Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201233.roa
File:                     AS201233.roa (raw, json)
Hash identifier:          Ive9zS7QPIUbl932j5seGXcTYkboJgZxQ8OF360mZfo=
Subject key identifier:   F4:BF:31:39:1F:E3:E5:86:A3:AF:3E:86:50:26:61:FE:5E:AF:03:27
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2A4C0A096567B8A4C1FD1C02AEDF4BAF84FF1381
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201233.roa
Signing time:             Sat 05 Jul 2025 06:56:32 +0000
ROA not before:           Sat 05 Jul 2025 06:51:32 +0000
ROA not after:            Sat 04 Jul 2026 06:56:32 +0000
asID:                     201233
IP address blocks:        2a13:9500:a4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:4c:0a:09:65:67:b8:a4:c1:fd:1c:02:ae:df:4b:af:84:ff:13:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  5 06:51:32 2025 GMT
            Not After : Jul  4 06:56:32 2026 GMT
        Subject: CN=F4BF31391FE3E586A3AF3E86502661FE5EAF0327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:ad:12:39:ce:6b:c9:79:89:0d:e0:8f:78:06:
                    3e:de:72:72:3e:58:2a:79:15:23:1f:f1:79:d5:ad:
                    7e:d1:63:4c:57:7a:ad:56:c1:df:7b:32:dc:ed:a6:
                    e6:47:5a:53:17:90:e8:44:ad:79:3b:18:f6:a5:79:
                    4c:06:bb:22:e5:c6:03:68:b2:ba:9f:61:c6:2e:5c:
                    bb:87:57:1a:ba:ba:6d:ec:45:f1:74:01:66:6a:35:
                    04:13:b9:91:26:73:e4:a9:5c:46:47:37:8f:d7:54:
                    c2:19:34:6a:ed:bf:a7:16:c0:26:a7:f3:df:ba:f9:
                    56:f0:0b:c2:fe:4c:e5:a8:31:1e:bd:28:4e:9f:e5:
                    c7:95:86:47:b4:4e:be:1f:74:e4:db:6e:c0:ab:c5:
                    df:8f:bf:a3:b9:9c:77:ae:fc:52:95:56:a1:b5:79:
                    47:13:ba:9e:56:57:b0:1b:fe:f7:bd:b6:6d:a3:3b:
                    24:99:a8:34:ee:5d:67:72:ba:84:48:1a:b5:32:20:
                    be:76:c4:c9:54:c2:c9:13:a2:2e:4b:b4:21:19:c2:
                    55:e4:b1:19:37:0f:4e:cd:e7:45:5d:0c:de:64:61:
                    b7:99:3b:bb:15:e1:3b:52:df:a2:f1:e2:79:83:99:
                    a8:db:91:5a:0a:ee:81:2a:71:f5:0c:cb:a1:12:1f:
                    b2:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:BF:31:39:1F:E3:E5:86:A3:AF:3E:86:50:26:61:FE:5E:AF:03:27
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201233.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a4::/48

    Signature Algorithm: sha256WithRSAEncryption
         78:0b:a1:4c:e3:ab:22:dd:95:3f:84:47:b3:57:b0:79:36:07:
         12:e4:b8:7d:b1:75:ee:43:bd:9b:05:1b:96:36:c3:fe:db:8a:
         d5:41:10:64:be:5c:79:43:dd:75:b5:bf:4f:7c:ac:b9:5b:63:
         22:41:69:c5:86:b8:93:e0:21:21:a2:78:ce:40:fa:ce:d0:d5:
         e8:d7:66:21:e3:a9:f1:e9:aa:56:00:c6:73:20:1f:9a:6b:01:
         78:fb:31:5a:34:5a:ef:48:c8:a4:27:87:4f:e3:30:6f:de:e7:
         23:b5:61:95:65:c1:e6:52:f9:27:8a:fa:8b:4b:69:65:c7:6f:
         4c:33:ff:ac:a4:0b:26:df:85:9e:4d:f0:04:09:5f:a1:75:51:
         ed:82:ab:9a:ce:00:9c:d3:ce:ac:aa:59:9d:b9:60:1b:39:e0:
         ec:0f:d3:20:f9:82:e8:63:c9:50:af:b7:e4:1e:34:3e:59:72:
         5c:22:e9:93:0c:2f:92:18:d4:ae:6a:7f:9e:3b:d6:d1:a0:f1:
         f2:80:2d:be:78:a5:e3:fe:d9:9a:72:aa:dc:c5:69:0e:0f:d7:
         75:21:ec:c1:66:b3:01:c8:23:49:26:fe:39:48:b2:4d:40:5c:
         ea:28:87:39:32:31:0d:5a:d6:69:f4:bb:0b:02:88:f4:fc:d1:
         0a:13:fd:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKkwKCWVnuKTB/RwCrt9Lr4T/E4EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDUwNjUxMzJaFw0yNjA3MDQwNjU2MzJaMDMxMTAvBgNV
BAMTKEY0QkYzMTM5MUZFM0U1ODZBM0FGM0U4NjUwMjY2MUZFNUVBRjAzMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0rRI5zmvJeYkN4I94Bj7ecnI+
WCp5FSMf8XnVrX7RY0xXeq1Wwd97MtztpuZHWlMXkOhErXk7GPaleUwGuyLlxgNo
srqfYcYuXLuHVxq6um3sRfF0AWZqNQQTuZEmc+SpXEZHN4/XVMIZNGrtv6cWwCan
89+6+VbwC8L+TOWoMR69KE6f5ceVhke0Tr4fdOTbbsCrxd+Pv6O5nHeu/FKVVqG1
eUcTup5WV7Ab/ve9tm2jOySZqDTuXWdyuoRIGrUyIL52xMlUwskToi5LtCEZwlXk
sRk3D07N50VdDN5kYbeZO7sV4TtS36Lx4nmDmajbkVoK7oEqcfUMy6ESH7IFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9L8xOR/j5Yajrz6GUCZh/l6vAycwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxMjMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACkMA0GCSqGSIb3DQEBCwUAA4IBAQB4C6FM46si3ZU/hEezV7B5NgcS5Lh9sXXu
Q72bBRuWNsP+24rVQRBkvlx5Q911tb9PfKy5W2MiQWnFhriT4CEhonjOQPrO0NXo
12Yh46nx6apWAMZzIB+aawF4+zFaNFrvSMikJ4dP4zBv3ucjtWGVZcHmUvknivqL
S2llx29MM/+spAsm34WeTfAECV+hdVHtgquazgCc086sqlmduWAbOeDsD9Mg+YLo
Y8lQr7fkHjQ+WXJcIumTDC+SGNSuan+eO9bRoPHygC2+eKXj/tmacqrcxWkOD9d1
IezBZrMByCNJJv45SLJNQFzqKIc5MjENWtZp9LsLAoj0/NEKE/1Q
-----END CERTIFICATE-----