Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47585.roa
File:                     AS47585.roa (raw, json)
Hash identifier:          Js4V/QwkjDtiefbvHEdK/JZN4QMIo9iH8ebtjH3WIyE=
Subject key identifier:   32:FF:A6:81:CC:4F:2E:6F:C9:F4:EB:62:39:3D:41:E0:DC:F5:73:68
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       76D916D935F3815CD497F8AE808258C8E5A082A8
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47585.roa
Signing time:             Tue 01 Jul 2025 17:56:12 +0000
ROA not before:           Tue 01 Jul 2025 17:51:12 +0000
ROA not after:            Tue 30 Jun 2026 17:56:12 +0000
asID:                     47585
IP address blocks:        2a13:9500:a2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:d9:16:d9:35:f3:81:5c:d4:97:f8:ae:80:82:58:c8:e5:a0:82:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  1 17:51:12 2025 GMT
            Not After : Jun 30 17:56:12 2026 GMT
        Subject: CN=32FFA681CC4F2E6FC9F4EB62393D41E0DCF57368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:39:0a:bc:4d:7e:8a:65:a2:8d:b1:6e:71:dc:
                    f9:15:70:47:6c:c0:57:3f:9a:85:b8:8c:bb:db:a1:
                    28:45:6e:00:a1:64:74:45:0a:97:90:c0:0c:d6:c6:
                    00:7a:00:94:88:23:f7:ce:60:ad:23:c0:13:3e:e0:
                    ca:ff:08:a1:4b:fa:d7:3b:26:e8:87:53:ee:b5:e5:
                    67:dc:7a:3a:d0:ac:cf:16:28:1a:2c:be:81:66:e1:
                    66:7b:2c:f1:6b:3b:d4:b2:16:3e:bb:22:bb:51:70:
                    4a:4e:65:e9:d0:ec:7a:b3:50:c2:62:66:08:29:72:
                    c1:3a:b8:8e:41:a4:69:cf:10:bb:3c:6d:4c:52:83:
                    28:9b:be:61:90:9d:1a:64:e2:7b:eb:be:98:cb:38:
                    ab:02:1b:47:b6:85:b4:9c:71:50:16:45:ab:50:a7:
                    dc:5d:3f:31:22:01:f7:5f:49:dd:91:82:ec:72:74:
                    90:88:c6:34:10:a2:e6:7f:91:1a:94:5d:14:9a:2a:
                    74:5a:62:97:d6:81:c6:cd:ad:ce:02:49:11:46:fe:
                    f7:b5:b1:24:58:b1:04:41:36:90:b0:c2:80:72:9d:
                    17:27:70:4d:df:de:b7:6d:81:23:32:32:8c:53:e1:
                    1f:bd:7a:83:cd:d4:50:1d:97:e2:88:83:a2:84:d1:
                    e8:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:FF:A6:81:CC:4F:2E:6F:C9:F4:EB:62:39:3D:41:E0:DC:F5:73:68
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47585.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a2::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:b1:6f:e1:80:90:52:3a:90:1d:63:3d:4d:3b:50:76:47:bd:
         0b:db:1b:15:30:41:d5:47:52:3c:83:31:b7:5d:8c:b8:21:80:
         6f:92:27:9e:8b:6c:b2:4d:25:03:83:da:02:e9:d7:53:25:c0:
         09:36:43:77:bf:24:d0:66:df:c5:75:bf:89:c5:4c:57:1c:15:
         fa:23:ee:20:2a:f8:72:11:2a:f1:37:b8:1f:cd:db:ed:2f:ae:
         a7:31:aa:23:5e:69:ab:c4:62:1e:46:18:15:79:79:1f:6f:c8:
         34:8d:17:03:1a:65:84:cf:42:72:c2:b3:e1:e5:12:5b:98:e8:
         e8:32:bc:9d:fd:9a:e0:dd:2b:b1:9e:e6:13:90:d4:7e:8e:e6:
         03:fc:58:1a:93:5e:79:5f:4a:5a:a6:aa:b3:e7:e3:a8:75:6b:
         dd:84:0b:78:33:75:6b:29:06:00:aa:4c:c8:91:f2:88:39:03:
         79:3b:96:f0:4e:dc:dc:b3:c1:c1:83:f0:d8:f3:d3:01:e7:9a:
         5f:c1:7c:fb:74:25:c7:99:68:43:37:02:88:c5:ec:57:20:f3:
         e9:bb:61:b6:41:70:0a:67:f2:0e:aa:3e:c0:b8:04:a5:d2:f9:
         38:ea:34:2d:fc:f3:d4:42:58:3f:8f:fc:3c:36:3f:11:ac:b6:
         70:5e:20:45
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUdtkW2TXzgVzUl/iugIJYyOWggqgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDExNzUxMTJaFw0yNjA2MzAxNzU2MTJaMDMxMTAvBgNV
BAMTKDMyRkZBNjgxQ0M0RjJFNkZDOUY0RUI2MjM5M0Q0MUUwRENGNTczNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDsOQq8TX6KZaKNsW5x3PkVcEds
wFc/moW4jLvboShFbgChZHRFCpeQwAzWxgB6AJSII/fOYK0jwBM+4Mr/CKFL+tc7
JuiHU+615WfcejrQrM8WKBosvoFm4WZ7LPFrO9SyFj67IrtRcEpOZenQ7HqzUMJi
ZggpcsE6uI5BpGnPELs8bUxSgyibvmGQnRpk4nvrvpjLOKsCG0e2hbSccVAWRatQ
p9xdPzEiAfdfSd2RguxydJCIxjQQouZ/kRqUXRSaKnRaYpfWgcbNrc4CSRFG/ve1
sSRYsQRBNpCwwoBynRcncE3f3rdtgSMyMoxT4R+9eoPN1FAdl+KIg6KE0egNAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUMv+mgcxPLm/J9OtiOT1B4Nz1c2gwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDc1ODUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AKIwDQYJKoZIhvcNAQELBQADggEBABixb+GAkFI6kB1jPU07UHZHvQvbGxUwQdVH
UjyDMbddjLghgG+SJ56LbLJNJQOD2gLp11MlwAk2Q3e/JNBm38V1v4nFTFccFfoj
7iAq+HIRKvE3uB/N2+0vrqcxqiNeaavEYh5GGBV5eR9vyDSNFwMaZYTPQnLCs+Hl
EluY6OgyvJ39muDdK7Ge5hOQ1H6O5gP8WBqTXnlfSlqmqrPn46h1a92EC3gzdWsp
BgCqTMiR8og5A3k7lvBO3NyzwcGD8Njz0wHnml/BfPt0JceZaEM3AojF7Fcg8+m7
YbZBcApn8g6qPsC4BKXS+TjqNC3889RCWD+P/Dw2PxGstnBeIEU=
-----END CERTIFICATE-----