Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa
File:                     AS211575.roa (raw, json)
Hash identifier:          IEdVYRziPemtkHamvb4L5aI6w5HVEsRMycUnhJ2cb0g=
Subject key identifier:   64:14:C2:2C:6C:09:EA:97:3C:7B:6F:04:40:10:A1:7B:11:E8:49:E4
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5F1844EB3F549D94ECBDA57D024950FCCD4389CE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa
Signing time:             Tue 01 Jul 2025 14:59:06 +0000
ROA not before:           Tue 01 Jul 2025 14:54:06 +0000
ROA not after:            Tue 30 Jun 2026 14:59:06 +0000
asID:                     211575
IP address blocks:        2a13:9500:a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:18:44:eb:3f:54:9d:94:ec:bd:a5:7d:02:49:50:fc:cd:43:89:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  1 14:54:06 2025 GMT
            Not After : Jun 30 14:59:06 2026 GMT
        Subject: CN=6414C22C6C09EA973C7B6F044010A17B11E849E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:32:75:d0:13:20:c9:11:d4:83:58:39:64:a8:
                    51:7f:ee:d8:c3:3f:6c:7d:f9:b7:3f:b2:ad:4e:1a:
                    ef:96:67:d1:32:be:99:0a:ed:10:0b:19:77:6f:1f:
                    6a:76:64:78:9a:4c:94:e8:ed:1d:89:ed:77:11:a2:
                    3f:c2:ce:d6:bf:f4:79:22:35:51:2c:cd:74:2d:ce:
                    48:29:69:e5:0e:2b:42:28:da:fa:1b:f5:44:64:b8:
                    a2:bf:2b:b9:81:0a:b7:7e:8c:96:af:d9:9a:11:fc:
                    7e:95:66:35:47:06:e1:ab:88:08:3d:30:68:17:39:
                    d8:c7:df:5d:6b:7b:b1:05:03:8a:73:b9:75:28:14:
                    d5:63:72:80:51:20:49:f3:6c:c1:0e:34:70:ce:fa:
                    fa:ca:ac:8f:5e:b0:05:cf:0d:6f:99:a1:fe:14:d8:
                    1a:e8:f2:90:dd:9e:fc:e9:94:c6:ca:0d:fc:90:54:
                    41:64:0a:a7:a7:80:d0:85:2b:74:86:ae:77:70:ea:
                    03:96:46:d6:da:97:d2:a1:ef:77:81:d9:0b:d8:bc:
                    86:f6:de:58:b5:cc:4c:59:f6:40:6b:44:d1:ab:bf:
                    be:57:84:00:5c:91:3f:2e:13:03:e3:1b:82:e1:66:
                    17:eb:29:99:ce:5a:7e:41:68:4b:5b:19:e0:14:1c:
                    1c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:14:C2:2C:6C:09:EA:97:3C:7B:6F:04:40:10:A1:7B:11:E8:49:E4
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:6f:d0:dc:8f:4b:eb:86:19:fb:cc:97:6f:a6:d5:25:e2:29:
         1b:3c:05:a3:10:d9:86:13:04:80:2c:68:96:3e:c1:fe:dd:c2:
         f9:0c:80:fb:83:c8:ef:89:3d:c7:56:66:0b:15:3f:29:89:7f:
         96:b0:5d:dc:d4:7e:b0:46:d3:b4:12:44:b8:30:18:6c:1d:24:
         8a:5b:96:f3:f9:f1:f4:0a:01:6f:f5:51:81:91:5f:4b:81:da:
         2c:16:ef:2e:f4:45:b3:21:5b:e3:ec:f2:93:a6:3c:87:ba:d3:
         29:a9:21:32:69:0e:6e:eb:80:40:a2:33:8c:02:4c:95:ea:a5:
         f6:94:9f:6f:9a:28:2d:67:3f:cd:5d:48:5c:93:ce:57:de:b8:
         a9:f3:47:fd:4e:6b:c8:38:0f:a5:f2:3c:2c:b7:45:b6:59:44:
         05:77:49:b5:8f:31:93:22:cc:44:2a:e9:d5:6a:50:f1:e7:f3:
         ff:3f:db:a7:c8:2f:09:68:fa:61:22:40:43:2e:ca:e4:02:24:
         3c:0c:13:15:67:cc:52:e6:84:58:5c:05:2d:4e:bf:ca:fa:93:
         6a:24:a0:e9:f5:e8:07:b9:eb:73:de:da:56:1f:64:49:45:95:
         fd:25:38:41:1b:06:79:a8:f7:e9:4e:ca:61:fb:49:a4:9c:ed:
         8b:98:d4:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUXxhE6z9UnZTsvaV9AklQ/M1Dic4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDExNDU0MDZaFw0yNjA2MzAxNDU5MDZaMDMxMTAvBgNV
BAMTKDY0MTRDMjJDNkMwOUVBOTczQzdCNkYwNDQwMTBBMTdCMTFFODQ5RTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYMnXQEyDJEdSDWDlkqFF/7tjD
P2x9+bc/sq1OGu+WZ9EyvpkK7RALGXdvH2p2ZHiaTJTo7R2J7XcRoj/Czta/9Hki
NVEszXQtzkgpaeUOK0Io2vob9URkuKK/K7mBCrd+jJav2ZoR/H6VZjVHBuGriAg9
MGgXOdjH311re7EFA4pzuXUoFNVjcoBRIEnzbMEONHDO+vrKrI9esAXPDW+Zof4U
2Bro8pDdnvzplMbKDfyQVEFkCqengNCFK3SGrndw6gOWRtbal9Kh73eB2QvYvIb2
3li1zExZ9kBrRNGrv75XhABckT8uEwPjG4LhZhfrKZnOWn5BaEtbGeAUHBypAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUZBTCLGwJ6pc8e28EQBChexHoSeQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACgMA0GCSqGSIb3DQEBCwUAA4IBAQBIb9Dcj0vrhhn7zJdvptUl4ikbPAWjENmG
EwSALGiWPsH+3cL5DID7g8jviT3HVmYLFT8piX+WsF3c1H6wRtO0EkS4MBhsHSSK
W5bz+fH0CgFv9VGBkV9LgdosFu8u9EWzIVvj7PKTpjyHutMpqSEyaQ5u64BAojOM
AkyV6qX2lJ9vmigtZz/NXUhck85X3rip80f9TmvIOA+l8jwst0W2WUQFd0m1jzGT
IsxEKunValDx5/P/P9unyC8JaPphIkBDLsrkAiQ8DBMVZ8xS5oRYXAUtTr/K+pNq
JKDp9egHuetz3tpWH2RJRZX9JThBGwZ5qPfpTsph+0mknO2LmNT/
-----END CERTIFICATE-----