Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa
File:                     AS147176.roa (raw, json)
Hash identifier:          MwVgaSeplYlYn3rreqE4CtzkYtIA5d1pu+JGcFhFjm0=
Subject key identifier:   8B:22:62:B8:88:24:3C:DB:31:A4:8D:47:41:8A:9D:DD:6E:65:28:32
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       14F99DD7929E6E663C72751FCFBABE2158E07E19
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa
Signing time:             Thu 05 Jun 2025 05:37:27 +0000
ROA not before:           Thu 05 Jun 2025 05:32:27 +0000
ROA not after:            Thu 04 Jun 2026 05:37:27 +0000
asID:                     147176
IP address blocks:        2a13:9500:81::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:f9:9d:d7:92:9e:6e:66:3c:72:75:1f:cf:ba:be:21:58:e0:7e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 05:32:27 2025 GMT
            Not After : Jun  4 05:37:27 2026 GMT
        Subject: CN=8B2262B888243CDB31A48D47418A9DDD6E652832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ea:fa:e3:1f:41:d6:bf:da:24:6d:25:1b:96:
                    68:ea:64:d5:03:01:db:69:08:f6:82:6d:b7:a1:95:
                    d6:7e:14:d3:51:ba:f9:a5:b2:3b:bb:77:f2:48:cd:
                    7d:9f:c0:f1:a3:1e:f5:7e:dd:83:a3:66:70:8a:6c:
                    0f:d1:cd:32:27:6a:c8:1c:86:1e:70:eb:d6:f2:4f:
                    bf:d6:85:11:e5:e9:56:68:be:6a:59:10:43:2f:3a:
                    b4:67:35:12:32:10:f2:1b:5a:d7:60:da:f1:2c:99:
                    52:d7:1e:56:92:41:64:55:29:e5:1c:fa:5e:07:48:
                    61:08:24:99:c5:f4:be:09:fd:cc:ad:58:2e:71:f4:
                    a1:8f:28:ea:11:58:4d:f2:97:7d:3b:54:3d:10:bc:
                    49:5b:aa:a9:58:37:0a:7c:44:fd:04:f0:5b:bd:b3:
                    32:9f:6f:39:fc:69:fe:b7:43:a7:11:66:f4:07:fc:
                    d4:a4:0d:9f:fb:3e:3a:a2:2d:9d:ca:75:62:7d:8e:
                    8a:5c:0c:83:91:1f:9e:c6:fe:76:d8:01:f9:6a:9f:
                    95:5c:c6:15:f1:68:61:bf:78:c9:b8:57:b1:92:f1:
                    f2:91:70:f9:f3:37:f7:f6:68:1d:43:4f:e2:0c:1e:
                    2e:7e:c3:88:95:05:e8:6b:a4:48:5b:81:e8:b5:54:
                    96:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:22:62:B8:88:24:3C:DB:31:A4:8D:47:41:8A:9D:DD:6E:65:28:32
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS147176.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:81::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:16:cc:14:67:ce:55:7e:57:7b:78:49:64:65:a2:cc:cf:43:
         df:a4:53:f5:32:a4:a2:21:a5:4a:78:ce:b0:b9:47:11:22:a1:
         1a:c1:3b:1e:f6:cf:25:5a:7e:79:8c:e5:c9:b0:ca:6c:7a:a1:
         7c:3c:0b:c3:1d:29:04:5e:d8:fb:2b:c1:76:05:6c:70:9b:24:
         a5:8d:3c:ad:83:2a:55:d7:4f:e2:98:79:5e:60:09:df:d4:3b:
         74:a1:ce:ea:3e:d9:0d:c4:5d:a2:33:38:4c:75:e0:31:0d:10:
         7f:ad:96:47:e7:22:9b:47:af:83:9b:a9:6c:d1:f6:60:cb:bb:
         1e:56:08:b4:6b:da:17:35:a8:1d:3c:59:9a:f0:3a:4b:38:05:
         d3:20:c4:cc:93:f0:71:35:ac:72:ff:1a:15:79:e9:c8:07:f9:
         12:91:d9:53:d6:58:a3:02:96:06:6b:bf:62:31:e1:44:ad:da:
         2d:72:b4:09:3b:dc:6f:75:ab:47:84:74:62:8e:05:30:10:36:
         73:0c:4f:2d:cf:48:1b:0a:0d:87:e7:19:eb:fa:7b:5c:4c:c5:
         7a:ed:9a:72:0e:a7:9d:cb:f7:1f:4e:c8:38:ad:6f:48:26:c8:
         99:47:a2:a4:60:a3:3e:64:5c:b2:0f:28:aa:53:0e:ca:b0:2f:
         fc:89:a4:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFPmd15KebmY8cnUfz7q+IVjgfhkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDUwNTMyMjdaFw0yNjA2MDQwNTM3MjdaMDMxMTAvBgNV
BAMTKDhCMjI2MkI4ODgyNDNDREIzMUE0OEQ0NzQxOEE5RERENkU2NTI4MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC76vrjH0HWv9okbSUblmjqZNUD
AdtpCPaCbbehldZ+FNNRuvmlsju7d/JIzX2fwPGjHvV+3YOjZnCKbA/RzTInasgc
hh5w69byT7/WhRHl6VZovmpZEEMvOrRnNRIyEPIbWtdg2vEsmVLXHlaSQWRVKeUc
+l4HSGEIJJnF9L4J/cytWC5x9KGPKOoRWE3yl307VD0QvElbqqlYNwp8RP0E8Fu9
szKfbzn8af63Q6cRZvQH/NSkDZ/7PjqiLZ3KdWJ9jopcDIORH57G/nbYAflqn5Vc
xhXxaGG/eMm4V7GS8fKRcPnzN/f2aB1DT+IMHi5+w4iVBehrpEhbgei1VJZBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUiyJiuIgkPNsxpI1HQYqd3W5lKDIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQ3MTc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACBMA0GCSqGSIb3DQEBCwUAA4IBAQAgFswUZ85Vfld7eElkZaLMz0PfpFP1MqSi
IaVKeM6wuUcRIqEawTse9s8lWn55jOXJsMpseqF8PAvDHSkEXtj7K8F2BWxwmySl
jTytgypV10/imHleYAnf1Dt0oc7qPtkNxF2iMzhMdeAxDRB/rZZH5yKbR6+Dm6ls
0fZgy7seVgi0a9oXNagdPFma8DpLOAXTIMTMk/BxNaxy/xoVeenIB/kSkdlT1lij
ApYGa79iMeFErdotcrQJO9xvdatHhHRijgUwEDZzDE8tz0gbCg2H5xnr+ntcTMV6
7ZpyDqedy/cfTsg4rW9IJsiZR6KkYKM+ZFyyDyiqUw7KsC/8iaQM
-----END CERTIFICATE-----