Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213356.roa
File:                     AS213356.roa (raw, json)
Hash identifier:          HMDuIDMGsYPxS/qnSVevg6D6pbu5VNWN4Z1DBtdkH84=
Subject key identifier:   60:70:4A:FC:29:06:EF:7B:51:58:28:72:4E:87:FE:92:56:43:5E:3D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       42663528F8A39BF850E92A23467928B6E846295F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213356.roa
Signing time:             Sat 13 Sep 2025 02:22:20 +0000
ROA not before:           Sat 13 Sep 2025 02:17:20 +0000
ROA not after:            Sat 12 Sep 2026 02:22:20 +0000
asID:                     213356
IP address blocks:        2a0f:85c1:cea::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 22:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:66:35:28:f8:a3:9b:f8:50:e9:2a:23:46:79:28:b6:e8:46:29:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 13 02:17:20 2025 GMT
            Not After : Sep 12 02:22:20 2026 GMT
        Subject: CN=60704AFC2906EF7B515828724E87FE9256435E3D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a0:73:83:a0:27:05:1e:70:50:29:3d:6d:a4:
                    ca:83:f6:a2:f9:a6:b5:ae:3c:0c:a7:b1:f5:99:66:
                    3e:50:47:c5:46:2e:88:97:57:a9:95:86:5c:19:28:
                    9c:3d:23:65:21:1c:ca:03:f2:f6:bc:0e:21:5d:b6:
                    f4:03:5d:ab:5b:58:e4:1b:fe:8a:9f:0c:d7:e0:ee:
                    09:e5:2b:8c:ab:a2:97:b5:c6:a2:db:27:47:0b:f7:
                    41:14:96:50:83:0e:21:d7:d1:52:d5:53:59:ec:0d:
                    78:fb:d0:f9:74:ee:84:05:f1:b0:e3:fa:48:18:5a:
                    ab:e7:40:ab:c5:f1:5b:4b:d9:9d:e7:ca:90:94:9f:
                    45:71:d8:c8:fb:99:52:58:0f:28:7d:d2:c8:a1:f7:
                    0f:7e:9a:0f:60:9c:60:67:3c:cc:e3:7c:55:5a:36:
                    3c:1d:78:29:13:1e:4a:e9:6f:bf:fa:57:f9:06:48:
                    6f:f2:9b:7e:18:b9:ee:87:74:1d:a7:ef:41:68:b4:
                    4f:15:21:80:33:25:ab:16:b5:45:d4:65:a0:ca:ed:
                    10:92:d7:a5:0b:0d:01:de:a5:da:a3:e9:1e:2e:34:
                    2a:41:a3:c8:44:7e:6d:b4:de:d4:79:60:af:6e:08:
                    ae:3a:44:44:27:4f:41:45:b8:c7:a6:2f:c7:96:e7:
                    62:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:70:4A:FC:29:06:EF:7B:51:58:28:72:4E:87:FE:92:56:43:5E:3D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cea::/48

    Signature Algorithm: sha256WithRSAEncryption
         dd:36:1b:a4:de:83:d1:21:94:a8:a0:6f:1c:30:fb:1f:80:40:
         31:c8:e1:e3:d3:13:62:05:f9:93:d4:80:e2:78:54:e3:17:b5:
         92:12:8b:59:99:1a:db:6c:7d:d3:6a:38:89:e4:6a:67:cd:cc:
         9b:8e:86:dd:ad:b6:b9:6f:a5:cb:05:52:0e:3d:9e:b1:99:a3:
         4e:30:28:c7:19:d6:45:05:5e:b8:5b:34:38:39:d8:15:d0:a3:
         50:50:eb:f6:22:79:f8:55:32:18:6f:23:c1:34:35:33:b0:60:
         58:ca:c3:9f:1c:ca:79:72:08:48:4e:27:61:be:91:6e:fc:ad:
         45:e5:3a:5a:67:06:b0:cd:c7:c8:7b:33:db:90:40:b3:da:1f:
         5f:82:34:2e:b0:92:76:88:ac:19:4d:e2:08:e8:20:74:e9:76:
         d6:c3:0a:b5:e7:98:14:37:b8:7b:69:fc:cd:8a:68:e8:a8:12:
         be:ea:4b:8b:cf:88:89:5e:b5:e6:b0:37:2b:d8:3e:e1:45:a5:
         91:8b:e7:30:43:08:db:25:b6:64:c4:03:3b:5d:d7:32:a7:5f:
         d5:92:27:ec:53:f4:f8:b5:25:ac:4e:5c:d3:c6:0a:e5:2e:99:
         5f:fe:56:34:f7:26:69:3a:1a:80:1d:f1:1b:16:a8:b7:76:fd:
         b0:c0:d5:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQmY1KPijm/hQ6SojRnkotuhGKV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTMwMjE3MjBaFw0yNjA5MTIwMjIyMjBaMDMxMTAvBgNV
BAMTKDYwNzA0QUZDMjkwNkVGN0I1MTU4Mjg3MjRFODdGRTkyNTY0MzVFM0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVoHODoCcFHnBQKT1tpMqD9qL5
prWuPAynsfWZZj5QR8VGLoiXV6mVhlwZKJw9I2UhHMoD8va8DiFdtvQDXatbWOQb
/oqfDNfg7gnlK4yrope1xqLbJ0cL90EUllCDDiHX0VLVU1nsDXj70Pl07oQF8bDj
+kgYWqvnQKvF8VtL2Z3nypCUn0Vx2Mj7mVJYDyh90sih9w9+mg9gnGBnPMzjfFVa
NjwdeCkTHkrpb7/6V/kGSG/ym34Yue6HdB2n70FotE8VIYAzJasWtUXUZaDK7RCS
16ULDQHepdqj6R4uNCpBo8hEfm203tR5YK9uCK46REQnT0FFuMemL8eW52KdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYHBK/CkG73tRWChyTof+klZDXj0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzMzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzqMA0GCSqGSIb3DQEBCwUAA4IBAQDdNhuk3oPRIZSooG8cMPsfgEAxyOHj0xNi
BfmT1IDieFTjF7WSEotZmRrbbH3TajiJ5Gpnzcybjobdrba5b6XLBVIOPZ6xmaNO
MCjHGdZFBV64WzQ4OdgV0KNQUOv2Inn4VTIYbyPBNDUzsGBYysOfHMp5cghITidh
vpFu/K1F5TpaZwawzcfIezPbkECz2h9fgjQusJJ2iKwZTeII6CB06XbWwwq155gU
N7h7afzNimjoqBK+6kuLz4iJXrXmsDcr2D7hRaWRi+cwQwjbJbZkxAM7Xdcyp1/V
kifsU/T4tSWsTlzTxgrlLplf/lY09yZpOhqAHfEbFqi3dv2wwNUp
-----END CERTIFICATE-----