Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213918.roa
File:                     AS213918.roa (raw, json)
Hash identifier:          QRA2sQP2DtsePqKWvm9shOA0z6M7dTDh7Bje49moikw=
Subject key identifier:   8F:CC:6C:4F:06:C4:D7:DF:24:C5:60:EE:F5:E3:A0:91:E2:8D:04:46
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5C115BF37D319BA0CBEB0AE5EF6F30F6062F71CA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213918.roa
Signing time:             Wed 27 Aug 2025 22:22:29 +0000
ROA not before:           Wed 27 Aug 2025 22:17:29 +0000
ROA not after:            Wed 26 Aug 2026 22:22:29 +0000
asID:                     213918
IP address blocks:        167.148.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:11:5b:f3:7d:31:9b:a0:cb:eb:0a:e5:ef:6f:30:f6:06:2f:71:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 27 22:17:29 2025 GMT
            Not After : Aug 26 22:22:29 2026 GMT
        Subject: CN=8FCC6C4F06C4D7DF24C560EEF5E3A091E28D0446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:33:60:8e:ce:6f:2d:26:07:f8:1c:76:c7:a3:
                    f8:98:df:49:97:07:de:88:1f:a8:aa:1f:30:6d:f6:
                    63:9a:9b:f4:31:72:ca:03:61:b1:b9:23:96:53:23:
                    64:cf:ea:09:39:fd:26:5a:02:cc:6a:eb:cc:5d:50:
                    51:8a:d7:66:ed:64:13:14:60:ed:4f:de:17:b4:de:
                    b7:a1:7f:83:73:cb:83:f9:03:65:5c:68:2d:1c:98:
                    4f:50:45:4a:ca:b0:fb:fc:4e:02:e9:e7:3f:53:e5:
                    ef:a6:4d:2f:28:ee:28:4a:a7:9c:75:b3:21:6e:7b:
                    4c:55:fd:60:dd:e2:76:8a:ac:f3:28:70:12:31:a8:
                    88:6d:02:3d:ab:69:74:de:fa:01:79:8e:ac:4c:3f:
                    0f:9c:15:cc:05:46:7f:60:91:46:8c:2c:f0:6e:5f:
                    00:47:db:b8:7c:5e:81:45:21:24:0a:2b:1e:93:38:
                    74:50:18:49:9d:e8:9e:5c:1b:f9:fc:61:17:2e:a7:
                    ee:b7:96:96:af:f3:d0:99:72:4f:28:af:2b:76:7c:
                    49:9a:22:21:0d:53:27:94:7e:d5:28:1d:33:74:41:
                    de:29:50:10:6e:8f:d3:4c:47:d8:a6:0e:d3:c4:d3:
                    a2:e3:e6:49:9a:c4:63:41:3a:ad:41:23:fd:7e:7e:
                    a3:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CC:6C:4F:06:C4:D7:DF:24:C5:60:EE:F5:E3:A0:91:E2:8D:04:46
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS213918.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:4c:15:75:f0:3e:2f:e5:9b:ae:28:7a:12:12:31:c5:08:c7:
         2d:d1:f2:77:ee:93:76:f2:c5:03:67:b8:70:4a:03:fc:26:17:
         26:8f:8d:1e:09:81:1a:d0:8d:da:ef:ec:8b:c8:1b:a7:3e:99:
         46:98:92:e4:59:bb:aa:f6:ac:19:a5:fa:3e:a6:e8:32:bc:39:
         00:4b:e6:84:b6:b5:8b:75:92:10:b3:63:a4:ab:12:44:9d:6b:
         b1:6d:f0:0a:dc:72:b5:ce:4b:e2:2a:8a:1e:31:5a:8e:e2:2e:
         26:b6:88:34:6a:22:92:c7:3d:4e:9f:39:1e:56:ef:0d:7b:ca:
         b6:23:c5:d4:ec:01:9e:fe:3a:12:eb:da:47:9c:da:26:b3:b9:
         f1:e0:5b:09:06:9f:59:14:71:da:4e:5b:16:ef:97:6b:89:98:
         f9:01:c5:95:b7:c9:e1:33:19:62:ef:74:82:e0:31:bb:95:d8:
         ab:79:71:9d:f8:89:ed:56:be:51:8d:f2:39:f7:b2:86:97:27:
         af:0a:15:f0:fc:02:a2:f1:fd:6b:0b:d1:96:1e:eb:82:f1:a0:
         a5:ca:c5:51:6f:ca:0c:98:38:db:f7:ed:9b:35:1f:5b:f9:1b:
         1c:83:5b:b9:ef:ef:73:3c:8d:bf:fa:d8:ec:d5:9a:d0:f8:90:
         5d:66:95:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXBFb830xm6DL6wrl728w9gYvccowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjcyMjE3MjlaFw0yNjA4MjYyMjIyMjlaMDMxMTAvBgNV
BAMTKDhGQ0M2QzRGMDZDNEQ3REYyNEM1NjBFRUY1RTNBMDkxRTI4RDA0NDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeM2COzm8tJgf4HHbHo/iY30mX
B96IH6iqHzBt9mOam/QxcsoDYbG5I5ZTI2TP6gk5/SZaAsxq68xdUFGK12btZBMU
YO1P3he03rehf4Nzy4P5A2VcaC0cmE9QRUrKsPv8TgLp5z9T5e+mTS8o7ihKp5x1
syFue0xV/WDd4naKrPMocBIxqIhtAj2raXTe+gF5jqxMPw+cFcwFRn9gkUaMLPBu
XwBH27h8XoFFISQKKx6TOHRQGEmd6J5cG/n8YRcup+63lpav89CZck8oryt2fEma
IiENUyeUftUoHTN0Qd4pUBBuj9NMR9imDtPE06Lj5kmaxGNBOq1BI/1+fqPZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUj8xsTwbE198kxWDu9eOgkeKNBEYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEzOTE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5RE
MA0GCSqGSIb3DQEBCwUAA4IBAQCCTBV18D4v5ZuuKHoSEjHFCMct0fJ37pN28sUD
Z7hwSgP8Jhcmj40eCYEa0I3a7+yLyBunPplGmJLkWbuq9qwZpfo+pugyvDkAS+aE
trWLdZIQs2OkqxJEnWuxbfAK3HK1zkviKooeMVqO4i4mtog0aiKSxz1OnzkeVu8N
e8q2I8XU7AGe/joS69pHnNoms7nx4FsJBp9ZFHHaTlsW75driZj5AcWVt8nhMxli
73SC4DG7ldireXGd+IntVr5RjfI597KGlyevChXw/AKi8f1rC9GWHuuC8aClysVR
b8oMmDjb9+2bNR9b+Rscg1u57+9zPI2/+tjs1ZrQ+JBdZpWz
-----END CERTIFICATE-----