Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa
File:                     AS209861.roa (raw, json)
Hash identifier:          llcZqUTJedBPtrzqV5oneoB+rEGy5+5qiiYeYGwZ9XA=
Subject key identifier:   42:12:CF:1F:2E:6B:2E:9F:DA:FF:BF:E6:D9:6D:EE:91:AB:B6:82:F9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AFECDC470F13E3C6E923D141FF5B839DFC4FA2A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa
Signing time:             Tue 27 May 2025 05:53:05 +0000
ROA not before:           Tue 27 May 2025 05:48:05 +0000
ROA not after:            Tue 26 May 2026 05:53:05 +0000
asID:                     209861
IP address blocks:        2a13:9500:66::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:fe:cd:c4:70:f1:3e:3c:6e:92:3d:14:1f:f5:b8:39:df:c4:fa:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 27 05:48:05 2025 GMT
            Not After : May 26 05:53:05 2026 GMT
        Subject: CN=4212CF1F2E6B2E9FDAFFBFE6D96DEE91ABB682F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:d5:2e:6f:21:ad:f2:4d:50:73:e9:7a:a8:0b:
                    c5:a9:fc:33:a0:54:b0:e7:af:92:09:25:7b:21:0c:
                    b7:18:b4:0c:0e:f8:56:4a:5e:ae:cf:06:6a:d6:40:
                    21:20:c7:6b:f2:b1:aa:5e:ed:63:5a:e6:3a:46:c1:
                    85:17:75:7e:9e:80:01:c1:44:cb:8d:58:65:e1:77:
                    76:f6:27:23:5b:f0:60:0a:26:dc:b0:b9:42:a5:c8:
                    77:3e:f3:d5:36:c5:2b:ed:a9:d0:bb:7d:39:1d:15:
                    b5:f9:98:0f:62:d4:09:c2:a4:c6:a9:eb:4c:b5:99:
                    ca:b2:cd:bc:b3:f7:5c:45:92:58:85:d3:d4:b2:37:
                    48:ab:dd:aa:94:89:59:0a:4e:80:11:65:12:77:6b:
                    94:a9:83:75:44:7d:dc:5b:3b:a8:69:d7:37:aa:37:
                    5a:3d:42:a8:80:f7:83:1c:3e:21:4b:ac:0d:3d:a0:
                    39:5a:a3:ea:86:e8:9b:00:f9:22:c8:75:19:7c:7d:
                    d7:b9:41:09:d3:cd:8a:2a:0d:9c:cd:10:7b:a0:c3:
                    36:22:b4:ef:e6:6c:dc:f8:63:53:69:8c:45:6d:57:
                    d6:eb:2e:7f:fc:99:36:02:5d:35:65:ff:6b:c4:6b:
                    a1:25:3a:89:ea:de:46:bb:70:70:a8:9d:40:b2:90:
                    cb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:12:CF:1F:2E:6B:2E:9F:DA:FF:BF:E6:D9:6D:EE:91:AB:B6:82:F9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209861.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:66::/48

    Signature Algorithm: sha256WithRSAEncryption
         0d:72:c5:82:c6:8f:87:8d:fd:b3:ed:eb:69:79:56:ec:4d:80:
         8b:03:e6:cd:88:67:16:6d:42:12:07:71:1b:49:cc:3f:f9:3b:
         94:b1:77:38:e9:98:6e:2f:d7:f6:e6:99:c3:33:08:b7:d7:ae:
         7f:a9:9a:88:d7:f6:15:22:04:5c:34:0a:93:90:a9:af:71:2f:
         5f:48:c8:e0:75:30:ef:be:d3:17:83:43:dc:38:50:4a:53:56:
         5f:51:95:cc:2f:85:c6:8f:56:41:b9:ad:20:1d:cf:25:c6:2f:
         3e:4d:82:10:77:33:ef:bd:8f:79:92:4e:4e:c8:a8:72:c6:cc:
         e3:ac:32:a3:48:e1:e0:61:b1:a3:b6:60:1e:53:57:f4:5f:83:
         39:11:13:c7:72:4e:16:fe:53:e2:db:ad:35:25:df:a2:c8:8b:
         97:2b:6b:8b:32:e9:ab:89:ea:6f:ec:48:c4:e5:63:78:43:2f:
         0b:96:1d:cf:cf:88:75:a6:59:47:6f:9c:51:8f:d5:80:d2:e9:
         88:a1:c8:49:3b:be:88:7e:44:ab:1b:9a:41:37:57:bc:42:05:
         4f:6b:38:c8:3e:20:27:55:ca:7a:5f:a5:0b:45:8e:df:fe:53:
         4e:be:0e:74:20:cd:8b:1b:10:18:77:ab:92:bd:b6:74:3f:da:
         7a:eb:17:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKv7NxHDxPjxukj0UH/W4Od/E+iowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjcwNTQ4MDVaFw0yNjA1MjYwNTUzMDVaMDMxMTAvBgNV
BAMTKDQyMTJDRjFGMkU2QjJFOUZEQUZGQkZFNkQ5NkRFRTkxQUJCNjgyRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCM1S5vIa3yTVBz6XqoC8Wp/DOg
VLDnr5IJJXshDLcYtAwO+FZKXq7PBmrWQCEgx2vysape7WNa5jpGwYUXdX6egAHB
RMuNWGXhd3b2JyNb8GAKJtywuUKlyHc+89U2xSvtqdC7fTkdFbX5mA9i1AnCpMap
60y1mcqyzbyz91xFkliF09SyN0ir3aqUiVkKToARZRJ3a5Spg3VEfdxbO6hp1zeq
N1o9QqiA94McPiFLrA09oDlao+qG6JsA+SLIdRl8fde5QQnTzYoqDZzNEHugwzYi
tO/mbNz4Y1NpjEVtV9brLn/8mTYCXTVl/2vEa6ElOonq3ka7cHConUCykMuxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQhLPHy5rLp/a/7/m2W3ukau2gvkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5ODYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABmMA0GCSqGSIb3DQEBCwUAA4IBAQANcsWCxo+Hjf2z7etpeVbsTYCLA+bNiGcW
bUISB3EbScw/+TuUsXc46ZhuL9f25pnDMwi3165/qZqI1/YVIgRcNAqTkKmvcS9f
SMjgdTDvvtMXg0PcOFBKU1ZfUZXML4XGj1ZBua0gHc8lxi8+TYIQdzPvvY95kk5O
yKhyxszjrDKjSOHgYbGjtmAeU1f0X4M5ERPHck4W/lPi2601Jd+iyIuXK2uLMumr
iepv7EjE5WN4Qy8Llh3Pz4h1pllHb5xRj9WA0umIochJO76IfkSrG5pBN1e8QgVP
azjIPiAnVcp6X6ULRY7f/lNOvg50IM2LGxAYd6uSvbZ0P9p66xew
-----END CERTIFICATE-----