Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa
File:                     AS137897.roa (raw, json)
Hash identifier:          chss6PJsuOLqHnKwDuzXj2ltAm6qf7irlhkfhsvISqw=
Subject key identifier:   A3:8B:4F:07:24:4B:EC:CC:11:D7:BE:CB:D5:C2:C6:FA:41:31:B2:3A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       721F1EA99EBE69E8585D363CC649F24EF169E6AC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa
Signing time:             Tue 03 Jun 2025 14:11:51 +0000
ROA not before:           Tue 03 Jun 2025 14:06:51 +0000
ROA not after:            Tue 02 Jun 2026 14:11:51 +0000
asID:                     137897
IP address blocks:        2a13:9500:7c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:57:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:1f:1e:a9:9e:be:69:e8:58:5d:36:3c:c6:49:f2:4e:f1:69:e6:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  3 14:06:51 2025 GMT
            Not After : Jun  2 14:11:51 2026 GMT
        Subject: CN=A38B4F07244BECCC11D7BECBD5C2C6FA4131B23A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:79:63:f5:40:24:cd:ac:2f:62:83:12:8e:c0:
                    01:dc:67:33:4e:5b:dd:12:a3:9f:99:1e:d8:de:58:
                    9e:8d:be:76:c2:d4:9c:fe:85:42:56:1d:e6:00:af:
                    93:5b:7c:a1:8b:be:7f:2f:45:9f:a8:a2:c3:9b:6e:
                    39:ec:29:64:31:01:46:83:6a:ab:97:db:f0:04:22:
                    d9:34:92:ff:42:de:ca:fb:99:5a:a0:0a:f9:3c:f3:
                    f2:1f:a2:b7:3f:82:7a:09:cd:44:02:e5:c1:e2:5c:
                    4b:65:6e:84:0d:59:ea:37:05:19:2f:96:65:1f:6b:
                    02:f2:27:cb:49:69:a3:dc:67:fe:87:d6:34:f2:c1:
                    34:3e:d6:c0:af:b3:14:9b:84:c3:01:e8:2f:91:49:
                    32:db:33:3c:c1:84:34:4d:59:b7:de:d1:c8:3d:2d:
                    1e:51:55:ec:f3:c9:06:0a:d3:87:10:ec:19:41:ae:
                    d4:c6:83:a4:5c:8e:13:ec:70:9b:6f:c4:93:da:98:
                    59:5d:90:29:89:f4:c1:a0:0d:12:0a:2f:95:09:74:
                    25:6f:32:38:f3:7e:b0:ed:e2:89:65:c7:27:24:93:
                    41:60:4f:a7:4c:65:43:44:9a:15:4d:dd:1c:d5:f4:
                    81:06:e2:09:6e:78:25:09:61:44:97:fe:6e:12:95:
                    9a:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:8B:4F:07:24:4B:EC:CC:11:D7:BE:CB:D5:C2:C6:FA:41:31:B2:3A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS137897.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:7c::/48

    Signature Algorithm: sha256WithRSAEncryption
         75:e2:19:ae:8f:03:33:f2:2b:b2:2f:cd:3f:08:b0:36:b1:69:
         b6:26:be:79:86:9a:4e:3f:08:cf:4c:f9:c5:d9:d4:7c:fe:e8:
         14:3c:96:c8:21:d4:7d:73:2a:6d:d2:d6:62:bb:b5:49:08:eb:
         eb:38:8e:ee:66:c5:14:cd:23:e7:a8:e4:d4:8b:53:31:67:ac:
         e8:69:11:b9:7c:1b:45:c4:c2:bc:5b:b3:66:11:99:2a:b6:74:
         cb:9c:6c:6e:d9:4a:86:f2:a1:f7:a5:bc:0d:3f:1d:ce:cd:28:
         12:e0:b7:e9:cf:d2:21:5b:cc:c4:c6:fc:8b:6e:cc:e4:64:5c:
         51:7f:20:0d:10:30:e6:32:87:f0:2c:a0:57:ff:28:c6:32:18:
         88:cb:3b:ae:a9:c4:47:42:ca:9c:af:99:21:26:aa:9f:f5:97:
         f0:b5:6a:09:ff:f8:ba:4f:a8:b0:c9:54:83:93:5c:d0:8a:e5:
         7b:0b:03:31:5a:f9:fd:7a:d6:0f:08:aa:6c:b5:88:a8:77:14:
         15:09:6a:6f:b8:bf:16:ee:33:d8:65:ac:a1:9c:61:9b:4a:e3:
         1d:b6:3e:a1:21:16:37:7b:ba:46:34:86:36:a6:e4:57:9f:be:
         39:49:3a:b1:4b:88:58:5a:45:82:5e:ef:09:98:b5:d2:73:1c:
         94:88:6c:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUch8eqZ6+aehYXTY8xknyTvFp5qwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDMxNDA2NTFaFw0yNjA2MDIxNDExNTFaMDMxMTAvBgNV
BAMTKEEzOEI0RjA3MjQ0QkVDQ0MxMUQ3QkVDQkQ1QzJDNkZBNDEzMUIyM0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCreWP1QCTNrC9igxKOwAHcZzNO
W90So5+ZHtjeWJ6NvnbC1Jz+hUJWHeYAr5NbfKGLvn8vRZ+oosObbjnsKWQxAUaD
aquX2/AEItk0kv9C3sr7mVqgCvk88/Iforc/gnoJzUQC5cHiXEtlboQNWeo3BRkv
lmUfawLyJ8tJaaPcZ/6H1jTywTQ+1sCvsxSbhMMB6C+RSTLbMzzBhDRNWbfe0cg9
LR5RVezzyQYK04cQ7BlBrtTGg6RcjhPscJtvxJPamFldkCmJ9MGgDRIKL5UJdCVv
MjjzfrDt4ollxyckk0FgT6dMZUNEmhVN3RzV9IEG4glueCUJYUSX/m4SlZrTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUo4tPByRL7MwR177L1cLG+kExsjowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM3ODk3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAB8MA0GCSqGSIb3DQEBCwUAA4IBAQB14hmujwMz8iuyL80/CLA2sWm2Jr55hppO
PwjPTPnF2dR8/ugUPJbIIdR9cypt0tZiu7VJCOvrOI7uZsUUzSPnqOTUi1MxZ6zo
aRG5fBtFxMK8W7NmEZkqtnTLnGxu2UqG8qH3pbwNPx3OzSgS4Lfpz9IhW8zExvyL
bszkZFxRfyANEDDmMofwLKBX/yjGMhiIyzuuqcRHQsqcr5khJqqf9ZfwtWoJ//i6
T6iwyVSDk1zQiuV7CwMxWvn9etYPCKpstYiodxQVCWpvuL8W7jPYZayhnGGbSuMd
tj6hIRY3e7pGNIY2puRXn745STqxS4hYWkWCXu8JmLXScxyUiGxV
-----END CERTIFICATE-----