Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138997.roa
File:                     AS138997.roa (raw, json)
Hash identifier:          euwoRwvSAwlCRwTh3pm2spjO4sMP1t/fgPzkPBkmvl8=
Subject key identifier:   60:B2:96:B3:E0:0B:B8:62:4C:85:4E:A4:53:25:E7:4E:62:2F:99:26
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       58C2849E9ABED6C807660B7DE24E4EFC8CE0370D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138997.roa
Signing time:             Mon 14 Jul 2025 11:30:27 +0000
ROA not before:           Mon 14 Jul 2025 11:25:27 +0000
ROA not after:            Mon 13 Jul 2026 11:30:27 +0000
asID:                     138997
IP address blocks:        2a13:9500:ad::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:c2:84:9e:9a:be:d6:c8:07:66:0b:7d:e2:4e:4e:fc:8c:e0:37:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 14 11:25:27 2025 GMT
            Not After : Jul 13 11:30:27 2026 GMT
        Subject: CN=60B296B3E00BB8624C854EA45325E74E622F9926
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:fb:33:f9:a6:03:09:91:81:ed:78:8a:28:50:
                    d5:45:1c:7d:d1:36:e2:48:d7:4c:fb:10:3f:3f:e1:
                    60:26:74:1f:d1:09:a8:28:28:1d:41:c2:e2:9c:86:
                    1d:31:62:0c:41:67:76:61:f5:7a:08:b0:8e:1c:44:
                    88:82:a5:e6:1a:c3:05:0a:4c:5d:59:8a:65:c9:b4:
                    70:3a:0c:b4:be:39:d5:a7:e5:1f:03:0f:f2:74:16:
                    b6:61:b5:85:94:96:1e:85:8e:48:97:24:2f:72:0f:
                    82:24:dd:b0:2e:02:10:5a:b6:be:bb:16:7e:64:b2:
                    d5:50:47:31:cf:56:ed:ad:41:2c:64:f1:91:9b:ab:
                    53:99:de:1d:7b:b4:18:83:56:e9:85:6d:21:22:77:
                    5b:71:6d:80:5b:5c:a2:27:4b:0e:c4:36:3a:21:c0:
                    ae:54:9b:e6:f4:b2:a8:b4:db:1b:39:73:ff:c2:25:
                    d4:d2:e6:dc:29:04:26:78:be:2c:24:ae:b9:06:e4:
                    11:06:21:30:03:f5:59:98:d4:0e:25:b6:b4:d0:ee:
                    a9:3c:0f:b0:96:2c:9e:00:fc:94:00:7d:ae:cd:8c:
                    58:de:87:98:a2:9b:6f:c9:be:35:71:f3:ad:00:25:
                    95:19:27:6c:da:9f:e8:fa:b3:b2:2f:d8:91:b5:c8:
                    57:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:B2:96:B3:E0:0B:B8:62:4C:85:4E:A4:53:25:E7:4E:62:2F:99:26
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS138997.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:ab:e5:c7:7b:31:c5:17:97:8f:b1:8b:0d:d6:16:31:9c:95:
         c5:f8:7f:24:36:d4:a9:2b:4e:2c:07:fe:48:f1:44:04:61:44:
         ac:fc:2d:14:33:66:99:0b:d0:0f:36:a6:4d:85:19:8e:c2:70:
         b8:b6:39:ec:4d:9e:f4:22:d2:26:6a:5a:93:44:90:3c:02:2c:
         10:f7:f5:da:cc:af:ac:3c:44:eb:d7:d5:da:ff:ec:f3:40:cf:
         b8:b8:9d:67:94:13:6b:e5:5f:e6:98:46:40:8f:3a:25:8e:c1:
         90:f5:3a:90:10:a5:5b:4a:6a:2c:b5:b2:83:12:c8:ad:95:e3:
         31:e2:fb:73:bf:42:8d:e2:0f:09:10:7d:18:84:45:cf:f1:52:
         ab:e4:fa:0c:0c:95:93:22:f2:cd:6a:85:15:bb:45:96:83:4d:
         41:83:f4:56:3c:09:f2:80:06:e5:08:1e:3a:24:38:96:2d:35:
         1c:30:0e:cb:43:4d:e0:52:97:94:fa:3f:48:70:bb:aa:b3:d5:
         8c:39:7d:d7:6f:1a:9f:c9:12:a8:ad:07:1a:e2:8c:5d:5d:ca:
         82:52:b1:ec:17:69:86:d4:07:8f:c3:4e:06:90:a5:87:b1:58:
         d8:1f:49:cd:5f:27:16:d9:1e:32:1f:98:84:dd:75:c2:bd:60:
         4f:66:e0:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWMKEnpq+1sgHZgt94k5O/IzgNw0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTQxMTI1MjdaFw0yNjA3MTMxMTMwMjdaMDMxMTAvBgNV
BAMTKDYwQjI5NkIzRTAwQkI4NjI0Qzg1NEVBNDUzMjVFNzRFNjIyRjk5MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCt+zP5pgMJkYHteIooUNVFHH3R
NuJI10z7ED8/4WAmdB/RCagoKB1BwuKchh0xYgxBZ3Zh9XoIsI4cRIiCpeYawwUK
TF1ZimXJtHA6DLS+OdWn5R8DD/J0FrZhtYWUlh6FjkiXJC9yD4Ik3bAuAhBatr67
Fn5kstVQRzHPVu2tQSxk8ZGbq1OZ3h17tBiDVumFbSEid1txbYBbXKInSw7ENjoh
wK5Um+b0sqi02xs5c//CJdTS5twpBCZ4viwkrrkG5BEGITAD9VmY1A4ltrTQ7qk8
D7CWLJ4A/JQAfa7NjFjeh5iim2/JvjVx860AJZUZJ2zan+j6s7Iv2JG1yFczAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYLKWs+ALuGJMhU6kUyXnTmIvmSYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM4OTk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACtMA0GCSqGSIb3DQEBCwUAA4IBAQBPq+XHezHFF5ePsYsN1hYxnJXF+H8kNtSp
K04sB/5I8UQEYUSs/C0UM2aZC9APNqZNhRmOwnC4tjnsTZ70ItImalqTRJA8AiwQ
9/XazK+sPETr19Xa/+zzQM+4uJ1nlBNr5V/mmEZAjzoljsGQ9TqQEKVbSmostbKD
EsitleMx4vtzv0KN4g8JEH0YhEXP8VKr5PoMDJWTIvLNaoUVu0WWg01Bg/RWPAny
gAblCB46JDiWLTUcMA7LQ03gUpeU+j9IcLuqs9WMOX3XbxqfyRKorQca4oxdXcqC
UrHsF2mG1AePw04GkKWHsVjYH0nNXycW2R4yH5iE3XXCvWBPZuD6
-----END CERTIFICATE-----