Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210576.roa
File:                     AS210576.roa (raw, json)
Hash identifier:          1iBkwOSIcSDWpVGT08sY+m2R4mUj706DaiMYkzRfBBU=
Subject key identifier:   87:AB:F9:92:7F:1F:80:29:23:00:D6:93:0B:4A:B1:14:67:4A:03:AC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3D8C2A70517289AFA5A11B368D0964B07C58CCAF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210576.roa
Signing time:             Sun 06 Jul 2025 09:14:04 +0000
ROA not before:           Sun 06 Jul 2025 09:09:04 +0000
ROA not after:            Sun 05 Jul 2026 09:14:04 +0000
asID:                     210576
IP address blocks:        2a13:9500:a6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:8c:2a:70:51:72:89:af:a5:a1:1b:36:8d:09:64:b0:7c:58:cc:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  6 09:09:04 2025 GMT
            Not After : Jul  5 09:14:04 2026 GMT
        Subject: CN=87ABF9927F1F80292300D6930B4AB114674A03AC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:42:db:f2:0f:ad:58:e3:41:e4:b1:c7:60:9c:
                    ea:9a:0d:e8:5b:5f:16:5d:c6:b1:ca:29:db:0c:42:
                    14:b1:5c:7e:ae:d2:07:f3:14:e9:29:e0:7f:03:bd:
                    8a:7b:18:a0:ce:7d:4b:26:b3:dc:bc:1c:b0:64:e2:
                    df:0e:35:0a:14:fc:a2:42:6d:e3:54:72:b7:c9:38:
                    e6:a7:34:0d:a9:1b:ef:f5:55:74:04:9d:42:48:03:
                    6f:64:76:ec:ee:42:42:7e:cd:31:b2:0f:ec:ac:9c:
                    66:71:79:51:8f:55:3e:ba:18:c7:5f:46:47:5d:88:
                    2b:82:69:4b:69:0f:af:66:97:3e:33:e2:45:ce:a8:
                    bb:78:64:4b:bc:bf:71:06:c9:f5:d3:ee:e8:f1:a3:
                    ce:48:e5:df:08:18:89:2e:e3:79:11:da:51:f0:2e:
                    02:aa:b0:b2:43:6f:31:73:e0:a0:3a:51:dc:70:8c:
                    4e:23:89:2f:50:36:20:37:6d:5b:48:92:21:82:e2:
                    49:59:0d:f3:8a:09:cc:fe:bc:68:31:9a:e5:1c:3e:
                    7a:be:0e:77:81:1b:4a:bc:1c:b8:f1:a1:30:e5:f1:
                    b7:a7:4a:b0:2b:8e:76:8a:c9:cb:e5:c3:ad:1c:82:
                    44:03:5b:1b:d2:51:ed:f2:86:9e:4f:1c:f1:fe:46:
                    8c:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:AB:F9:92:7F:1F:80:29:23:00:D6:93:0B:4A:B1:14:67:4A:03:AC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210576.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a6::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:37:24:b2:15:2f:95:c8:bd:ec:6e:65:9e:3c:bb:22:6e:32:
         d7:52:bb:19:d6:35:4e:80:a3:6c:94:74:03:0a:01:03:0d:34:
         41:fa:de:94:98:d1:a5:1d:1d:ce:16:d8:42:72:c5:76:30:ad:
         28:5d:b6:2a:8d:8a:0f:36:54:d6:e2:39:b1:d6:0c:ce:85:5c:
         b3:43:3b:38:9e:24:83:67:13:38:b5:f6:5e:81:e6:bd:24:b8:
         48:8b:a6:68:30:aa:38:7e:7e:0c:df:82:5f:6a:48:fe:45:6e:
         d6:5a:1c:ba:7b:47:c1:92:97:fb:b3:ef:12:06:ae:d2:d7:84:
         ae:2f:85:c2:7b:fc:9a:b7:c8:b9:d7:ef:8f:40:9a:c6:dc:1e:
         d8:f3:10:70:a1:0d:72:43:ec:ca:ce:e8:42:9d:e6:04:d6:a2:
         8a:c3:cb:d6:84:fe:0a:19:cf:34:3a:68:a5:8c:5d:22:bb:7f:
         57:10:ef:a4:23:b3:59:3d:d3:08:92:39:8c:03:12:1e:1a:0f:
         6a:64:fe:dd:06:56:4f:95:a7:b0:4b:fe:21:08:fc:20:83:64:
         9d:ae:21:58:a2:e4:d4:03:5a:9e:8e:55:fe:6b:c1:c3:f0:06:
         c3:38:08:87:9d:c2:47:cf:92:6a:fd:77:df:62:04:31:ec:11:
         47:48:01:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPYwqcFFyia+loRs2jQlksHxYzK8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDYwOTA5MDRaFw0yNjA3MDUwOTE0MDRaMDMxMTAvBgNV
BAMTKDg3QUJGOTkyN0YxRjgwMjkyMzAwRDY5MzBCNEFCMTE0Njc0QTAzQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqQtvyD61Y40HkscdgnOqaDehb
XxZdxrHKKdsMQhSxXH6u0gfzFOkp4H8DvYp7GKDOfUsms9y8HLBk4t8ONQoU/KJC
beNUcrfJOOanNA2pG+/1VXQEnUJIA29kduzuQkJ+zTGyD+ysnGZxeVGPVT66GMdf
RkddiCuCaUtpD69mlz4z4kXOqLt4ZEu8v3EGyfXT7ujxo85I5d8IGIku43kR2lHw
LgKqsLJDbzFz4KA6UdxwjE4jiS9QNiA3bVtIkiGC4klZDfOKCcz+vGgxmuUcPnq+
DneBG0q8HLjxoTDl8benSrArjnaKycvlw60cgkQDWxvSUe3yhp5PHPH+Rox7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUh6v5kn8fgCkjANaTC0qxFGdKA6wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwNTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACmMA0GCSqGSIb3DQEBCwUAA4IBAQCENySyFS+VyL3sbmWePLsibjLXUrsZ1jVO
gKNslHQDCgEDDTRB+t6UmNGlHR3OFthCcsV2MK0oXbYqjYoPNlTW4jmx1gzOhVyz
Qzs4niSDZxM4tfZegea9JLhIi6ZoMKo4fn4M34Jfakj+RW7WWhy6e0fBkpf7s+8S
Bq7S14SuL4XCe/yat8i51++PQJrG3B7Y8xBwoQ1yQ+zKzuhCneYE1qKKw8vWhP4K
Gc80OmiljF0iu39XEO+kI7NZPdMIkjmMAxIeGg9qZP7dBlZPlaewS/4hCPwgg2Sd
riFYouTUA1qejlX+a8HD8AbDOAiHncJHz5Jq/XffYgQx7BFHSAGU
-----END CERTIFICATE-----