Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
File:                     AS206921.roa (raw, json)
Hash identifier:          5F0xYmc1fH4HDuZLwJqm+4cCKPPndO8xsO1vopZDBmk=
Subject key identifier:   67:BD:F3:87:54:B3:CE:43:F5:69:1C:04:CE:29:DA:27:EB:BC:65:BC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       150F5E4BDD47A90D4B7D4998A1D4D26C9CADD493
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa
Signing time:             Tue 01 Jul 2025 18:00:52 +0000
ROA not before:           Tue 01 Jul 2025 17:55:52 +0000
ROA not after:            Tue 30 Jun 2026 18:00:52 +0000
asID:                     206921
IP address blocks:        2a13:9500:9c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:0f:5e:4b:dd:47:a9:0d:4b:7d:49:98:a1:d4:d2:6c:9c:ad:d4:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  1 17:55:52 2025 GMT
            Not After : Jun 30 18:00:52 2026 GMT
        Subject: CN=67BDF38754B3CE43F5691C04CE29DA27EBBC65BC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ba:9d:7d:ce:59:91:4c:5d:ca:18:26:47:ad:
                    ab:8e:8c:de:3f:60:a1:db:9b:ae:8a:42:93:ca:36:
                    22:91:55:e5:21:d2:3d:e6:e9:1f:fb:1d:a5:18:c7:
                    49:ac:0d:4f:f9:56:69:35:07:82:17:0e:e8:12:e0:
                    8c:7b:6b:e5:fb:a3:82:0c:e0:8c:e2:42:04:fc:5d:
                    28:18:3d:3b:8c:f9:8d:07:69:08:61:cf:9b:18:e0:
                    7c:64:42:f8:71:ee:12:ea:24:50:20:8f:28:3b:74:
                    96:c5:6a:c1:2e:65:b5:1f:fe:fa:ed:2d:a6:5f:18:
                    75:ad:90:42:31:34:51:91:cb:1b:96:0b:8a:8a:3d:
                    4a:ce:fb:57:bc:77:28:2f:35:70:8a:09:b0:e7:e3:
                    79:0b:b6:40:d6:2c:55:29:db:97:b4:37:11:37:90:
                    ed:4e:9b:b6:82:1e:3b:18:3b:bf:99:cd:72:c6:f3:
                    bc:fd:a9:53:9e:3b:c8:d0:9b:c9:ef:ce:bd:be:c5:
                    3f:e4:64:e0:5d:2a:75:de:2f:c2:45:4a:ee:15:32:
                    8f:f1:2b:88:54:36:b4:3d:da:bc:f0:bb:1b:13:4d:
                    88:c6:20:53:b6:40:0e:1c:68:62:be:e8:02:20:7e:
                    f0:72:0e:3b:c5:84:4f:a7:93:27:6b:af:6a:48:94:
                    18:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:BD:F3:87:54:B3:CE:43:F5:69:1C:04:CE:29:DA:27:EB:BC:65:BC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206921.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:9c::/48

    Signature Algorithm: sha256WithRSAEncryption
         25:4a:e0:40:51:51:26:3d:9e:2e:f7:4d:d3:c6:fb:44:12:0b:
         9c:dc:a8:46:30:7e:30:91:91:8e:f8:ad:fe:da:13:7d:74:fa:
         b1:5b:df:93:c0:51:fc:03:f4:5e:c6:cf:a6:24:ed:b2:0a:0a:
         bd:8c:48:6a:98:3b:c7:35:e7:e6:7d:46:fa:f0:76:b6:a5:72:
         ad:1c:b2:85:f7:50:74:cd:13:dc:c1:db:f4:25:45:f2:3e:3a:
         dd:1c:fe:25:bb:ff:2c:23:71:91:78:24:3d:83:a5:47:47:7c:
         8c:1e:14:80:89:d0:96:a8:4f:f5:4e:59:6e:2a:b3:6d:4a:04:
         de:05:d2:3e:ff:4e:01:d8:bd:7f:8f:c2:1a:a1:c8:12:45:fc:
         b0:f6:df:9c:b0:53:75:62:38:06:12:af:3b:96:f2:b4:a9:61:
         67:d2:c0:e6:c6:0c:ae:15:08:ae:ec:48:34:d4:be:37:cb:60:
         1d:5e:ce:c0:19:ad:c9:d0:a5:27:c1:39:62:e7:da:8b:7c:69:
         63:8b:90:4b:e8:d4:eb:ba:72:4b:37:ab:ca:21:0a:2b:48:f4:
         ca:85:55:e5:d1:8f:7a:d7:74:73:05:b4:26:13:32:2b:cc:78:
         2d:ec:63:67:a9:63:52:53:65:d5:50:fc:e9:e2:04:89:95:32:
         03:f6:84:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFQ9eS91HqQ1LfUmYodTSbJyt1JMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDExNzU1NTJaFw0yNjA2MzAxODAwNTJaMDMxMTAvBgNV
BAMTKDY3QkRGMzg3NTRCM0NFNDNGNTY5MUMwNENFMjlEQTI3RUJCQzY1QkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfup19zlmRTF3KGCZHrauOjN4/
YKHbm66KQpPKNiKRVeUh0j3m6R/7HaUYx0msDU/5Vmk1B4IXDugS4Ix7a+X7o4IM
4IziQgT8XSgYPTuM+Y0HaQhhz5sY4HxkQvhx7hLqJFAgjyg7dJbFasEuZbUf/vrt
LaZfGHWtkEIxNFGRyxuWC4qKPUrO+1e8dygvNXCKCbDn43kLtkDWLFUp25e0NxE3
kO1Om7aCHjsYO7+ZzXLG87z9qVOeO8jQm8nvzr2+xT/kZOBdKnXeL8JFSu4VMo/x
K4hUNrQ92rzwuxsTTYjGIFO2QA4caGK+6AIgfvByDjvFhE+nkydrr2pIlBgbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUZ73zh1SzzkP1aRwEzinaJ+u8ZbwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2OTIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACcMA0GCSqGSIb3DQEBCwUAA4IBAQAlSuBAUVEmPZ4u903TxvtEEguc3KhGMH4w
kZGO+K3+2hN9dPqxW9+TwFH8A/Rexs+mJO2yCgq9jEhqmDvHNefmfUb68Ha2pXKt
HLKF91B0zRPcwdv0JUXyPjrdHP4lu/8sI3GReCQ9g6VHR3yMHhSAidCWqE/1Tllu
KrNtSgTeBdI+/04B2L1/j8IaocgSRfyw9t+csFN1YjgGEq87lvK0qWFn0sDmxgyu
FQiu7Eg01L43y2AdXs7AGa3J0KUnwTli59qLfGlji5BL6NTrunJLN6vKIQorSPTK
hVXl0Y9613RzBbQmEzIrzHgt7GNnqWNSU2XVUPzp4gSJlTID9oQg
-----END CERTIFICATE-----