Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa
File:                     AS136621.roa (raw, json)
Hash identifier:          KGZK/Lud3mwEE3hfarOC1FH4iwkuiBjy3d10kad8k7w=
Subject key identifier:   77:B5:DA:AB:7C:5B:6F:74:53:97:DD:89:D2:C3:DB:EC:6D:F7:75:9A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1897A0C6D12198BFA03D50E1D5A95DF68960147B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa
Signing time:             Thu 29 May 2025 18:27:38 +0000
ROA not before:           Thu 29 May 2025 18:22:38 +0000
ROA not after:            Thu 28 May 2026 18:27:38 +0000
asID:                     136621
IP address blocks:        2a13:9500:72::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:57:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:97:a0:c6:d1:21:98:bf:a0:3d:50:e1:d5:a9:5d:f6:89:60:14:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 18:22:38 2025 GMT
            Not After : May 28 18:27:38 2026 GMT
        Subject: CN=77B5DAAB7C5B6F745397DD89D2C3DBEC6DF7759A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:14:f1:b0:8e:fb:73:dd:c0:a8:cd:00:7d:f2:
                    ff:80:53:4c:10:d9:bb:01:56:eb:23:1d:33:4a:20:
                    99:e8:22:73:1f:39:1d:d9:b0:fc:52:64:10:73:b8:
                    ca:38:77:35:1c:eb:e9:24:af:0c:fe:62:44:9e:15:
                    9a:41:76:5c:f7:40:37:d0:0c:0a:73:e1:15:63:cf:
                    08:13:87:d5:21:66:87:23:c5:a6:e0:b1:4c:2c:81:
                    65:65:59:c3:80:ee:79:55:18:23:d8:bb:48:17:94:
                    8e:77:dd:e0:cd:d8:d9:b4:8a:0c:1a:2a:52:ad:61:
                    24:07:73:51:ba:86:e2:90:ed:05:49:c6:14:56:18:
                    84:8a:a7:71:68:fa:75:7b:c4:6d:60:5a:c5:ab:da:
                    b1:41:7b:f3:e3:10:ce:0b:de:97:13:a3:8c:82:93:
                    0d:7d:d2:7a:25:7f:fb:3f:28:5f:3e:5e:aa:34:19:
                    b8:c6:79:11:95:a2:3c:00:f9:96:f9:02:b2:4e:ce:
                    e8:f7:bc:a3:e2:82:db:a6:80:d1:bc:b7:fd:eb:98:
                    8e:1d:50:1e:c1:4d:13:91:d3:d9:0a:e7:e9:f9:1e:
                    76:00:d0:be:8c:17:f8:75:0c:ca:e2:c3:c0:1d:d8:
                    e5:33:20:a7:c7:db:f5:b7:d9:d6:eb:a4:4c:af:69:
                    70:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B5:DA:AB:7C:5B:6F:74:53:97:DD:89:D2:C3:DB:EC:6D:F7:75:9A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS136621.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:72::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:7b:08:b0:05:74:a1:11:fe:d7:5e:f4:6e:72:90:87:89:90:
         8f:9f:dd:fa:ab:57:c4:e7:9e:a5:f0:c7:0d:23:11:ec:a6:ab:
         13:f1:ad:7e:f6:4d:9b:58:fb:54:59:da:8d:d2:dd:90:31:20:
         2f:7b:c0:bf:a1:eb:b5:ed:e9:e1:05:61:86:9c:34:31:5a:db:
         a3:7e:c3:79:a2:d4:e4:b3:c4:b4:78:e9:d0:ba:7c:a8:04:f0:
         69:f8:3c:db:57:f6:36:50:5b:eb:d1:e4:9b:a6:be:68:58:52:
         73:cd:71:34:88:31:3e:7a:9b:43:9b:b7:1e:7d:6c:ee:76:7d:
         b6:9f:46:41:c6:b0:d9:49:ec:e9:50:d7:74:11:2f:71:0d:d9:
         42:73:5f:49:49:16:46:a0:e1:8e:81:4c:65:17:ab:10:c2:c0:
         7f:76:ee:9e:9a:7f:6e:9e:0c:35:2d:30:8d:a7:ad:2f:b5:13:
         c6:be:16:47:57:06:9e:13:68:1f:93:4a:27:bd:86:bd:53:fe:
         91:37:0c:93:b0:b5:91:31:51:cd:1c:17:c5:86:3d:0b:46:40:
         ed:f8:0e:94:83:64:78:2d:26:62:81:b4:9f:af:09:ee:b7:b6:
         2e:ef:fb:3f:96:6f:cd:0c:d7:18:83:6f:7b:c9:06:f8:0a:32:
         4e:2b:e0:5a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGJegxtEhmL+gPVDh1ald9olgFHswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjkxODIyMzhaFw0yNjA1MjgxODI3MzhaMDMxMTAvBgNV
BAMTKDc3QjVEQUFCN0M1QjZGNzQ1Mzk3REQ4OUQyQzNEQkVDNkRGNzc1OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfFPGwjvtz3cCozQB98v+AU0wQ
2bsBVusjHTNKIJnoInMfOR3ZsPxSZBBzuMo4dzUc6+kkrwz+YkSeFZpBdlz3QDfQ
DApz4RVjzwgTh9UhZocjxabgsUwsgWVlWcOA7nlVGCPYu0gXlI533eDN2Nm0igwa
KlKtYSQHc1G6huKQ7QVJxhRWGISKp3Fo+nV7xG1gWsWr2rFBe/PjEM4L3pcTo4yC
kw190nolf/s/KF8+Xqo0GbjGeRGVojwA+Zb5ArJOzuj3vKPigtumgNG8t/3rmI4d
UB7BTROR09kK5+n5HnYA0L6MF/h1DMriw8Ad2OUzIKfH2/W32dbrpEyvaXB5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUd7Xaq3xbb3RTl92J0sPb7G33dZowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM2NjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAByMA0GCSqGSIb3DQEBCwUAA4IBAQCbewiwBXShEf7XXvRucpCHiZCPn936q1fE
556l8McNIxHspqsT8a1+9k2bWPtUWdqN0t2QMSAve8C/oeu17enhBWGGnDQxWtuj
fsN5otTks8S0eOnQunyoBPBp+DzbV/Y2UFvr0eSbpr5oWFJzzXE0iDE+eptDm7ce
fWzudn22n0ZBxrDZSezpUNd0ES9xDdlCc19JSRZGoOGOgUxlF6sQwsB/du6emn9u
ngw1LTCNp60vtRPGvhZHVwaeE2gfk0onvYa9U/6RNwyTsLWRMVHNHBfFhj0LRkDt
+A6Ug2R4LSZigbSfrwnut7Yu7/s/lm/NDNcYg297yQb4CjJOK+Ba
-----END CERTIFICATE-----