Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13213.roa
File:                     AS13213.roa (raw, json)
Hash identifier:          tXt1vdA5iqUMFctbqzYQY7qviih/uibBPdoLLUskVrA=
Subject key identifier:   2B:C9:73:09:62:EC:F7:0F:43:FC:C3:36:CE:ED:DD:1C:63:C7:2D:F0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7A6F926633FCB8537543FE5439BA9619297B6513
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13213.roa
Signing time:             Sat 16 May 2026 11:33:48 +0000
ROA not before:           Sat 16 May 2026 11:28:48 +0000
ROA not after:            Sat 15 May 2027 11:33:48 +0000
asID:                     13213
IP address blocks:        2a13:9500:25::/48 maxlen: 48
                          2a13:9500:26::/48 maxlen: 48
                          2a13:9500:27::/48 maxlen: 48
                          2a13:9500:28::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:6f:92:66:33:fc:b8:53:75:43:fe:54:39:ba:96:19:29:7b:65:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 11:28:48 2026 GMT
            Not After : May 15 11:33:48 2027 GMT
        Subject: CN=2BC9730962ECF70F43FCC336CEEDDD1C63C72DF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f1:8a:1e:75:43:c4:10:f5:e2:d5:32:76:e4:
                    6e:c5:5b:d2:6c:ba:53:62:cc:8a:81:f1:63:cf:8c:
                    6c:34:bc:2d:42:c5:98:31:b4:a6:5d:38:97:b2:a9:
                    13:a2:70:9a:ff:21:40:a7:e4:94:23:3a:45:9b:c8:
                    01:03:47:78:54:57:28:00:b6:b3:9f:59:06:bd:4d:
                    6e:73:68:2d:47:a9:ff:89:ca:48:a5:28:b7:3c:a9:
                    e1:56:a7:46:c3:be:b0:eb:95:91:7c:99:1e:07:fd:
                    88:a1:95:8e:59:58:24:5f:7c:fc:a5:ce:34:48:d9:
                    16:78:1f:50:d8:ac:b4:54:5f:a5:b7:1c:36:42:a3:
                    08:7d:ce:0b:ee:c5:b7:32:11:ae:31:a1:32:08:9c:
                    27:fe:9b:86:be:26:fd:46:ff:25:e2:5c:c8:66:79:
                    69:f6:20:1d:18:c6:58:07:3a:5c:cf:13:13:5f:b0:
                    a7:ab:fd:f5:21:2f:2e:ee:0d:6e:15:1e:7f:85:6e:
                    9d:85:be:61:13:56:ff:91:27:59:e0:ed:7e:f5:cf:
                    ed:1d:47:a1:56:1c:a7:3a:b0:55:f7:2f:df:2e:07:
                    8a:9a:62:8a:54:b0:95:5b:81:d6:66:64:57:9d:d3:
                    ef:69:fe:fd:48:08:27:7d:5d:c4:ba:69:c6:9b:34:
                    60:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C9:73:09:62:EC:F7:0F:43:FC:C3:36:CE:ED:DD:1C:63:C7:2D:F0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS13213.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:25::-2a13:9500:28:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         8c:bf:6b:cc:3a:75:bc:3e:23:7d:30:ff:a6:2b:0c:9e:55:27:
         86:50:e2:cc:98:f4:fc:de:d0:e1:7a:cb:1f:79:ef:90:09:e2:
         c8:94:d8:09:2e:4d:22:92:58:3a:9b:4b:f8:17:09:6e:8f:fd:
         53:ea:e4:b3:e3:98:5e:f2:a2:58:80:67:50:77:49:9c:2a:55:
         ea:01:2a:fb:3e:88:0b:86:8d:60:54:af:24:51:d0:5c:b2:ca:
         da:1e:27:c3:6a:9e:09:b8:de:0f:09:08:1b:40:63:d4:6d:ed:
         f6:19:bc:ff:bd:b6:44:77:be:c8:a9:98:df:1a:df:7a:18:4b:
         d8:d6:57:8d:ce:77:1b:bc:3b:e1:94:16:4f:f1:f1:de:89:54:
         99:cb:ce:1f:95:f1:5b:c2:82:db:b2:0d:c2:b2:1a:76:e0:f2:
         01:64:ca:1c:fb:a7:ee:ce:95:16:99:88:fc:7b:08:f3:54:df:
         c4:ef:50:62:2b:2e:46:b2:d8:2e:b0:63:f4:3c:a4:0c:cb:dc:
         94:96:8e:75:94:05:96:c5:dd:81:a8:82:7e:ab:bc:4b:75:c6:
         5b:42:66:2e:0b:6a:d9:05:bd:a3:1b:9a:8c:5f:ca:78:ec:df:
         8e:f8:2a:7c:40:3c:04:9f:14:c7:9c:29:38:59:a5:f0:b2:2f:
         7f:6a:f5:fd
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIUem+SZjP8uFN1Q/5UObqWGSl7ZRMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTYxMTI4NDhaFw0yNzA1MTUxMTMzNDhaMDMxMTAvBgNV
BAMTKDJCQzk3MzA5NjJFQ0Y3MEY0M0ZDQzMzNkNFRURERDFDNjNDNzJERjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc8YoedUPEEPXi1TJ25G7FW9Js
ulNizIqB8WPPjGw0vC1CxZgxtKZdOJeyqROicJr/IUCn5JQjOkWbyAEDR3hUVygA
trOfWQa9TW5zaC1Hqf+JykilKLc8qeFWp0bDvrDrlZF8mR4H/YihlY5ZWCRffPyl
zjRI2RZ4H1DYrLRUX6W3HDZCowh9zgvuxbcyEa4xoTIInCf+m4a+Jv1G/yXiXMhm
eWn2IB0YxlgHOlzPExNfsKer/fUhLy7uDW4VHn+Fbp2FvmETVv+RJ1ng7X71z+0d
R6FWHKc6sFX3L98uB4qaYopUsJVbgdZmZFed0+9p/v1ICCd9XcS6acabNGAVAgMB
AAGjggIXMIICEzAdBgNVHQ4EFgQUK8lzCWLs9w9D/MM2zu3dHGPHLfAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTMyMTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgACMBQwEgMHACoT
lQAAJQMHACoTlQAAKDANBgkqhkiG9w0BAQsFAAOCAQEAjL9rzDp1vD4jfTD/pisM
nlUnhlDizJj0/N7Q4XrLH3nvkAniyJTYCS5NIpJYOptL+BcJbo/9U+rks+OYXvKi
WIBnUHdJnCpV6gEq+z6IC4aNYFSvJFHQXLLK2h4nw2qeCbjeDwkIG0Bj1G3t9hm8
/722RHe+yKmY3xrfehhL2NZXjc53G7w74ZQWT/Hx3olUmcvOH5XxW8KC27INwrIa
duDyAWTKHPun7s6VFpmI/HsI81TfxO9QYisuRrLYLrBj9DykDMvclJaOdZQFlsXd
gaiCfqu8S3XGW0JmLgtq2QW9oxuajF/KeOzfjvgqfEA8BJ8Ux5wpOFml8LIvf2r1
/Q==
-----END CERTIFICATE-----