Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203710.roa
File:                     AS203710.roa (raw, json)
Hash identifier:          oHohONI28yEuUlo/CI8k2Cs1u+Ol3/SiDE0zxQWMDOY=
Subject key identifier:   1D:03:58:E2:A1:D0:84:A6:5F:76:0B:63:43:9A:11:3D:9F:CA:FF:FD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3D300B670C57FEDD8BAADD77F9E365A182262AA2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203710.roa
Signing time:             Mon 02 Mar 2026 18:59:14 +0000
ROA not before:           Mon 02 Mar 2026 18:54:14 +0000
ROA not after:            Mon 01 Mar 2027 18:59:14 +0000
asID:                     203710
IP address blocks:        2a13:9500:144::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:30:0b:67:0c:57:fe:dd:8b:aa:dd:77:f9:e3:65:a1:82:26:2a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar  2 18:54:14 2026 GMT
            Not After : Mar  1 18:59:14 2027 GMT
        Subject: CN=1D0358E2A1D084A65F760B63439A113D9FCAFFFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:05:f0:fd:43:ab:90:21:95:37:56:a7:37:84:
                    9b:b7:e2:17:33:56:38:f6:a0:32:1f:33:eb:de:85:
                    04:cc:54:ea:f0:62:68:2b:2a:7d:0c:c9:93:53:b4:
                    2a:73:d6:07:2d:52:d2:0e:95:c4:cf:f4:ca:28:35:
                    2c:2f:22:90:08:57:eb:fe:13:32:18:ba:b1:5b:a1:
                    4e:d5:7d:e6:f2:dd:a0:3f:4e:41:69:ef:71:8c:c4:
                    37:68:6f:3c:13:13:44:1a:c1:43:5f:96:ac:0a:91:
                    02:3d:33:cb:25:5c:4e:93:2d:f5:0a:94:de:c4:10:
                    04:a4:f5:9b:6b:0f:5d:f3:8e:bb:01:ed:0a:85:fd:
                    50:e3:6b:d1:50:83:3b:37:40:2c:2d:04:30:cd:7c:
                    a8:71:16:cc:7b:60:bb:e5:c9:bb:7d:ac:b5:e1:92:
                    d6:63:7e:af:4e:56:98:75:61:c2:5c:df:7f:b6:61:
                    e4:04:a4:5e:8c:95:e8:dc:cc:de:89:46:2a:9f:42:
                    05:01:ef:37:de:19:ff:80:d8:b5:b9:c8:fb:f7:21:
                    4a:9c:74:47:82:4f:18:82:85:41:09:68:81:41:23:
                    b1:ed:b3:e9:ec:96:c3:4c:ee:74:13:e1:01:9d:48:
                    9a:0d:d2:d9:5e:af:c8:38:10:2e:d9:bd:20:e4:27:
                    2c:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:03:58:E2:A1:D0:84:A6:5F:76:0B:63:43:9A:11:3D:9F:CA:FF:FD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203710.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:144::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:fe:68:1e:3f:f5:7f:46:a2:01:b4:ea:a4:7a:72:44:c2:5c:
         ce:c2:35:ac:23:0a:d2:c0:e9:62:1f:c0:b0:d1:08:3c:f4:39:
         00:93:dc:59:81:d7:d4:17:82:21:f8:fc:14:88:53:d9:15:3e:
         b1:10:32:5b:ed:f0:34:36:85:e4:af:5a:31:44:bb:99:59:f0:
         16:fe:df:48:78:d1:61:b4:fc:07:1d:42:8e:db:c4:b7:f4:cf:
         e6:30:38:2e:5b:e2:7f:44:8f:9f:8f:0c:78:46:72:b9:84:ae:
         dc:85:6f:96:e1:3e:34:44:c7:14:34:15:f9:e9:c8:fd:a1:a7:
         df:52:ff:6e:63:7c:78:b8:ba:02:5e:0e:9c:0e:a2:1c:54:11:
         0f:36:94:99:13:7f:74:e6:aa:62:f2:b4:f8:58:d6:85:a3:16:
         3d:e8:e8:fe:da:e0:22:9b:9a:51:bc:fd:83:0b:f0:c0:db:8a:
         98:5c:1e:17:1e:5d:cb:08:14:d2:ba:58:06:45:c0:7e:85:e1:
         f4:59:1c:3c:c5:d2:4c:a0:c5:67:37:10:c0:57:23:0c:12:09:
         e5:de:82:7d:7a:ff:b0:cf:79:cb:97:45:c8:0e:96:bd:99:7b:
         44:73:0b:a5:ba:35:0d:81:a8:b5:08:c6:4b:97:22:4d:17:7e:
         67:cf:7a:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPTALZwxX/t2Lqt13+eNloYImKqIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMDIxODU0MTRaFw0yNzAzMDExODU5MTRaMDMxMTAvBgNV
BAMTKDFEMDM1OEUyQTFEMDg0QTY1Rjc2MEI2MzQzOUExMTNEOUZDQUZGRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgBfD9Q6uQIZU3Vqc3hJu34hcz
Vjj2oDIfM+vehQTMVOrwYmgrKn0MyZNTtCpz1gctUtIOlcTP9MooNSwvIpAIV+v+
EzIYurFboU7Vfeby3aA/TkFp73GMxDdobzwTE0QawUNflqwKkQI9M8slXE6TLfUK
lN7EEASk9ZtrD13zjrsB7QqF/VDja9FQgzs3QCwtBDDNfKhxFsx7YLvlybt9rLXh
ktZjfq9OVph1YcJc33+2YeQEpF6MlejczN6JRiqfQgUB7zfeGf+A2LW5yPv3IUqc
dEeCTxiChUEJaIFBI7Hts+nslsNM7nQT4QGdSJoN0tler8g4EC7ZvSDkJyyTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUHQNY4qHQhKZfdgtjQ5oRPZ/K//0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzNzEwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFEMA0GCSqGSIb3DQEBCwUAA4IBAQAZ/mgeP/V/RqIBtOqkenJEwlzOwjWsIwrS
wOliH8Cw0Qg89DkAk9xZgdfUF4Ih+PwUiFPZFT6xEDJb7fA0NoXkr1oxRLuZWfAW
/t9IeNFhtPwHHUKO28S39M/mMDguW+J/RI+fjwx4RnK5hK7chW+W4T40RMcUNBX5
6cj9oaffUv9uY3x4uLoCXg6cDqIcVBEPNpSZE3905qpi8rT4WNaFoxY96Oj+2uAi
m5pRvP2DC/DA24qYXB4XHl3LCBTSulgGRcB+heH0WRw8xdJMoMVnNxDAVyMMEgnl
3oJ9ev+wz3nLl0XIDpa9mXtEcwulujUNgai1CMZLlyJNF35nz3qU
-----END CERTIFICATE-----