Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa
File:                     AS152565.roa (raw, json)
Hash identifier:          J3rT6EFrTPamtHdEUk9vwVTQXsqlDZkkd5boevHgZHQ=
Subject key identifier:   EA:90:D7:D2:1E:7E:BF:F2:DD:03:DD:49:69:18:68:B5:C5:DA:B8:EB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1BB2FA0ED6FFAAB89710606DBCE91B25CAA306
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa
Signing time:             Sat 30 Aug 2025 11:53:51 +0000
ROA not before:           Sat 30 Aug 2025 11:48:51 +0000
ROA not after:            Sat 29 Aug 2026 11:53:51 +0000
asID:                     152565
IP address blocks:        2a13:9500:cb::/48 maxlen: 48
                          2a13:9500:d0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:b2:fa:0e:d6:ff:aa:b8:97:10:60:6d:bc:e9:1b:25:ca:a3:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 30 11:48:51 2025 GMT
            Not After : Aug 29 11:53:51 2026 GMT
        Subject: CN=EA90D7D21E7EBFF2DD03DD49691868B5C5DAB8EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:23:87:54:85:3b:c2:2d:b3:31:aa:01:ee:de:
                    fe:21:3b:77:17:ae:a7:1e:47:79:ff:4b:e0:4a:08:
                    d0:64:96:7a:c4:fc:5c:41:09:3d:03:e9:2c:44:9b:
                    e9:c0:d1:6f:3a:19:16:01:ac:4f:d7:76:83:f1:ac:
                    49:2a:77:d8:8c:4f:0a:4c:4f:e4:ba:ee:a0:8b:bb:
                    72:15:35:0f:81:a8:f2:4e:e1:d4:bd:3e:b0:81:f5:
                    ba:82:c1:39:5e:7e:99:5d:1b:0a:15:d8:70:db:7f:
                    e0:b5:93:66:b7:c3:e8:f2:36:25:9a:9d:95:36:93:
                    6a:e7:98:58:98:ca:ca:ad:f2:34:b9:0d:b3:c6:00:
                    ac:a7:85:e8:83:af:af:2e:a5:01:08:6a:f1:a5:ff:
                    2c:fb:1a:3e:79:44:d0:1b:86:3d:9e:88:d8:ed:f2:
                    2b:82:fd:27:6c:eb:d3:50:86:bc:e2:3d:0b:44:19:
                    f6:7b:9b:e4:ba:76:ca:19:85:c6:92:2f:37:53:0d:
                    40:a9:70:fb:4f:e2:79:71:64:d8:ac:64:5d:a0:b0:
                    ac:92:ed:f2:f1:9e:25:f1:80:bc:97:29:9b:14:3b:
                    95:30:33:79:79:3e:09:8a:a7:06:57:0e:2e:21:55:
                    f8:0c:84:5d:33:01:7b:8e:7c:17:ad:79:b2:03:49:
                    36:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:90:D7:D2:1E:7E:BF:F2:DD:03:DD:49:69:18:68:B5:C5:DA:B8:EB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152565.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:cb::/48
                  2a13:9500:d0::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:2b:52:33:c9:c9:1f:5d:b8:b8:1a:ee:8d:9a:21:32:fb:f0:
