Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142354.roa
File:                     AS142354.roa (raw, json)
Hash identifier:          1L8GQ58HsUTGDxZ26u9IGEr1n2KanKScIikldDNNmhY=
Subject key identifier:   C7:1E:FF:91:64:33:DA:DC:39:EF:88:8E:8D:BD:7C:03:76:17:81:5B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7351EF2AC0F51B4C81259C30C8DFA2A6AF70EED5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142354.roa
Signing time:             Tue 26 Aug 2025 10:52:59 +0000
ROA not before:           Tue 26 Aug 2025 10:47:59 +0000
ROA not after:            Tue 25 Aug 2026 10:52:59 +0000
asID:                     142354
IP address blocks:        2a13:9500:cc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:51:ef:2a:c0:f5:1b:4c:81:25:9c:30:c8:df:a2:a6:af:70:ee:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 26 10:47:59 2025 GMT
            Not After : Aug 25 10:52:59 2026 GMT
        Subject: CN=C71EFF916433DADC39EF888E8DBD7C037617815B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:5f:51:06:dd:db:30:fb:ad:b3:71:af:9d:ea:
                    a3:9f:0b:c6:ed:1b:b7:01:68:11:d4:ce:d0:d0:74:
                    dd:2e:93:1d:03:6c:9d:0d:73:32:fa:8f:aa:ca:3e:
                    e5:2f:57:f2:e2:4d:5f:92:23:00:87:28:fc:36:ac:
                    13:5e:d1:20:e5:78:7d:61:52:00:2f:65:fc:62:1d:
                    6a:b3:32:41:97:a6:b8:5f:bc:ad:3d:e1:d3:02:01:
                    b4:f8:ce:4a:a0:70:17:cd:7f:fe:14:22:73:f5:cd:
                    44:e3:ce:89:c1:2e:8d:c3:63:94:13:55:38:2b:09:
                    4f:bc:45:96:a6:ac:9d:2c:98:29:52:2b:cb:86:06:
                    83:9b:c2:b8:69:34:46:6a:21:3c:51:e8:d1:b3:54:
                    47:3a:f7:f4:0a:c3:a4:4f:c0:8c:ef:72:f3:da:63:
                    c8:6c:ee:22:ef:81:53:87:9a:54:0b:8e:9c:15:78:
                    15:d5:6f:be:d8:1a:9e:36:b1:4b:9e:75:28:bc:8c:
                    7f:85:e8:80:c1:d7:1d:1e:9b:9f:dc:4a:09:e0:99:
                    51:1e:36:c1:6d:1a:f7:f4:ac:ba:b3:b8:b8:bd:1e:
                    d1:3b:d3:72:9e:d4:c2:a8:c1:ba:a1:c1:45:b6:03:
                    3f:3d:e9:6d:90:85:3b:a1:12:16:d9:8e:63:63:33:
                    b1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:1E:FF:91:64:33:DA:DC:39:EF:88:8E:8D:BD:7C:03:76:17:81:5B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142354.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:cc::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:a7:57:74:00:e7:e6:43:17:0c:99:5b:3e:db:42:94:a5:ab:
         41:38:ad:af:48:41:94:96:a5:19:a4:23:d7:1f:fa:1f:c7:78:
         47:8f:b4:98:58:6c:4d:42:d0:a3:af:21:b7:8a:8f:74:b3:e9:
         a7:0e:20:e3:8c:11:aa:2e:a5:a2:fa:ca:5b:9c:5f:26:0d:1c:
         f1:9b:1d:24:05:f9:f4:8f:e0:c8:80:ca:ff:db:5a:ad:f2:14:
         ad:68:ac:da:9b:d3:ea:58:c3:ba:d1:b3:7c:0f:07:d4:c2:36:
         e9:c1:9a:48:c6:65:93:4a:8c:d9:69:3a:7b:82:fb:c6:70:2d:
         ba:b0:7d:e7:65:6a:88:0d:c4:1a:2d:fc:9b:2b:e8:10:ce:c5:
         e4:90:19:5b:80:e2:c4:da:a3:71:d7:2f:f5:91:70:39:21:2d:
         ad:5a:bc:8a:d0:d3:79:dd:c2:78:84:da:ec:0d:5f:18:19:e4:
         b0:78:d6:fc:a4:3b:74:86:7d:54:e7:c7:d8:98:19:42:72:82:
         a3:ce:30:a5:58:ba:7e:c9:f5:f9:15:e5:ef:95:3a:4f:7e:94:
         88:18:02:fd:9a:13:f4:45:72:40:ce:59:d8:f0:75:cb:66:4c:
         ca:81:ff:c7:4f:97:9b:30:ef:71:77:3a:0b:f7:4d:dd:9d:f5:
         f0:29:0a:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUc1HvKsD1G0yBJZwwyN+ipq9w7tUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjYxMDQ3NTlaFw0yNjA4MjUxMDUyNTlaMDMxMTAvBgNV
BAMTKEM3MUVGRjkxNjQzM0RBREMzOUVGODg4RThEQkQ3QzAzNzYxNzgxNUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOX1EG3dsw+62zca+d6qOfC8bt
G7cBaBHUztDQdN0ukx0DbJ0NczL6j6rKPuUvV/LiTV+SIwCHKPw2rBNe0SDleH1h
UgAvZfxiHWqzMkGXprhfvK094dMCAbT4zkqgcBfNf/4UInP1zUTjzonBLo3DY5QT
VTgrCU+8RZamrJ0smClSK8uGBoObwrhpNEZqITxR6NGzVEc69/QKw6RPwIzvcvPa
Y8hs7iLvgVOHmlQLjpwVeBXVb77YGp42sUuedSi8jH+F6IDB1x0em5/cSgngmVEe
NsFtGvf0rLqzuLi9HtE703Ke1MKowbqhwUW2Az896W2QhTuhEhbZjmNjM7GZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUxx7/kWQz2tw574iOjb18A3YXgVswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMzU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADMMA0GCSqGSIb3DQEBCwUAA4IBAQCRp1d0AOfmQxcMmVs+20KUpatBOK2vSEGU
lqUZpCPXH/ofx3hHj7SYWGxNQtCjryG3io90s+mnDiDjjBGqLqWi+spbnF8mDRzx
mx0kBfn0j+DIgMr/21qt8hStaKzam9PqWMO60bN8DwfUwjbpwZpIxmWTSozZaTp7
gvvGcC26sH3nZWqIDcQaLfybK+gQzsXkkBlbgOLE2qNx1y/1kXA5IS2tWryK0NN5
3cJ4hNrsDV8YGeSweNb8pDt0hn1U58fYmBlCcoKjzjClWLp+yfX5FeXvlTpPfpSI
GAL9mhP0RXJAzlnY8HXLZkzKgf/HT5ebMO9xdzoL903dnfXwKQp2
-----END CERTIFICATE-----