Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213734.roa
File:                     AS213734.roa (raw, json)
Hash identifier:          gPFiSuoAQ5Nej5LjOoHqKzULKOY0qU6btqlEpyBZdO8=
Subject key identifier:   CE:23:D9:7D:9F:72:73:23:A1:CB:4A:F0:C6:B2:C3:21:16:E0:AF:F8
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       29CCE5031C167319B63A61999622E220D3B51C91
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213734.roa
Signing time:             Thu 12 Mar 2026 07:47:27 +0000
ROA not before:           Thu 12 Mar 2026 07:42:27 +0000
ROA not after:            Thu 11 Mar 2027 07:47:27 +0000
asID:                     213734
IP address blocks:        2a09:4b40::/29 maxlen: 48
                          2a0b:3700::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Mar 2026 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:cc:e5:03:1c:16:73:19:b6:3a:61:99:96:22:e2:20:d3:b5:1c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 12 07:42:27 2026 GMT
            Not After : Mar 11 07:47:27 2027 GMT
        Subject: CN=CE23D97D9F727323A1CB4AF0C6B2C32116E0AFF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:36:5b:6a:f0:7f:7f:61:3c:c2:45:18:c8:c4:
                    13:35:53:eb:de:61:14:18:20:9b:37:dd:fa:e7:e7:
                    80:36:bc:47:ee:44:d2:07:a8:e8:9d:f3:4a:be:70:
                    58:5c:40:fd:73:f2:e9:f3:ac:f0:8b:88:1d:38:b7:
                    01:67:22:e9:9b:80:cf:56:91:2d:43:e5:28:b8:87:
                    93:6d:c1:a6:ad:13:75:39:25:59:03:18:ab:c8:c7:
                    5d:cd:7e:87:1a:c8:5a:81:af:86:45:18:3c:f2:b8:
                    32:8f:db:ea:d5:b6:19:64:df:f1:af:1b:45:5a:7b:
                    e8:13:e7:c0:78:ee:1c:53:d4:8e:c5:71:0c:0f:91:
                    ea:04:49:d6:ca:49:46:8b:6d:45:5f:db:ef:cc:24:
                    70:69:52:ef:cc:e1:38:5b:f6:d6:03:5c:ce:e8:52:
                    15:22:46:2e:6a:ab:7c:35:a5:06:11:10:03:8a:43:
                    a7:5e:d3:8e:3d:b0:a7:8f:9a:3f:ff:cb:43:3b:94:
                    06:77:83:4c:be:10:15:3a:43:a6:2b:7a:e4:25:3b:
                    e6:b7:bd:ad:df:99:d8:c2:78:43:b0:87:fa:1f:ef:
                    3d:41:15:96:41:1e:28:28:a7:87:61:15:36:d8:ec:
                    5c:3f:ae:38:a2:bb:57:55:8e:e4:7e:5b:40:75:18:
                    2b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:23:D9:7D:9F:72:73:23:A1:CB:4A:F0:C6:B2:C3:21:16:E0:AF:F8
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213734.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:4b40::/29
                  2a0b:3700::/29

    Signature Algorithm: sha256WithRSAEncryption
         00:f8:5f:02:ae:2a:14:00:e1:3e:ef:7b:cd:bb:7d:2e:65:1e:
         af:20:89:79:25:3c:a2:1f:02:ea:05:29:ae:7f:a9:18:2d:f9:
         25:0a:d1:b7:0d:20:ef:b9:20:03:fa:0e:a2:68:aa:dc:89:88:
         2f:a5:cc:b0:02:6c:91:be:5e:98:21:17:d8:c1:93:da:12:b2:
         0e:ca:e7:cd:b0:c4:97:cf:9d:1d:42:07:9f:04:86:ed:87:03:
         c6:e2:0b:02:2a:dd:8d:9c:26:cd:4e:d6:d3:02:91:3e:31:18:
         80:5b:98:83:6b:86:6b:af:4e:40:06:c0:02:d4:28:54:5e:9a:
         53:6a:93:fb:d4:33:6f:12:81:0d:a0:2f:31:9f:9d:3f:cd:be:
         b7:bd:54:f2:d8:52:75:f3:4c:0a:17:be:6e:96:c9:c8:0e:8b:
         85:34:32:52:77:f5:8b:06:57:01:a6:2d:13:e7:af:86:d8:64:
         8f:66:08:ba:e4:a2:e0:9d:e4:09:28:a2:d1:eb:4d:be:00:74:
         d0:f6:25:10:63:b3:ef:a8:4b:fc:77:75:7e:9f:0c:56:36:63:
         2d:c7:0a:bd:18:57:22:dc:ab:cf:fd:ca:87:00:2f:f6:35:d5:
         66:b8:55:57:93:98:39:5f:e6:61:d3:85:92:4c:30:9a:ae:bf:
         ae:ed:9e:76
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUKczlAxwWcxm2OmGZliLiINO1HJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTIwNzQyMjdaFw0yNzAzMTEwNzQ3MjdaMDMxMTAvBgNV
BAMTKENFMjNEOTdEOUY3MjczMjNBMUNCNEFGMEM2QjJDMzIxMTZFMEFGRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNltq8H9/YTzCRRjIxBM1U+ve
YRQYIJs33frn54A2vEfuRNIHqOid80q+cFhcQP1z8unzrPCLiB04twFnIumbgM9W
kS1D5Si4h5NtwaatE3U5JVkDGKvIx13NfocayFqBr4ZFGDzyuDKP2+rVthlk3/Gv
G0Vae+gT58B47hxT1I7FcQwPkeoESdbKSUaLbUVf2+/MJHBpUu/M4Thb9tYDXM7o
UhUiRi5qq3w1pQYREAOKQ6de0449sKePmj//y0M7lAZ3g0y+EBU6Q6YreuQlO+a3
va3fmdjCeEOwh/of7z1BFZZBHigop4dhFTbY7Fw/rjiiu1dVjuR+W0B1GCtnAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUziPZfZ9ycyOhy0rwxrLDIRbgr/gwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzNzM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKglL
QAMFAyoLNwAwDQYJKoZIhvcNAQELBQADggEBAAD4XwKuKhQA4T7ve827fS5lHq8g
iXklPKIfAuoFKa5/qRgt+SUK0bcNIO+5IAP6DqJoqtyJiC+lzLACbJG+XpghF9jB
k9oSsg7K582wxJfPnR1CB58Ehu2HA8biCwIq3Y2cJs1O1tMCkT4xGIBbmINrhmuv
TkAGwALUKFRemlNqk/vUM28SgQ2gLzGfnT/Nvre9VPLYUnXzTAoXvm6WycgOi4U0
MlJ39YsGVwGmLRPnr4bYZI9mCLrkouCd5AkootHrTb4AdND2JRBjs++oS/x3dX6f
DFY2Yy3HCr0YVyLcq8/9yocAL/Y11Wa4VVeTmDlf5mHThZJMMJquv67tnnY=
-----END CERTIFICATE-----