Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216145.roa
File:                     AS216145.roa (raw, json)
Hash identifier:          ZkX3mTokMxlgkZ1gdxuOU8Nbv9rJkfISdZq3UMs7YCE=
Subject key identifier:   C5:94:AE:84:2C:A1:F5:72:48:07:8D:99:51:21:32:BB:56:63:6E:7B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       72D1997B20AC57B894780E71E64F5CE95CEAA5CB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216145.roa
Signing time:             Thu 17 Jul 2025 18:48:19 +0000
ROA not before:           Thu 17 Jul 2025 18:43:19 +0000
ROA not after:            Thu 16 Jul 2026 18:48:19 +0000
asID:                     216145
IP address blocks:        2a13:9500:b2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:d1:99:7b:20:ac:57:b8:94:78:0e:71:e6:4f:5c:e9:5c:ea:a5:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 17 18:43:19 2025 GMT
            Not After : Jul 16 18:48:19 2026 GMT
        Subject: CN=C594AE842CA1F57248078D99512132BB56636E7B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:4f:0c:a7:d3:df:c1:13:09:aa:68:af:99:5b:
                    b0:d4:6c:9d:a3:01:05:af:1e:52:9e:9d:47:1e:79:
                    5a:01:31:55:a0:b2:39:7e:a0:35:61:d1:73:4f:c0:
                    bf:8a:60:66:f2:4b:08:a2:4e:99:06:f1:d4:19:bf:
                    e7:df:62:16:86:b2:c4:e3:36:30:3b:1a:65:11:3c:
                    88:25:11:00:e3:d6:db:5c:8b:3d:17:d3:50:ea:8b:
                    98:f0:a7:94:69:69:4e:8b:11:ad:3a:63:49:b1:4f:
                    3a:c6:f6:83:66:c4:dd:10:c9:d3:60:4d:4e:a3:e8:
                    1e:84:0c:f2:b4:23:e4:75:2f:17:27:6d:d6:3b:90:
                    87:91:ce:c5:e9:a2:c0:50:85:b9:0a:91:fb:12:17:
                    5c:e9:03:56:81:b5:66:e9:e6:a9:13:92:88:ca:ab:
                    a3:44:77:28:ee:3e:c5:30:7c:b1:13:10:6f:11:79:
                    f6:df:f1:5e:18:5f:fa:6c:20:a3:ed:22:a8:e9:f6:
                    83:11:5a:57:e0:00:97:53:30:b4:6a:4f:d0:62:53:
                    66:4d:1f:6a:77:cb:3d:60:7d:7e:84:5a:82:99:2b:
                    8f:35:4b:23:a4:86:99:43:d3:b3:72:8a:1e:5b:18:
                    51:98:24:34:06:04:f2:90:89:ad:62:94:13:40:87:
                    90:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:94:AE:84:2C:A1:F5:72:48:07:8D:99:51:21:32:BB:56:63:6E:7B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216145.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:b2::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:7e:cb:6d:e8:98:9a:c5:6f:be:30:f8:e1:cb:f8:f1:0e:c6:
         48:5e:7c:da:4a:c5:89:ac:3e:fa:82:1b:54:6d:45:8b:bb:04:
         b8:d1:1e:47:e1:af:7e:84:f3:d5:a4:c0:58:88:0f:5f:ba:55:
         05:93:9d:f2:b1:f8:b5:7e:95:99:11:0b:12:af:e0:92:a5:f3:
         9d:7f:6b:7d:cb:f8:13:17:13:ab:c2:ce:b4:58:12:d4:3f:80:
         86:87:fa:d6:85:0d:4a:ce:69:e7:ad:4d:75:17:89:13:6f:fc:
         9f:bd:e5:98:72:e3:8c:67:e3:ff:a9:7e:fc:e4:67:e0:a0:75:
         92:0c:5a:98:8f:86:29:ab:4d:4b:23:7c:e6:b6:00:0a:cb:77:
         8f:f3:6c:ce:7a:8d:f3:a9:46:3a:0a:f9:55:8f:4f:d5:c8:6d:
         f0:c9:62:86:a3:9d:e0:50:a3:36:d7:2f:56:52:6a:e1:6f:53:
         13:db:79:42:0f:c1:35:98:5a:52:ad:69:e5:d8:74:21:78:75:
         c7:93:7b:a8:3f:da:50:6c:ed:26:0d:ed:ab:2b:4e:35:16:08:
         a3:9c:ae:d4:2a:ee:57:2f:51:a5:c4:d1:da:b9:e2:c5:ef:c7:
         ba:39:40:d2:a7:37:1f:63:60:3b:72:fb:e2:37:62:18:70:08:
         1f:c1:3c:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUctGZeyCsV7iUeA5x5k9c6VzqpcswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MTcxODQzMTlaFw0yNjA3MTYxODQ4MTlaMDMxMTAvBgNV
BAMTKEM1OTRBRTg0MkNBMUY1NzI0ODA3OEQ5OTUxMjEzMkJCNTY2MzZFN0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVTwyn09/BEwmqaK+ZW7DUbJ2j
AQWvHlKenUceeVoBMVWgsjl+oDVh0XNPwL+KYGbySwiiTpkG8dQZv+ffYhaGssTj
NjA7GmURPIglEQDj1ttciz0X01Dqi5jwp5RpaU6LEa06Y0mxTzrG9oNmxN0QydNg
TU6j6B6EDPK0I+R1LxcnbdY7kIeRzsXposBQhbkKkfsSF1zpA1aBtWbp5qkTkojK
q6NEdyjuPsUwfLETEG8Refbf8V4YX/psIKPtIqjp9oMRWlfgAJdTMLRqT9BiU2ZN
H2p3yz1gfX6EWoKZK481SyOkhplD07Nyih5bGFGYJDQGBPKQia1ilBNAh5B5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxZSuhCyh9XJIB42ZUSEyu1ZjbnswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACyMA0GCSqGSIb3DQEBCwUAA4IBAQCYfstt6JiaxW++MPjhy/jxDsZIXnzaSsWJ
rD76ghtUbUWLuwS40R5H4a9+hPPVpMBYiA9fulUFk53ysfi1fpWZEQsSr+CSpfOd
f2t9y/gTFxOrws60WBLUP4CGh/rWhQ1KzmnnrU11F4kTb/yfveWYcuOMZ+P/qX78
5GfgoHWSDFqYj4Ypq01LI3zmtgAKy3eP82zOeo3zqUY6CvlVj0/VyG3wyWKGo53g
UKM21y9WUmrhb1MT23lCD8E1mFpSrWnl2HQheHXHk3uoP9pQbO0mDe2rK041Fgij
nK7UKu5XL1GlxNHaueLF78e6OUDSpzcfY2A7cvviN2IYcAgfwTxD
-----END CERTIFICATE-----