Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213690.roa
File:                     AS213690.roa (raw, json)
Hash identifier:          zy+mXrwRIkBfpqrhac0aac23p6OhV3IyVxUCFo4vtJc=
Subject key identifier:   4D:99:CD:B4:EA:E2:87:2E:E5:CF:C0:45:62:DF:FC:4E:49:4B:17:B7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       34AF77F3B255A7CFE3C51565210AF877AF423C5D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213690.roa
Signing time:             Tue 08 Jul 2025 08:56:05 +0000
ROA not before:           Tue 08 Jul 2025 08:51:05 +0000
ROA not after:            Tue 07 Jul 2026 08:56:05 +0000
asID:                     213690
IP address blocks:        2a13:9500:ab::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            34:af:77:f3:b2:55:a7:cf:e3:c5:15:65:21:0a:f8:77:af:42:3c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  8 08:51:05 2025 GMT
            Not After : Jul  7 08:56:05 2026 GMT
        Subject: CN=4D99CDB4EAE2872EE5CFC04562DFFC4E494B17B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5e:a3:eb:ec:0a:0d:8b:ae:45:0d:1f:0e:2d:
                    f4:93:c5:db:49:82:a7:de:65:dd:65:2a:a1:fe:eb:
                    1b:fb:d4:b7:7b:c8:f4:82:f0:78:15:85:30:31:d5:
                    79:ba:6f:3d:75:69:9d:14:81:23:81:2d:ab:79:2d:
                    25:ce:62:9f:d3:dc:a7:d9:d1:d7:bf:7f:12:9b:db:
                    08:f6:75:b4:9b:eb:f9:3d:4a:62:91:b4:fe:f4:73:
                    e7:8c:e8:5e:67:52:53:cb:5e:1e:f5:8b:9a:54:b4:
                    78:24:9a:a5:ba:4a:41:9f:3b:cc:2c:ab:e9:44:a7:
                    99:ce:79:c3:cd:d9:06:f5:d5:1e:27:3a:de:a6:9e:
                    bb:1e:8a:34:8f:3d:90:89:c2:3e:63:e2:86:72:22:
                    ab:d0:50:ae:4a:40:38:7a:7a:ea:7a:cf:82:81:6c:
                    84:04:98:c0:2b:61:6d:70:99:39:8f:86:20:78:48:
                    71:02:e6:af:17:e8:e1:ec:ad:63:15:34:04:8e:7d:
                    f4:48:19:36:0d:39:58:c8:33:19:9a:df:32:72:26:
                    a5:e0:3e:b8:22:32:25:6c:c3:90:09:54:9e:e2:ec:
                    58:f8:a2:61:4f:ec:c7:21:fe:74:fa:d8:dc:75:71:
                    af:b6:ca:fe:e8:15:49:45:01:4d:7f:f3:98:49:cc:
                    8b:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:99:CD:B4:EA:E2:87:2E:E5:CF:C0:45:62:DF:FC:4E:49:4B:17:B7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:ab::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:d5:04:1c:2a:d3:cd:6f:9e:b7:13:2c:cb:7b:69:7e:ff:6b:
         e6:c4:a3:fa:a6:cf:97:00:b7:b5:3a:4b:2a:bd:4b:ea:8e:86:
         af:a2:e3:50:6c:49:a4:ea:ef:17:90:b8:2d:ac:c8:de:56:65:
         d3:03:a2:db:bb:c9:7b:17:22:be:7d:01:9e:0b:28:38:2a:82:
         3d:91:87:93:6d:d7:e1:b0:b3:f3:15:2c:ed:af:52:be:10:27:
         94:ac:b2:18:1d:ec:28:d4:4f:25:0d:ba:c5:17:48:c6:d7:da:
         28:b9:d7:8b:c9:73:2c:06:e4:be:32:34:81:7e:5e:94:db:1c:
         da:ba:b7:40:9e:c2:52:81:5f:c7:ef:5b:4a:e9:91:8c:f2:3f:
         d1:de:3a:7b:91:43:e8:0c:51:04:0b:3f:32:b4:15:ce:34:76:
         94:03:5d:61:cd:27:fe:41:19:20:2a:ef:3c:52:e8:94:a4:68:
         c1:1e:1e:0d:9b:22:30:7f:db:57:5a:f7:aa:28:65:b5:b4:26:
         bc:7e:c8:8e:27:d6:52:49:58:7d:1c:bd:8b:83:46:ef:53:1c:
         95:33:d4:ce:54:f3:ea:cd:43:69:fa:79:57:c3:69:aa:34:93:
         91:17:a9:23:b2:42:e2:cb:d0:cb:f2:c1:2c:a6:3c:f2:c0:c1:
         ec:3a:50:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNK9387JVp8/jxRVlIQr4d69CPF0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDgwODUxMDVaFw0yNjA3MDcwODU2MDVaMDMxMTAvBgNV
BAMTKDREOTlDREI0RUFFMjg3MkVFNUNGQzA0NTYyREZGQzRFNDk0QjE3QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/XqPr7AoNi65FDR8OLfSTxdtJ
gqfeZd1lKqH+6xv71Ld7yPSC8HgVhTAx1Xm6bz11aZ0UgSOBLat5LSXOYp/T3KfZ
0de/fxKb2wj2dbSb6/k9SmKRtP70c+eM6F5nUlPLXh71i5pUtHgkmqW6SkGfO8ws
q+lEp5nOecPN2Qb11R4nOt6mnrseijSPPZCJwj5j4oZyIqvQUK5KQDh6eup6z4KB
bIQEmMArYW1wmTmPhiB4SHEC5q8X6OHsrWMVNASOffRIGTYNOVjIMxma3zJyJqXg
PrgiMiVsw5AJVJ7i7Fj4omFP7Mch/nT62Nx1ca+2yv7oFUlFAU1/85hJzIuXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTZnNtOrihy7lz8BFYt/8TklLF7cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNjkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACrMA0GCSqGSIb3DQEBCwUAA4IBAQAD1QQcKtPNb563EyzLe2l+/2vmxKP6ps+X
ALe1OksqvUvqjoavouNQbEmk6u8XkLgtrMjeVmXTA6Lbu8l7FyK+fQGeCyg4KoI9
kYeTbdfhsLPzFSztr1K+ECeUrLIYHewo1E8lDbrFF0jG19ooudeLyXMsBuS+MjSB
fl6U2xzaurdAnsJSgV/H71tK6ZGM8j/R3jp7kUPoDFEECz8ytBXONHaUA11hzSf+
QRkgKu88UuiUpGjBHh4NmyIwf9tXWveqKGW1tCa8fsiOJ9ZSSVh9HL2Lg0bvUxyV
M9TOVPPqzUNp+nlXw2mqNJORF6kjskLiy9DL8sEspjzywMHsOlBp
-----END CERTIFICATE-----