Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
File:                     AS207344.roa (raw, json)
Hash identifier:          0ut/vlTw2D5lDPQBGvPQeeCB3eGlI1C8chpRgqyhwpw=
Subject key identifier:   D7:66:09:A6:7F:4C:1A:A7:AD:7C:E5:00:E1:73:E8:F7:B5:90:BD:30
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       451DF3079068FBFD3902D38D8F458BCDBF8B36C0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa
Signing time:             Tue 26 Aug 2025 23:35:36 +0000
ROA not before:           Tue 26 Aug 2025 23:30:36 +0000
ROA not after:            Tue 25 Aug 2026 23:35:36 +0000
asID:                     207344
IP address blocks:        2a13:9500:8f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:1d:f3:07:90:68:fb:fd:39:02:d3:8d:8f:45:8b:cd:bf:8b:36:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 26 23:30:36 2025 GMT
            Not After : Aug 25 23:35:36 2026 GMT
        Subject: CN=D76609A67F4C1AA7AD7CE500E173E8F7B590BD30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:55:cc:c3:19:ec:9c:17:98:34:a6:8b:e6:e6:
                    60:17:01:c8:77:dc:b1:1a:11:aa:41:90:56:46:66:
                    b6:b8:28:87:28:05:cc:48:5d:da:9b:29:ac:5a:08:
                    5e:69:e2:c2:f9:ba:ba:57:fb:93:f2:1c:b5:4d:0c:
                    74:2d:64:c5:da:85:a6:7d:a6:14:48:38:bc:31:f9:
                    9c:a7:24:1d:c7:68:23:fb:f8:d8:d7:ce:68:94:7f:
                    51:24:e6:f1:ef:32:ad:64:38:83:5a:a3:98:73:f0:
                    0c:bc:62:13:2b:ee:0d:d4:15:9c:82:09:bb:83:00:
                    7d:0d:96:9c:1e:b8:04:57:8c:ee:e1:2d:9a:0d:4f:
                    d4:b1:4e:3f:7c:61:5a:ae:4e:21:ff:2e:0f:4e:b7:
                    ff:40:54:f7:04:7d:fb:fe:17:18:7d:36:31:d6:8d:
                    fe:4f:53:00:33:1e:68:c2:70:75:9b:e6:70:26:1c:
                    29:f3:e9:5e:76:83:6d:79:fb:f1:35:be:58:7d:52:
                    ee:97:98:4b:2e:8d:0a:7c:49:a2:cd:a3:17:ee:b9:
                    e3:a1:a7:19:50:16:14:2b:96:d6:4d:5c:bc:40:8b:
                    21:de:d2:b5:54:e7:f5:d4:e3:73:db:7e:82:0b:ea:
                    bb:38:59:2f:82:48:07:7b:01:67:6c:ca:c1:41:92:
                    bb:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:66:09:A6:7F:4C:1A:A7:AD:7C:E5:00:E1:73:E8:F7:B5:90:BD:30
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207344.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8f::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:42:31:84:af:aa:44:98:dc:d4:5b:99:a6:0d:79:24:2c:a7:
         99:7a:f4:20:0c:1f:6d:34:d0:45:cc:98:c6:2b:d7:76:25:4a:
         dd:70:17:3c:03:72:47:14:d0:c5:0d:60:b1:db:22:f8:5a:b4:
         3e:b3:2b:35:88:eb:bd:28:b6:80:f0:9e:cd:59:9a:80:30:42:
         67:53:d9:53:c4:1d:e2:b8:16:3c:64:87:40:26:89:2f:f0:a7:
         7b:44:90:08:5c:57:4a:dc:13:4f:9c:c3:f3:41:79:57:ce:44:
         b3:56:62:97:ab:ff:81:66:1b:17:be:25:7a:98:0e:18:8e:e5:
         2a:47:9c:23:a5:38:cf:8f:a4:6b:75:ec:25:74:36:20:36:4f:
         68:41:7a:f2:a1:38:95:5e:95:c1:82:ef:87:35:d9:04:f6:0b:
         ab:2e:b5:4b:14:aa:04:c9:48:22:3b:e4:7d:14:e9:0f:f6:e1:
         ae:42:fd:88:65:dc:3c:00:16:50:24:13:14:3d:74:7c:d1:13:
         39:18:69:88:2b:3c:a8:56:b6:99:29:05:a6:52:ca:89:91:6d:
         01:9b:62:53:93:59:5c:50:e4:c0:ee:91:78:9b:eb:47:b5:0e:
         70:d3:84:b7:04:69:3a:82:c0:d5:e8:37:e0:3f:f3:f9:27:6e:
         bf:c1:49:23
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURR3zB5Bo+/05AtONj0WLzb+LNsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MjYyMzMwMzZaFw0yNjA4MjUyMzM1MzZaMDMxMTAvBgNV
BAMTKEQ3NjYwOUE2N0Y0QzFBQTdBRDdDRTUwMEUxNzNFOEY3QjU5MEJEMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChVczDGeycF5g0povm5mAXAch3
3LEaEapBkFZGZra4KIcoBcxIXdqbKaxaCF5p4sL5urpX+5PyHLVNDHQtZMXahaZ9
phRIOLwx+ZynJB3HaCP7+NjXzmiUf1Ek5vHvMq1kOINao5hz8Ay8YhMr7g3UFZyC
CbuDAH0NlpweuARXjO7hLZoNT9SxTj98YVquTiH/Lg9Ot/9AVPcEffv+Fxh9NjHW
jf5PUwAzHmjCcHWb5nAmHCnz6V52g215+/E1vlh9Uu6XmEsujQp8SaLNoxfuueOh
pxlQFhQrltZNXLxAiyHe0rVU5/XU43PbfoIL6rs4WS+CSAd7AWdsysFBkrsTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU12YJpn9MGqetfOUA4XPo97WQvTAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3MzQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACPMA0GCSqGSIb3DQEBCwUAA4IBAQBNQjGEr6pEmNzUW5mmDXkkLKeZevQgDB9t
NNBFzJjGK9d2JUrdcBc8A3JHFNDFDWCx2yL4WrQ+sys1iOu9KLaA8J7NWZqAMEJn
U9lTxB3iuBY8ZIdAJokv8Kd7RJAIXFdK3BNPnMPzQXlXzkSzVmKXq/+BZhsXviV6
mA4YjuUqR5wjpTjPj6RrdewldDYgNk9oQXryoTiVXpXBgu+HNdkE9gurLrVLFKoE
yUgiO+R9FOkP9uGuQv2IZdw8ABZQJBMUPXR80RM5GGmIKzyoVraZKQWmUsqJkW0B
m2JTk1lcUOTA7pF4m+tHtQ5w04S3BGk6gsDV6DfgP/P5J26/wUkj
-----END CERTIFICATE-----