Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135542.roa
File:                     AS135542.roa (raw, json)
Hash identifier:          slMM1MPdkVNbzQijcLXYY42M0UfX+ncEFrQzj1GuG6k=
Subject key identifier:   56:7F:7F:60:86:49:98:19:6D:AD:C8:B1:05:C0:21:A2:14:B6:C5:CE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       513A18B7F9BA83F9AB1911447BAC8202381F94B9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135542.roa
Signing time:             Fri 10 Oct 2025 06:32:17 +0000
ROA not before:           Fri 10 Oct 2025 06:27:17 +0000
ROA not after:            Fri 09 Oct 2026 06:32:17 +0000
asID:                     135542
IP address blocks:        2a13:9500:ee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:3a:18:b7:f9:ba:83:f9:ab:19:11:44:7b:ac:82:02:38:1f:94:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 10 06:27:17 2025 GMT
            Not After : Oct  9 06:32:17 2026 GMT
        Subject: CN=567F7F60864998196DADC8B105C021A214B6C5CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ad:db:47:a0:52:c5:f5:a9:2f:1c:e6:f7:ff:
                    65:ad:2e:2d:f9:fd:02:c1:3b:45:a9:19:d2:c2:ec:
                    f3:cb:47:cc:81:49:19:d6:cb:dd:dc:8f:58:26:ad:
                    8f:03:2b:2c:dc:1e:de:a7:40:d4:e0:f6:75:20:61:
                    49:9d:f0:2c:53:15:98:9d:94:ea:e5:1c:a3:5e:eb:
                    2b:8a:93:fb:ad:91:32:49:58:9a:52:6e:dd:86:93:
                    51:cc:31:9b:10:5e:9b:40:19:d1:56:e1:65:cb:72:
                    23:02:dd:ce:d8:ce:3f:e9:93:82:1f:3f:3f:d2:de:
                    fe:0e:b3:95:e0:5d:dc:5d:5f:67:cf:84:68:3d:c2:
                    c3:53:dc:47:3d:5d:16:a3:01:04:1b:f1:4b:ff:1d:
                    9f:b4:24:d6:de:43:08:33:a0:74:48:83:ed:00:73:
                    ef:3e:58:02:9a:1d:f5:26:86:93:22:0f:db:4d:57:
                    0d:0e:aa:16:b2:d1:28:89:c8:a5:4c:3e:2b:d4:41:
                    1c:e1:03:16:37:7c:12:87:75:69:8f:30:88:b2:cf:
                    ad:28:48:7b:b7:a2:b9:66:71:ed:d9:11:00:ab:4d:
                    43:51:af:d9:da:68:e5:25:6b:95:0a:49:32:3a:8a:
                    57:85:1b:63:c2:5d:e7:10:46:12:8f:70:43:a5:3a:
                    17:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:7F:7F:60:86:49:98:19:6D:AD:C8:B1:05:C0:21:A2:14:B6:C5:CE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135542.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         37:03:f4:9e:16:7a:09:ea:13:50:d0:6d:b5:24:b1:06:ba:fe:
         96:da:02:36:13:e2:3e:5f:ee:e3:04:1c:9d:a7:f3:51:96:33:
         e2:45:d7:fc:f3:2c:e3:32:44:37:27:4a:c8:a1:7a:11:e5:4a:
         33:f3:cf:49:9f:e5:66:9a:b1:43:10:2f:69:3e:20:78:7d:55:
         b5:ec:00:d4:57:70:45:b8:bf:cf:ed:03:77:b1:23:e0:01:d1:
         1c:cd:29:03:84:4c:e0:75:4c:ea:f3:a0:6b:b3:ad:63:3b:9c:
         0b:de:e0:c9:15:9c:9c:c2:d5:cb:68:00:98:ee:b6:ff:2f:a7:
         d2:75:26:36:5f:1b:a3:40:18:3d:84:0e:22:43:b8:f3:ad:ca:
         aa:9e:0e:c4:a7:81:fe:e8:35:ac:a2:1c:6a:fc:ba:c4:0c:05:
         ab:9e:d2:bc:59:26:4e:4b:09:69:2f:f6:5c:f9:cf:69:d1:c3:
         b5:8f:7f:07:04:4a:7d:05:3a:29:ae:93:8d:60:b0:9e:ed:97:
         91:13:16:6f:0c:ca:4f:c8:39:b3:b3:92:d2:c0:e0:e3:b1:37:
         87:6a:88:91:0a:a2:51:99:ff:95:b8:a4:bb:d0:12:bc:49:06:
         61:e6:98:a9:2d:75:36:d9:f6:41:ff:ef:b6:e3:89:d8:48:a6:
         16:a3:ba:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUToYt/m6g/mrGRFEe6yCAjgflLkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTAwNjI3MTdaFw0yNjEwMDkwNjMyMTdaMDMxMTAvBgNV
BAMTKDU2N0Y3RjYwODY0OTk4MTk2REFEQzhCMTA1QzAyMUEyMTRCNkM1Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGrdtHoFLF9akvHOb3/2WtLi35
/QLBO0WpGdLC7PPLR8yBSRnWy93cj1gmrY8DKyzcHt6nQNTg9nUgYUmd8CxTFZid
lOrlHKNe6yuKk/utkTJJWJpSbt2Gk1HMMZsQXptAGdFW4WXLciMC3c7Yzj/pk4If
Pz/S3v4Os5XgXdxdX2fPhGg9wsNT3Ec9XRajAQQb8Uv/HZ+0JNbeQwgzoHRIg+0A
c+8+WAKaHfUmhpMiD9tNVw0Oqhay0SiJyKVMPivUQRzhAxY3fBKHdWmPMIiyz60o
SHu3orlmce3ZEQCrTUNRr9naaOUla5UKSTI6ileFG2PCXecQRhKPcEOlOhc/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVn9/YIZJmBltrcixBcAhohS2xc4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1NTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADuMA0GCSqGSIb3DQEBCwUAA4IBAQA3A/SeFnoJ6hNQ0G21JLEGuv6W2gI2E+I+
X+7jBBydp/NRljPiRdf88yzjMkQ3J0rIoXoR5Uoz889Jn+VmmrFDEC9pPiB4fVW1
7ADUV3BFuL/P7QN3sSPgAdEczSkDhEzgdUzq86Brs61jO5wL3uDJFZycwtXLaACY
7rb/L6fSdSY2XxujQBg9hA4iQ7jzrcqqng7Ep4H+6DWsohxq/LrEDAWrntK8WSZO
SwlpL/Zc+c9p0cO1j38HBEp9BToprpONYLCe7ZeRExZvDMpPyDmzs5LSwODjsTeH
aoiRCqJRmf+VuKS70BK8SQZh5pipLXU22fZB/++244nYSKYWo7oa
-----END CERTIFICATE-----