Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215258.roa
File:                     AS215258.roa (raw, json)
Hash identifier:          qF8bqPZ3tO5zmuCFnzORMJPYMG2YhiSZj+2adOrKXX4=
Subject key identifier:   7A:45:10:E3:5D:71:D9:27:46:CA:EB:AD:EA:7E:5D:33:F4:5C:19:B9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7EFF998BF3965C75EC2FC304FCA85C938192F2CB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215258.roa
Signing time:             Thu 17 Jul 2025 07:24:41 +0000
ROA not before:           Thu 17 Jul 2025 07:19:41 +0000
ROA not after:            Thu 16 Jul 2026 07:24:41 +0000
asID:                     215258
IP address blocks:        2a13:9500:b0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:ff:99:8b:f3:96:5c:75:ec:2f:c3:04:fc:a8:5c:93:81:92:f2:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 17 07:19:41 2025 GMT
            Not After : Jul 16 07:24:41 2026 GMT
        Subject: CN=7A4510E35D71D92746CAEBADEA7E5D33F45C19B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:10:c3:05:3d:62:b9:db:b4:8b:43:f9:a6:be:
                    ca:4a:c1:1d:e5:59:d5:16:b6:33:aa:fd:26:d2:a3:
                    6b:6b:b1:da:e9:da:05:ff:22:b8:fa:34:5e:fc:44:
                    3c:75:a7:e7:2e:4b:22:cd:c3:c4:c6:17:d6:fb:0a:
                    e8:b4:9e:c2:c0:28:6d:0e:5d:9c:f6:f8:97:9b:cf:
                    4b:a3:44:ec:48:43:3e:5b:8d:02:95:19:ff:d6:67:
                    04:61:32:3e:be:08:bf:76:63:ac:46:ff:5d:a6:62:
                    71:c4:0a:39:21:cc:28:9c:2f:72:7d:e6:51:48:9e:
                    07:e6:7f:28:2f:99:e3:ff:e5:17:d0:f8:cf:28:c0:
                    91:a8:d7:01:92:77:57:76:a2:43:1c:c3:13:7d:7a:
                    85:36:72:db:bf:c9:78:e7:6d:1f:28:a3:74:eb:9f:
                    cd:1e:59:92:08:ac:c4:23:90:e7:16:a9:55:9b:10:
                    52:76:cd:5f:53:76:f7:f2:7f:c9:26:ac:42:94:3a:
                    9f:5a:61:d9:ad:81:5d:fd:52:3f:78:9b:44:ab:0c:
                    cf:c5:8a:da:a7:40:ab:aa:55:f4:56:e3:56:15:e9:
                    36:e1:0c:00:63:6e:22:24:ca:6d:bc:f7:5c:cd:f8:
                    53:5d:50:ae:d3:48:9f:7e:f0:d1:98:76:61:ae:bd:
                    39:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:45:10:E3:5D:71:D9:27:46:CA:EB:AD:EA:7E:5D:33:F4:5C:19:B9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215258.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:b0::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:6f:f1:32:05:4f:98:c8:1a:0a:f2:d0:d9:66:4a:21:6a:e5:
         2d:2b:1d:e1:0f:89:e0:56:3a:0b:08:56:ea:f2:90:26:cb:72:
         bf:12:28:92:ae:dd:db:ab:39:57:55:e6:1c:be:b7:56:75:92:
         2f:63:8c:d4:50:f8:2b:b5:5a:0b:ac:db:0a:9e:90:d3:97:11:
         51:96:0c:2b:3f:ca:5c:fb:fb:3d:09:af:73:a7:a6:ef:70:95:
         27:ef:7d:50:94:11:7b:7a:92:4a:cb:5a:8c:a4:fb:93:02:4b:
         62:2b:82:4b:19:db:7a:06:41:90:04:45:11:ad:49:ce:5f:41:
         a6:4c:b5:04:c7:e9:1d:7f:d3:3f:14:a0:b6:b8:de:37:bf:bc:
         96:de:26:7f:84:0d:28:56:f2:d0:67:2c:44:dd:ec:0e:3c:49:
         a7:56:77:b9:5c:3b:50:bc:aa:d6:ab:57:e0:9a:0a:b2:08:80:
         a7:35:c3:63:c5:80:13:7a:46:4e:4d:e7:7e:f6:d7:be:68:b5:
         4d:d9:68:f0:7e:1c:12:4c:49:09:4b:24:c3:80:b3:72:14:f9:
         9b:0c:5d:49:38:ac:a6:96:d0:53:55:eb:63:ce:cd:5e:d6:a9:
         3c:2b:78:d0:8e:3b:f1:d9:bb:47:e7:c3:e8:17:a6:5c:ad:ad:
         dc:15:0f:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUfv+Zi/OWXHXsL8ME/Khck4GS8sswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTcwNzE5NDFaFw0yNjA3MTYwNzI0NDFaMDMxMTAvBgNV
BAMTKDdBNDUxMEUzNUQ3MUQ5Mjc0NkNBRUJBREVBN0U1RDMzRjQ1QzE5QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVEMMFPWK527SLQ/mmvspKwR3l
WdUWtjOq/SbSo2trsdrp2gX/Irj6NF78RDx1p+cuSyLNw8TGF9b7Cui0nsLAKG0O
XZz2+Jebz0ujROxIQz5bjQKVGf/WZwRhMj6+CL92Y6xG/12mYnHECjkhzCicL3J9
5lFIngfmfygvmeP/5RfQ+M8owJGo1wGSd1d2okMcwxN9eoU2ctu/yXjnbR8oo3Tr
n80eWZIIrMQjkOcWqVWbEFJ2zV9Tdvfyf8kmrEKUOp9aYdmtgV39Uj94m0SrDM/F
itqnQKuqVfRW41YV6TbhDABjbiIkym2891zN+FNdUK7TSJ9+8NGYdmGuvTmXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUekUQ411x2SdGyuut6n5dM/RcGbkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MjU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACwMA0GCSqGSIb3DQEBCwUAA4IBAQAMb/EyBU+YyBoK8tDZZkohauUtKx3hD4ng
VjoLCFbq8pAmy3K/EiiSrt3bqzlXVeYcvrdWdZIvY4zUUPgrtVoLrNsKnpDTlxFR
lgwrP8pc+/s9Ca9zp6bvcJUn731QlBF7epJKy1qMpPuTAktiK4JLGdt6BkGQBEUR
rUnOX0GmTLUEx+kdf9M/FKC2uN43v7yW3iZ/hA0oVvLQZyxE3ewOPEmnVne5XDtQ
vKrWq1fgmgqyCICnNcNjxYATekZOTed+9te+aLVN2WjwfhwSTEkJSyTDgLNyFPmb
DF1JOKymltBTVetjzs1e1qk8K3jQjjvx2btH58PoF6Zcra3cFQ97
-----END CERTIFICATE-----