Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa
File:                     AS211759.roa (raw, json)
Hash identifier:          3O1H+GygGs7GirE2dGQlERlrVbHY7s0m1tcSWoeIBfY=
Subject key identifier:   B5:CB:3B:79:94:BE:B8:AC:39:BB:6B:2F:39:86:18:92:41:0D:88:8C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       444C5DB0F0C326321217415A4C3A5A185BAFD709
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa
Signing time:             Tue 01 Jul 2025 18:00:47 +0000
ROA not before:           Tue 01 Jul 2025 17:55:47 +0000
ROA not after:            Tue 30 Jun 2026 18:00:47 +0000
asID:                     211759
IP address blocks:        2a13:9500:9b::/48 maxlen: 48
                          2a13:9500:9d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:4c:5d:b0:f0:c3:26:32:12:17:41:5a:4c:3a:5a:18:5b:af:d7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  1 17:55:47 2025 GMT
            Not After : Jun 30 18:00:47 2026 GMT
        Subject: CN=B5CB3B7994BEB8AC39BB6B2F39861892410D888C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:4f:9c:3c:02:32:4e:50:3d:48:5b:58:f9:e8:
                    e6:ff:64:5c:cf:f8:3c:ed:d8:7a:30:f9:64:ca:73:
                    7e:c4:ec:14:e0:44:88:c2:de:d9:9c:e9:24:64:81:
                    d4:f9:6b:17:b0:fb:d9:a7:44:7c:bc:10:9b:ce:a1:
                    f1:d9:ca:3f:80:e8:61:4a:04:27:06:25:52:54:b5:
                    ea:68:09:b1:4b:a6:14:de:c1:5f:a0:4d:21:f6:d7:
                    9c:ed:4a:03:8a:d2:96:47:9d:02:3e:07:f9:26:84:
                    c5:5d:81:23:b6:85:e3:b4:e0:62:04:55:c4:51:60:
                    7e:c3:22:ac:7f:4b:db:7a:c0:bb:98:8e:ef:36:89:
                    b2:46:37:2e:87:64:57:71:d9:40:d3:d4:2a:11:2c:
                    c3:70:68:cd:f2:cb:52:73:bb:6c:38:74:36:a7:59:
                    24:a3:1b:30:a9:f5:fc:e0:af:b1:fc:9a:3d:1a:f5:
                    a3:0e:73:2f:7a:be:38:08:2a:90:68:61:88:72:3b:
                    90:68:88:fd:6e:ec:4f:21:96:42:a5:ca:bd:8c:52:
                    c4:56:5e:9a:ae:68:02:00:4a:ad:32:27:8e:b3:9f:
                    c7:61:29:c3:3f:2c:f3:0f:28:71:71:81:20:d6:3f:
                    59:93:5e:ca:5c:12:69:85:04:ca:e2:6f:82:ba:f4:
                    e7:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:CB:3B:79:94:BE:B8:AC:39:BB:6B:2F:39:86:18:92:41:0D:88:8C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211759.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9b::/48
                  2a13:9500:9d::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:95:0e:2c:f5:9c:cb:bb:74:0b:37:70:1b:f2:26:c7:01:c2:
         83:87:15:6c:59:c1:4f:b1:c3:4a:95:0b:58:ac:df:e0:3a:2c:
         29:43:63:4c:6e:ca:99:81:d9:4e:0a:92:fd:ab:a9:21:79:fc:
         64:23:45:1e:74:1b:7b:ac:de:71:f7:67:cd:b9:65:9f:81:99:
         f8:0f:93:fa:9b:f1:aa:ad:a2:0b:8b:39:e6:cf:f2:9c:20:52:
         ed:9a:4e:6a:27:2b:4b:5b:f0:b3:f7:de:1f:57:e3:9c:0f:f6:
         68:52:2e:c9:3b:ee:98:bf:eb:7c:74:16:42:a9:7a:f5:08:e1:
         54:6c:82:0a:87:3f:e9:80:da:99:2a:e6:50:1c:32:09:5b:bf:
         89:9a:15:37:2a:02:72:df:b6:bc:36:79:03:a3:86:41:5a:5f:
         7e:55:26:30:67:1f:a7:77:b6:ef:e0:9f:60:6f:00:66:53:03:
         64:8b:81:e8:bf:13:4b:93:35:86:0d:0f:02:2a:ef:38:68:3e:
         0c:b5:27:1f:cb:0c:50:5e:fd:15:dd:73:6c:af:79:32:07:24:
         80:6e:63:23:c6:0e:5b:4b:16:23:45:59:cd:d4:49:0a:64:e2:
         d8:d6:ff:16:f6:4b:36:c8:7b:a4:d5:d4:57:9d:b4:d6:b7:c4:
         9b:c3:51:05
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIURExdsPDDJjISF0FaTDpaGFuv1wkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDExNzU1NDdaFw0yNjA2MzAxODAwNDdaMDMxMTAvBgNV
BAMTKEI1Q0IzQjc5OTRCRUI4QUMzOUJCNkIyRjM5ODYxODkyNDEwRDg4OEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeT5w8AjJOUD1IW1j56Ob/ZFzP
+Dzt2How+WTKc37E7BTgRIjC3tmc6SRkgdT5axew+9mnRHy8EJvOofHZyj+A6GFK
BCcGJVJUtepoCbFLphTewV+gTSH215ztSgOK0pZHnQI+B/kmhMVdgSO2heO04GIE
VcRRYH7DIqx/S9t6wLuYju82ibJGNy6HZFdx2UDT1CoRLMNwaM3yy1Jzu2w4dDan
WSSjGzCp9fzgr7H8mj0a9aMOcy96vjgIKpBoYYhyO5BoiP1u7E8hlkKlyr2MUsRW
XpquaAIASq0yJ46zn8dhKcM/LPMPKHFxgSDWP1mTXspcEmmFBMrib4K69OdDAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUtcs7eZS+uKw5u2svOYYYkkENiIwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNzU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AACbAwcAKhOVAACdMA0GCSqGSIb3DQEBCwUAA4IBAQAWlQ4s9ZzLu3QLN3Ab8ibH
AcKDhxVsWcFPscNKlQtYrN/gOiwpQ2NMbsqZgdlOCpL9q6khefxkI0UedBt7rN5x
92fNuWWfgZn4D5P6m/GqraILiznmz/KcIFLtmk5qJytLW/Cz994fV+OcD/ZoUi7J
O+6Yv+t8dBZCqXr1COFUbIIKhz/pgNqZKuZQHDIJW7+JmhU3KgJy37a8NnkDo4ZB
Wl9+VSYwZx+nd7bv4J9gbwBmUwNki4HovxNLkzWGDQ8CKu84aD4MtScfywxQXv0V
3XNsr3kyBySAbmMjxg5bSxYjRVnN1EkKZOLY1v8W9ks2yHuk1dRXnbTWt8Sbw1EF
-----END CERTIFICATE-----