6:9c:57:a1:87:0c:1f:88:03:da:
         92:8b:64:cb:7d:c8:1b:3d:40:ae:a3:9e:d4:73:3b:60:3d:ae:
         85:6a:81:42:2c:ab:af:01:a1:d3:36:88:3d:4f:57:db:a5:c4:
         09:df:7b:86:df:61:f0:2c:e6:41:48:af:c1:fe:2d:6e:58:cc:
         0f:c7:d3:69:75:4d:4f:d1:da:0d:17:e7:32:52:51:27:84:2e:
         de:83:2c:ad:36:d0:e4:7a:5b:a2:60:5a:00:ae:e8:40:2f:ee:
         e4:c5:4d:b6:93:05:79:dc:8d:32:6a:a1:c9:70:f7:72:23:08:
         48:4b:48:0b:00:9f:b4:34:fe:7d:8c:ba:df:33:2d:3d:8c:94:
         26:7e:fb:46:7c:0d:a2:03:ea:6c:c0:c5:10:08:8d:e8:a1:fb:
         e3:77:27:b7:c2:56:32:83:a1:1f:a7:48:75:cf:e7:04:42:40:
         e1:83:4e:4a:d1:6c:e1:e1:71:09:c1:14:6d:27:6c:44:64:55:
         4a:7e:f3:ea:41:78:2c:b3:72:78:72:6b:00:c7:5d:e1:ba:c0:
         ae:04:d0:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVYWBXsJct+uKLpNp3xfwCAscuEwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjkwNTU2MTlaFw0yNjA2MjgwNjAxMTlaMDMxMTAvBgNV
BAMTKEJEQkY3MjU5NzM1RTMwNDlCMTQ3OTUzQjA5RjdDQ0VGQTE2REFFMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHvHdVvgiUetMSUhjAaUlo2BJ
FfvND66jwpYdXA3wJ5kYYay748nbZ+zktOesnKWFhbWaUeH85hhmQdRwNVxcTn6f
zzK+qHO0x4QJML4jLoevEuGSFIjIFnRV8h4m0TU3HKgbU0ufJbS2MvZIQIFtDs+C
5Huu0ZcbfOH4uXJjdvBIsfsSzrQNXvhpoNzemwnau/BTAbGRUIbHXy73EFLvIHNi
wKnIUUaOno/mp7IV2B8qTj3fK29+JOxeoinq+LVopsR0AdHqcAjJbzRe7Nd5UXAt
BERFCBfXZP0YvPhBKakUfJpR5NsgFG/B1g0Q97Tcu9Dw8KPV2uD+iRXchuc5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvb9yWXNeMEmxR5U7CffM76FtrgUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNjM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl+V
MA0GCSqGSIb3DQEBCwUAA4IBAQBldW5YTKi65SDhlwOjl7d5fx2V2AUISmYpvjzr
x/RLrGIj499AlmqyyEe7WfacV6GHDB+IA9qSi2TLfcgbPUCuo57UcztgPa6FaoFC
LKuvAaHTNog9T1fbpcQJ33uG32HwLOZBSK/B/i1uWMwPx9NpdU1P0doNF+cyUlEn
hC7egyytNtDkeluiYFoAruhAL+7kxU22kwV53I0yaqHJcPdyIwhIS0gLAJ+0NP59
jLrfMy09jJQmfvtGfA2iA+pswMUQCI3oofvjdye3wlYyg6Efp0h1z+cEQkDhg05K
0Wzh4XEJwRRtJ2xEZFVKfvPqQXgss3J4cmsAx13husCuBNA8
-----END CERTIFICATE-----