Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
File:                     AS206921.roa (raw, json)
Hash identifier:          Wd6JQKc5jtPTyCSj3tcZK6etYV9XTmpqCpPQJTlJOBU=
Subject key identifier:   EA:57:8C:7F:C4:F7:BE:36:4C:F4:DC:80:A9:05:AA:76:A5:E2:28:13
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       17BD45D1EEAA155CA9DF57CB698C6A488F7DC871
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
Signing time:             Tue 02 Jun 2026 18:47:24 +0000
ROA not before:           Tue 02 Jun 2026 18:42:24 +0000
ROA not after:            Tue 01 Jun 2027 18:47:24 +0000
asID:                     206921
IP address blocks:        2a13:9500:9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:bd:45:d1:ee:aa:15:5c:a9:df:57:cb:69:8c:6a:48:8f:7d:c8:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 18:42:24 2026 GMT
            Not After : Jun  1 18:47:24 2027 GMT
        Subject: CN=EA578C7FC4F7BE364CF4DC80A905AA76A5E22813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:ef:35:d3:89:34:2c:c5:f9:bb:0f:b2:84:63:
                    27:c5:a1:f1:f7:7b:ed:f7:aa:f2:8a:6f:d3:bd:f8:
                    8b:53:6d:0a:77:73:37:80:6e:92:ba:57:1b:3a:cb:
                    06:50:e7:87:3b:67:62:d0:f6:9c:84:7d:5b:85:82:
                    6d:36:f6:93:ae:40:00:b3:33:45:8d:9b:e5:a5:dc:
                    cf:c0:4a:2e:92:2e:98:84:17:5a:89:c0:db:d4:4e:
                    08:f7:69:ee:e6:aa:57:96:9a:24:c5:53:8e:8e:af:
                    b3:27:75:0f:7c:8f:b9:ba:d0:69:53:ef:54:d7:3a:
                    77:ee:60:25:b0:d6:23:57:39:27:65:c9:e4:5b:9e:
                    b1:b4:33:cf:5a:c9:6e:af:45:a1:d9:12:ba:57:72:
                    0a:b0:fa:33:71:16:da:92:82:74:c3:75:02:7d:19:
                    e5:b3:bf:e9:c1:3f:32:31:8d:95:c8:44:28:3d:83:
                    1b:6c:24:f8:31:a6:d5:cb:34:0f:a4:ee:c3:d5:c3:
                    54:9c:c3:0d:d2:69:0d:6c:5d:2a:68:f0:b6:03:73:
                    dd:bb:d7:9e:f6:6a:f5:66:f5:10:bf:b9:9c:42:04:
                    61:cc:60:05:c1:52:31:54:23:5f:0d:d8:ef:8a:aa:
                    8f:b3:2a:07:e9:0f:41:56:e3:7e:a6:d1:69:95:27:
                    8d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:57:8C:7F:C4:F7:BE:36:4C:F4:DC:80:A9:05:AA:76:A5:E2:28:13
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:35:32:9e:f0:20:32:a9:c4:33:cf:1f:1e:35:42:a0:ec:b2:
         76:a4:12:4c:7e:d1:80:1f:71:aa:e4:0d:3d:55:6d:07:ed:1a:
         7d:a8:ce:89:ad:b6:5b:59:6f:ee:3b:89:69:7c:3f:86:83:33:
         47:30:fa:c1:3e:c9:d9:47:1a:14:1f:67:f6:e7:62:c2:e0:e6:
         c6:0d:52:d7:fe:a5:54:cf:92:ac:21:09:9d:7a:8f:f6:67:12:
         07:93:10:2a:7e:a0:5b:39:fe:bb:99:7c:b0:fe:37:7e:c6:93:
         6b:78:08:f3:30:37:8f:a4:12:91:b3:08:ed:b9:41:a5:12:95:
         b8:10:a2:2c:a2:42:fb:42:83:8a:f5:66:d4:dc:0c:ee:8e:4b:
         22:3c:ad:10:3b:74:3b:5a:40:65:f6:91:ad:f9:b8:4e:6f:d0:
         49:dc:f4:14:b2:ce:61:a1:b4:8a:6a:61:6b:3d:02:59:ca:50:
         71:35:e3:13:12:4d:54:ff:5e:69:66:fe:a6:38:7c:80:2b:36:
         23:18:a0:75:ec:82:86:a9:52:53:fe:4b:22:7d:6d:0b:2f:ab:
         40:7b:dc:0c:06:c9:63:7e:26:12:a0:19:ef:5c:f6:9e:06:87:
         0c:49:e9:6f:eb:f5:6e:3c:25:ec:39:b8:92:03:c0:88:84:41:
         88:68:75:4a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUF71F0e6qFVyp31fLaYxqSI99yHEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxODQyMjRaFw0yNzA2MDExODQ3MjRaMDMxMTAvBgNV
BAMTKEVBNTc4QzdGQzRGN0JFMzY0Q0Y0REM4MEE5MDVBQTc2QTVFMjI4MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK7zXTiTQsxfm7D7KEYyfFofH3
e+33qvKKb9O9+ItTbQp3czeAbpK6Vxs6ywZQ54c7Z2LQ9pyEfVuFgm029pOuQACz
M0WNm+Wl3M/ASi6SLpiEF1qJwNvUTgj3ae7mqleWmiTFU46Or7MndQ98j7m60GlT
71TXOnfuYCWw1iNXOSdlyeRbnrG0M89ayW6vRaHZErpXcgqw+jNxFtqSgnTDdQJ9
GeWzv+nBPzIxjZXIRCg9gxtsJPgxptXLNA+k7sPVw1Scww3SaQ1sXSpo8LYDc927
1572avVm9RC/uZxCBGHMYAXBUjFUI18N2O+Kqo+zKgfpD0FW436m0WmVJ431AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU6leMf8T3vjZM9NyAqQWqdqXiKBMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2OTIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACcMA0GCSqGSIb3DQEBCwUAA4IBAQCbNTKe8CAyqcQzzx8eNUKg7LJ2pBJMftGA
H3Gq5A09VW0H7Rp9qM6JrbZbWW/uO4lpfD+GgzNHMPrBPsnZRxoUH2f252LC4ObG
DVLX/qVUz5KsIQmdeo/2ZxIHkxAqfqBbOf67mXyw/jd+xpNreAjzMDePpBKRswjt
uUGlEpW4EKIsokL7QoOK9WbU3AzujksiPK0QO3Q7WkBl9pGt+bhOb9BJ3PQUss5h
obSKamFrPQJZylBxNeMTEk1U/15pZv6mOHyAKzYjGKB17IKGqVJT/ksifW0LL6tA
e9wMBsljfiYSoBnvXPaeBocMSelv6/VuPCXsObiSA8CIhEGIaHVK
-----END CERTIFICATE-----