Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209181.roa
File:                     AS209181.roa (raw, json)
Hash identifier:          g7jLeZzKIZCA7Q/pt6yTICPp+XwszXpxUlN6bBmpYKk=
Subject key identifier:   77:6C:03:43:C6:CB:BF:CA:4E:CF:C1:2D:D9:2F:3A:6E:8D:94:54:01
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5969B9A0F6AE2E50E57B68E791E96C3CA87A9903
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209181.roa
Signing time:             Thu 02 Jan 2025 07:43:07 +0000
ROA not before:           Thu 02 Jan 2025 07:38:07 +0000
ROA not after:            Thu 01 Jan 2026 07:43:07 +0000
asID:                     209181
IP address blocks:        2a13:9500:2d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:69:b9:a0:f6:ae:2e:50:e5:7b:68:e7:91:e9:6c:3c:a8:7a:99:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan  2 07:38:07 2025 GMT
            Not After : Jan  1 07:43:07 2026 GMT
        Subject: CN=776C0343C6CBBFCA4ECFC12DD92F3A6E8D945401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:14:83:02:a1:2f:71:ab:51:0c:68:ab:7c:4a:
                    25:38:e9:db:ea:e1:54:86:fc:5c:b3:51:64:d4:8a:
                    8c:c7:72:6c:06:8f:02:1e:da:cd:f6:c8:74:86:08:
                    c6:37:88:21:8b:87:73:8c:3f:56:c0:41:9c:e5:98:
                    e3:2c:56:3d:fc:3a:05:10:d0:4a:89:44:d6:ad:97:
                    31:e1:f5:c8:20:9a:99:e9:f7:ff:f0:6b:78:6c:69:
                    7b:55:48:79:2d:87:43:ab:1a:10:91:c1:20:bf:c1:
                    f5:39:a6:31:70:48:69:72:2b:77:c6:d0:70:65:26:
                    a7:0d:78:e7:4c:1d:1a:44:9e:bd:22:8f:ef:f3:b4:
                    ed:a4:7b:c1:da:5a:7e:63:e4:d4:d0:c0:30:01:0e:
                    07:8d:4c:47:c5:c6:a8:4f:3d:ba:6e:01:b8:7f:42:
                    db:28:47:96:ed:a9:78:58:5a:ca:c1:c0:a5:81:20:
                    92:ec:f7:19:0d:09:ec:9b:90:d5:96:53:49:76:4e:
                    f1:1c:b4:4c:02:8a:6b:41:6f:67:b6:04:6f:19:7f:
                    d3:19:fd:1b:52:7c:5c:6c:4f:20:ca:70:80:8d:44:
                    6e:59:cf:9b:28:dc:44:dc:6f:9e:43:98:83:12:a3:
                    2e:75:b8:a2:d9:33:d2:68:b4:60:d3:43:35:fd:bc:
                    50:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:6C:03:43:C6:CB:BF:CA:4E:CF:C1:2D:D9:2F:3A:6E:8D:94:54:01
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209181.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:2d::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:c5:76:5c:c9:26:7d:f9:7e:a1:31:98:fd:7d:f7:9b:b1:e7:
         08:34:b1:d0:70:b3:d3:e6:cf:17:e7:7c:ac:7a:12:34:19:89:
         00:1c:e8:98:1e:af:6f:b8:24:04:2c:c1:13:f1:23:3f:b6:24:
         82:1b:4d:87:27:2d:3f:f5:e7:ac:fb:12:8c:4a:c7:a5:fd:9d:
         38:a3:c9:f4:ae:76:bd:35:0f:cf:fd:c6:f4:bf:ab:25:bb:cd:
         e8:01:c8:8c:cd:85:96:db:a7:98:57:05:b3:0f:13:2e:09:56:
         06:db:f9:39:a8:f8:18:75:04:a6:db:86:2a:a9:4d:e3:fd:ea:
         9e:73:a5:4e:b4:d1:4c:25:f1:8f:fd:2d:dc:45:02:1e:73:2e:
         5b:88:e0:e9:3d:f8:84:0d:f3:5b:76:47:a2:3d:c1:74:0d:a1:
         8d:98:33:d3:d2:39:d0:75:98:75:9a:4a:6e:dc:ad:94:c1:11:
         c6:0a:c7:e9:16:42:17:0f:f0:44:7d:bc:16:b1:ac:de:16:d0:
         2a:8e:37:07:61:a8:6b:bf:51:7f:7c:a0:18:67:29:52:ea:5c:
         26:2a:f0:aa:58:36:f9:79:67:14:f6:8f:c1:52:43:e3:80:8f:
         dc:1f:64:41:1e:b3:1b:5a:18:89:c5:4a:84:df:d5:2e:b2:1b:
         0e:a9:05:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWWm5oPauLlDle2jnkelsPKh6mQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMDIwNzM4MDdaFw0yNjAxMDEwNzQzMDdaMDMxMTAvBgNV
BAMTKDc3NkMwMzQzQzZDQkJGQ0E0RUNGQzEyREQ5MkYzQTZFOEQ5NDU0MDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1FIMCoS9xq1EMaKt8SiU46dvq
4VSG/FyzUWTUiozHcmwGjwIe2s32yHSGCMY3iCGLh3OMP1bAQZzlmOMsVj38OgUQ
0EqJRNatlzHh9cggmpnp9//wa3hsaXtVSHkth0OrGhCRwSC/wfU5pjFwSGlyK3fG
0HBlJqcNeOdMHRpEnr0ij+/ztO2ke8HaWn5j5NTQwDABDgeNTEfFxqhPPbpuAbh/
QtsoR5btqXhYWsrBwKWBIJLs9xkNCeybkNWWU0l2TvEctEwCimtBb2e2BG8Zf9MZ
/RtSfFxsTyDKcICNRG5Zz5so3ETcb55DmIMSoy51uKLZM9JotGDTQzX9vFALAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUd2wDQ8bLv8pOz8Et2S86bo2UVAEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5MTgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAAtMA0GCSqGSIb3DQEBCwUAA4IBAQBZxXZcySZ9+X6hMZj9ffebsecINLHQcLPT
5s8X53ysehI0GYkAHOiYHq9vuCQELMET8SM/tiSCG02HJy0/9ees+xKMSsel/Z04
o8n0rna9NQ/P/cb0v6slu83oAciMzYWW26eYVwWzDxMuCVYG2/k5qPgYdQSm24Yq
qU3j/eqec6VOtNFMJfGP/S3cRQIecy5biODpPfiEDfNbdkeiPcF0DaGNmDPT0jnQ
dZh1mkpu3K2UwRHGCsfpFkIXD/BEfbwWsazeFtAqjjcHYahrv1F/fKAYZylS6lwm
KvCqWDb5eWcU9o/BUkPjgI/cH2RBHrMbWhiJxUqE39UushsOqQX/
-----END CERTIFICATE-----