Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS272045.roa
File:                     AS272045.roa (raw, json)
Hash identifier:          dr4LRJDguuY3o/1o7gzJwfIrIklJ1aSxeD/KFSwTxHs=
Subject key identifier:   97:2A:7F:08:0F:85:7A:C3:8D:70:B6:F1:59:D0:90:69:38:44:C6:A1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       77A683FEDFACA8B2CF7582C6A9AD3A5D78AD2886
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS272045.roa
Signing time:             Sat 05 Jul 2025 06:56:36 +0000
ROA not before:           Sat 05 Jul 2025 06:51:36 +0000
ROA not after:            Sat 04 Jul 2026 06:56:36 +0000
asID:                     272045
IP address blocks:        2a13:9500:a5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:a6:83:fe:df:ac:a8:b2:cf:75:82:c6:a9:ad:3a:5d:78:ad:28:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  5 06:51:36 2025 GMT
            Not After : Jul  4 06:56:36 2026 GMT
        Subject: CN=972A7F080F857AC38D70B6F159D090693844C6A1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:10:ba:11:8a:fb:11:e5:09:6d:0d:3a:5b:d1:
                    67:f6:39:b2:6d:17:24:0d:75:c6:83:e7:62:70:59:
                    f7:28:7a:33:bf:e2:34:11:3c:d4:56:fd:bc:ae:3a:
                    13:d9:a9:9d:8f:42:1b:62:13:65:82:80:52:f7:53:
                    70:ed:1f:ae:50:a3:2b:c5:1a:79:38:54:0f:e6:85:
                    b9:28:e7:3e:dc:66:3d:3c:bc:55:76:ee:1b:ce:e3:
                    14:c6:64:15:6b:9f:7c:65:9f:11:7a:33:f4:df:8d:
                    1a:fd:d3:d2:6b:10:38:81:13:39:b0:e5:ca:ff:18:
                    5f:73:a2:63:45:19:63:b5:bf:d6:42:5e:04:8c:16:
                    62:0b:54:79:8f:2b:1e:06:41:cd:a1:a9:93:c6:32:
                    fc:73:69:ee:8a:86:89:8e:0b:6f:12:31:b2:c4:42:
                    a2:22:d9:4b:4b:7d:6f:3f:09:82:89:f0:80:28:ec:
                    64:05:ec:07:4e:71:30:93:28:30:d9:a2:9c:2d:c4:
                    a6:e3:11:55:0e:60:7d:23:dd:96:33:74:f7:3f:a4:
                    ef:b9:5a:f1:93:05:99:2d:05:39:84:c6:c6:8d:fb:
                    87:7e:aa:60:15:93:5b:59:64:8d:8f:5b:2c:b0:34:
                    f7:f5:82:ff:d1:90:30:a8:84:40:22:6e:90:20:44:
                    74:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:2A:7F:08:0F:85:7A:C3:8D:70:B6:F1:59:D0:90:69:38:44:C6:A1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS272045.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a5::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:3d:a9:7c:04:78:e2:f4:31:8e:ed:2f:f6:a3:52:df:a5:e2:
         61:67:1c:ab:45:99:8a:2a:fc:77:75:39:a0:60:bb:85:89:8f:
         01:7e:8f:72:91:04:a9:cc:88:ac:d0:3a:92:31:a6:33:cc:b9:
         24:77:a5:0f:83:32:a3:a4:2e:00:ec:6a:d3:cb:0a:47:74:d3:
         5f:30:95:b7:23:e6:95:05:2e:7d:31:19:37:e3:7c:7f:94:85:
         84:ad:38:a2:d1:e9:0a:fe:96:d9:80:92:2f:41:98:d3:ae:ee:
         03:04:95:d0:d2:77:aa:73:d1:ed:fe:a3:38:c1:1d:4d:24:3f:
         54:da:b4:54:66:b0:a6:f3:10:25:a2:37:26:a1:38:9c:66:28:
         06:34:0e:49:0d:af:d7:b0:91:96:9a:5c:d3:be:25:b6:5e:7b:
         65:54:a9:b0:62:8c:a7:7d:45:3f:c9:21:69:d0:3a:c6:63:f4:
         56:78:b2:73:96:08:0e:f5:5f:cf:09:6f:1c:50:1e:e9:65:6f:
         f6:2a:2e:d4:50:a3:d2:44:ce:50:30:67:6e:9b:c7:63:af:f1:
         77:9d:b4:fd:33:a3:cb:ed:29:85:08:31:70:11:d0:ff:7a:08:
         ee:62:78:b3:15:e9:d3:e0:14:dc:1c:57:9c:4d:0a:4f:56:ff:
         04:4e:c4:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUd6aD/t+sqLLPdYLGqa06XXitKIYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDUwNjUxMzZaFw0yNjA3MDQwNjU2MzZaMDMxMTAvBgNV
BAMTKDk3MkE3RjA4MEY4NTdBQzM4RDcwQjZGMTU5RDA5MDY5Mzg0NEM2QTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvELoRivsR5QltDTpb0Wf2ObJt
FyQNdcaD52JwWfcoejO/4jQRPNRW/byuOhPZqZ2PQhtiE2WCgFL3U3DtH65QoyvF
Gnk4VA/mhbko5z7cZj08vFV27hvO4xTGZBVrn3xlnxF6M/TfjRr909JrEDiBEzmw
5cr/GF9zomNFGWO1v9ZCXgSMFmILVHmPKx4GQc2hqZPGMvxzae6KhomOC28SMbLE
QqIi2UtLfW8/CYKJ8IAo7GQF7AdOcTCTKDDZopwtxKbjEVUOYH0j3ZYzdPc/pO+5
WvGTBZktBTmExsaN+4d+qmAVk1tZZI2PWyywNPf1gv/RkDCohEAibpAgRHTPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUlyp/CA+FesONcLbxWdCQaThExqEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjcyMDQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAClMA0GCSqGSIb3DQEBCwUAA4IBAQCLPal8BHji9DGO7S/2o1LfpeJhZxyrRZmK
Kvx3dTmgYLuFiY8Bfo9ykQSpzIis0DqSMaYzzLkkd6UPgzKjpC4A7GrTywpHdNNf
MJW3I+aVBS59MRk343x/lIWErTii0ekK/pbZgJIvQZjTru4DBJXQ0neqc9Ht/qM4
wR1NJD9U2rRUZrCm8xAlojcmoTicZigGNA5JDa/XsJGWmlzTviW2XntlVKmwYoyn
fUU/ySFp0DrGY/RWeLJzlggO9V/PCW8cUB7pZW/2Ki7UUKPSRM5QMGdum8djr/F3
nbT9M6PL7SmFCDFwEdD/egjuYnizFenT4BTcHFecTQpPVv8ETsQr
-----END CERTIFICATE-----