         aa:ae:2e:dd:62:f2:78:5d:58:c0:a8:e3:02:4b:6f:bd:24:61:
         21:b2:df:e2:f5:f8:63:a5:47:61:be:f6:1b:30:ec:e8:88:91:
         9a:03:af:b6:ab:b5:aa:98:8a:63:59:69:94:07:2c:91:c0:53:
         eb:d3:e8:ec:44:83:7a:21:30:ab:3b:08:2e:dd:56:a5:82:4e:
         6d:43:df:46:93:af:90:79:45:4c:83:97:3b:2e:af:bb:06:6d:
         e0:96:81:ad:6f:b4:8e:80:ce:fd:31:45:d0:ba:01:6a:a5:a7:
         05:ce:2a:a2:57:a9:13:b0:01:3c:8d:cd:21:0e:ac:3e:f7:bd:
         b3:b9:f9:26:6d:ba:7d:e1:0f:c9:0a:7a:a4:3c:f0:e0:85:e1:
         6f:0a:ec:f6:26:72:4c:39:e1:b3:e3:92:ea:ee:c2:83:cf:3b:
         fc:3d:82:16:8e:25:2d:73:8f:69:34:98:58:ec:44:b8:fd:db:
         61:cb:e4:93:49:ac:cc:4a:b8:51:9f:92:a7:20:52:01:ba:10:
         da:65:5e:d3:3a:de:99:5b:3b:25:bf:79:f7:4f:c6:f7:0a:10:
         2e:68:f9:eb:b3:65:b5:cf:b8:dd:cc:c9:a2:54:3a:27:5c:85:
         64:af:c5:6a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgITG7L6Dtb/qriXEGBtvOkbJcqjBjANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygyMThjYzZlMjQxMDVkZTZjNWM5MDAzZDY1MjQzODkzY2Iz
Y2ZkZDAxMB4XDTI1MDgzMDExNDg1MVoXDTI2MDgyOTExNTM1MVowMzExMC8GA1UE
AxMoRUE5MEQ3RDIxRTdFQkZGMkREMDNERDQ5NjkxODY4QjVDNURBQjhFQjCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMUjh1SFO8ItszGqAe7e/iE7dxeu
px5Hef9L4EoI0GSWesT8XEEJPQPpLESb6cDRbzoZFgGsT9d2g/GsSSp32IxPCkxP
5LruoIu7chU1D4Go8k7h1L0+sIH1uoLBOV5+mV0bChXYcNt/4LWTZrfD6PI2JZqd
lTaTaueYWJjKyq3yNLkNs8YArKeF6IOvry6lAQhq8aX/LPsaPnlE0BuGPZ6I2O3y
K4L9J2zr01CGvOI9C0QZ9nub5Lp2yhmFxpIvN1MNQKlw+0/ieXFk2KxkXaCwrJLt
8vGeJfGAvJcpmxQ7lTAzeXk+CYqnBlcOLiFV+AyEXTMBe458F615sgNJNlcCAwEA
AaOCAhYwggISMB0GA1UdDgQWBBTqkNfSHn6/8t0D3UlpGGi1xdq46zAfBgNVHSME
GDAWgBQhjMbiQQXebFyQA9ZSQ4k8s8/dATAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS83MThhMWI0Zi1iNjRjLTQwMmMtYmUxNS1kZDgyYTQxYTFh
ZjYvMC8yMThDQzZFMjQxMDVERTZDNUM5MDAzRDY1MjQzODkzQ0IzQ0ZERDAxLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvSVl6RzRrRUYzbXhja0FQV1VrT0pQTFBQ
M1FFLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00
MDJjLWJlMTUtZGQ4MmE0MWExYWY2LzAvQVMxNTI1NjUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqE5UA
AMsDBwAqE5UAANAwDQYJKoZIhvcNAQELBQADggEBABArUjPJyR9duLga7o2aITL7
8KquLt1i8nhdWMCo4wJLb70kYSGy3+L1+GOlR2G+9hsw7OiIkZoDr7artaqYimNZ
aZQHLJHAU+vT6OxEg3ohMKs7CC7dVqWCTm1D30aTr5B5RUyDlzsur7sGbeCWga1v
tI6Azv0xRdC6AWqlpwXOKqJXqROwATyNzSEOrD73vbO5+SZtun3hD8kKeqQ88OCF
4W8K7PYmckw54bPjkuruwoPPO/w9ghaOJS1zj2k0mFjsRLj922HL5JNJrMxKuFGf
kqcgUgG6ENplXtM63plbOyW/efdPxvcKEC5o+euzZbXPuN3MyaJUOidchWSvxWo=
-----END CERTIFICATE-----