Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
File:                     AS213908.roa (raw, json)
Hash identifier:          d2MCjFtsxB4czFAMRqI6KMKxRvIJQSTYxbGDefK3lZg=
Subject key identifier:   48:09:4C:5E:FC:3A:AF:D3:F9:10:69:21:28:5C:DE:D3:1B:E6:51:8F
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7E4E61059457320D5B6314713B7A68D7D07F67FA
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
Signing time:             Fri 18 Jul 2025 14:18:50 +0000
ROA not before:           Fri 18 Jul 2025 14:13:50 +0000
ROA not after:            Fri 17 Jul 2026 14:18:50 +0000
asID:                     213908
IP address blocks:        37.221.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 12:27:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:4e:61:05:94:57:32:0d:5b:63:14:71:3b:7a:68:d7:d0:7f:67:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jul 18 14:13:50 2025 GMT
            Not After : Jul 17 14:18:50 2026 GMT
        Subject: CN=48094C5EFC3AAFD3F9106921285CDED31BE6518F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d2:da:7d:a5:53:29:1f:26:dc:9b:2e:3b:f5:
                    b5:6f:d1:a2:f7:b9:6d:37:69:c2:1e:ce:3c:71:ba:
                    7f:52:4a:f8:eb:86:b6:6b:3e:0d:69:0e:15:70:2c:
                    48:7f:65:4a:00:3c:23:bb:78:87:57:6f:5c:00:af:
                    10:a8:82:12:11:fa:a9:67:d1:cd:19:ba:8a:00:31:
                    d2:f5:a7:ce:16:22:8f:26:f0:ec:e3:e9:71:15:96:
                    84:7e:3f:d0:e2:df:16:31:fc:c0:07:a1:b4:73:44:
                    45:53:49:1f:cc:43:45:9b:57:47:fd:b7:87:6a:7e:
                    47:f3:22:b7:1f:63:85:85:f8:76:3e:c7:12:50:4a:
                    a7:f2:9f:ea:91:f4:6a:71:03:c6:b7:c3:ca:44:31:
                    84:21:c5:a3:c6:a5:95:f1:f9:61:bb:b5:2f:4f:27:
                    26:62:ff:f8:be:32:c2:11:af:9f:00:71:f3:2d:bc:
                    31:90:23:f2:47:96:ef:0c:08:30:e7:d5:fd:01:fe:
                    fd:4d:75:84:99:4b:a7:de:77:af:0f:ba:2e:e9:e8:
                    79:00:84:f5:66:c9:4c:68:6d:3b:d7:3d:f2:73:29:
                    34:d6:a0:36:58:58:38:79:9a:89:c5:38:9e:d3:52:
                    9f:04:97:08:78:a7:48:46:58:ab:a0:9e:48:45:7d:
                    b8:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:09:4C:5E:FC:3A:AF:D3:F9:10:69:21:28:5C:DE:D3:1B:E6:51:8F
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:c8:26:3b:99:2f:26:d0:a7:8e:36:55:e2:7c:44:ad:c3:be:
         41:23:57:07:68:49:61:3f:44:77:f2:f9:b9:35:a1:2a:46:1f:
         14:0e:27:23:9e:5d:e0:fa:ee:71:7c:51:be:f2:58:11:40:19:
         18:68:f8:94:59:55:02:3f:37:23:50:e1:e6:21:b2:08:12:13:
         b9:b2:13:aa:99:cf:ae:40:00:aa:d5:5f:b4:0f:59:ef:9b:b9:
         98:10:a2:f4:b1:6c:83:aa:d8:10:f3:47:f3:93:44:52:d5:09:
         ba:fb:46:b9:5d:f3:6e:fe:b6:95:59:44:ec:df:3a:17:17:e0:
         7e:69:eb:06:1d:61:f9:ba:c0:9e:44:8b:0a:98:b8:a9:68:a2:
         47:9c:2c:fa:6c:97:8b:72:44:fe:1a:59:51:4e:1b:8f:72:e0:
         78:d6:b5:cb:3f:92:08:c5:5d:b3:c4:51:0a:ff:ff:29:e4:bc:
         90:25:eb:4c:12:10:12:f2:d0:e0:d9:4e:df:fc:93:6f:f5:66:
         b4:79:c3:ec:a4:80:5c:d5:72:16:30:e1:e8:58:85:d1:ca:cf:
         e0:90:10:a0:07:c5:43:36:33:c6:f0:99:0c:52:33:a4:b8:3b:
         64:f9:af:20:26:f6:ae:0b:03:e1:37:4a:44:20:dc:9e:bd:40:
         e6:45:ae:4c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfk5hBZRXMg1bYxRxO3po19B/Z/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA3MTgxNDEzNTBaFw0yNjA3MTcxNDE4NTBaMDMxMTAvBgNV
BAMTKDQ4MDk0QzVFRkMzQUFGRDNGOTEwNjkyMTI4NUNERUQzMUJFNjUxOEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN0tp9pVMpHybcmy479bVv0aL3
uW03acIezjxxun9SSvjrhrZrPg1pDhVwLEh/ZUoAPCO7eIdXb1wArxCoghIR+qln
0c0ZuooAMdL1p84WIo8m8Ozj6XEVloR+P9Di3xYx/MAHobRzREVTSR/MQ0WbV0f9
t4dqfkfzIrcfY4WF+HY+xxJQSqfyn+qR9GpxA8a3w8pEMYQhxaPGpZXx+WG7tS9P
JyZi//i+MsIRr58AcfMtvDGQI/JHlu8MCDDn1f0B/v1NdYSZS6fed68Pui7p6HkA
hPVmyUxobTvXPfJzKTTWoDZYWDh5monFOJ7TUp8Elwh4p0hGWKugnkhFfbgPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSAlMXvw6r9P5EGkhKFze0xvmUY8wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJd1O
MA0GCSqGSIb3DQEBCwUAA4IBAQARyCY7mS8m0KeONlXifEStw75BI1cHaElhP0R3
8vm5NaEqRh8UDicjnl3g+u5xfFG+8lgRQBkYaPiUWVUCPzcjUOHmIbIIEhO5shOq
mc+uQACq1V+0D1nvm7mYEKL0sWyDqtgQ80fzk0RS1Qm6+0a5XfNu/raVWUTs3zoX
F+B+aesGHWH5usCeRIsKmLipaKJHnCz6bJeLckT+GllRThuPcuB41rXLP5IIxV2z
xFEK//8p5LyQJetMEhAS8tDg2U7f/JNv9Wa0ecPspIBc1XIWMOHoWIXRys/gkBCg
B8VDNjPG8JkMUjOkuDtk+a8gJvauCwPhN0pEINyevUDmRa5M
-----END CERTIFICATE-----