Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210347.roa
File:                     AS210347.roa (raw, json)
Hash identifier:          S70qC1JFPFHgfAoE84qe//8bUoSKIDTpqx5RUEMyAyI=
Subject key identifier:   6E:B0:C0:C8:60:BF:DE:27:D6:2E:0C:B9:EC:50:5B:2E:82:77:9B:64
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3C862B46B7A8B5D8BBFD92C9AA160644E8C41489
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210347.roa
Signing time:             Mon 01 Jun 2026 13:06:59 +0000
ROA not before:           Mon 01 Jun 2026 13:01:59 +0000
ROA not after:            Mon 31 May 2027 13:06:59 +0000
asID:                     210347
IP address blocks:        2a13:9500:189::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:86:2b:46:b7:a8:b5:d8:bb:fd:92:c9:aa:16:06:44:e8:c4:14:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  1 13:01:59 2026 GMT
            Not After : May 31 13:06:59 2027 GMT
        Subject: CN=6EB0C0C860BFDE27D62E0CB9EC505B2E82779B64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:48:b2:3f:d2:24:57:da:e4:ee:83:79:16:13:
                    21:c4:77:12:de:dc:59:4b:23:0b:e1:93:2b:98:f8:
                    57:cb:65:6e:55:01:20:c2:99:1c:3f:f5:01:66:e6:
                    c1:77:2f:4f:71:8d:bc:82:94:aa:8e:1c:f0:21:e2:
                    bc:14:07:cb:b8:3c:6f:e5:b1:1b:73:d3:d6:b7:37:
                    2c:cb:28:45:4d:13:43:46:61:e2:85:92:75:f9:13:
                    ca:15:76:75:ec:0e:68:8a:ba:3b:8e:6f:dc:44:09:
                    0d:73:59:e3:1c:3f:ad:53:2c:28:74:e8:86:cc:db:
                    94:7a:c7:d5:a8:5e:3a:8f:b4:e6:ab:b1:93:c3:f4:
                    3a:2d:cd:0b:b2:96:ec:b4:31:e1:df:84:10:39:92:
                    b3:0f:49:94:c8:c4:2c:cc:bf:d5:92:25:a8:cf:1d:
                    b1:46:90:93:8a:d6:1f:21:af:ae:72:dd:a1:6f:a8:
                    06:27:84:ec:9e:02:23:7d:92:1c:ca:7a:40:5d:6e:
                    43:69:3a:e6:41:fa:bc:03:9d:e2:15:ad:f1:42:7f:
                    a9:5d:28:05:5e:15:f4:30:43:5e:ba:64:79:e3:7e:
                    03:fe:08:be:90:3e:fb:58:42:10:63:d5:6f:92:a5:
                    f7:77:64:00:73:21:1f:ee:7a:41:f7:ea:19:ff:a4:
                    75:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B0:C0:C8:60:BF:DE:27:D6:2E:0C:B9:EC:50:5B:2E:82:77:9B:64
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210347.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:189::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:e7:ce:70:5d:f6:4d:86:44:15:1c:f3:37:1a:d9:f4:d3:7a:
         8e:0b:dc:85:5b:bb:6f:7b:13:c6:b1:21:c5:bf:05:38:d6:f3:
         be:00:bc:aa:d0:d5:12:fd:17:d0:dc:a0:ff:42:bf:ee:1f:c5:
         94:ef:db:1e:7c:00:d1:87:c8:d0:fc:e3:37:6a:a5:b1:3d:da:
         08:62:8b:24:96:3a:c2:42:40:d3:4a:4c:ed:a4:c5:5a:34:b1:
         39:f3:40:d4:99:90:8b:0f:cb:c9:dc:f1:3d:3c:76:42:80:5b:
         e0:be:07:6a:24:1a:f5:c0:bb:d8:e2:1c:03:79:52:47:9b:71:
         a9:fe:14:2d:46:6f:89:a9:4f:20:f3:9c:37:01:87:d1:72:11:
         a9:95:5d:de:65:3d:84:77:ac:d1:f0:91:bd:af:79:9a:5a:94:
         5d:39:07:66:42:93:95:7c:2d:d5:4a:9e:72:6c:e7:66:ac:73:
         db:93:dc:f5:b6:86:31:c2:f9:c8:69:44:80:0d:72:22:da:de:
         40:67:6c:38:00:9b:ef:ce:34:dc:51:d1:ad:17:72:20:04:f6:
         c0:67:e7:9e:b8:e6:b8:88:46:6a:21:76:4a:58:e2:c5:07:fb:
         e9:0b:3b:b7:34:86:ef:02:64:87:b2:60:8e:2d:e0:62:3d:27:
         a5:90:e4:43
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPIYrRreotdi7/ZLJqhYGROjEFIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDExMzAxNTlaFw0yNzA1MzExMzA2NTlaMDMxMTAvBgNV
BAMTKDZFQjBDMEM4NjBCRkRFMjdENjJFMENCOUVDNTA1QjJFODI3NzlCNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvSLI/0iRX2uTug3kWEyHEdxLe
3FlLIwvhkyuY+FfLZW5VASDCmRw/9QFm5sF3L09xjbyClKqOHPAh4rwUB8u4PG/l
sRtz09a3NyzLKEVNE0NGYeKFknX5E8oVdnXsDmiKujuOb9xECQ1zWeMcP61TLCh0
6IbM25R6x9WoXjqPtOarsZPD9DotzQuyluy0MeHfhBA5krMPSZTIxCzMv9WSJajP
HbFGkJOK1h8hr65y3aFvqAYnhOyeAiN9khzKekBdbkNpOuZB+rwDneIVrfFCf6ld
KAVeFfQwQ166ZHnjfgP+CL6QPvtYQhBj1W+Spfd3ZABzIR/uekH36hn/pHUjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUbrDAyGC/3ifWLgy57FBbLoJ3m2QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwMzQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAGJMA0GCSqGSIb3DQEBCwUAA4IBAQAQ585wXfZNhkQVHPM3Gtn003qOC9yFW7tv
exPGsSHFvwU41vO+ALyq0NUS/RfQ3KD/Qr/uH8WU79sefADRh8jQ/OM3aqWxPdoI
YoskljrCQkDTSkztpMVaNLE580DUmZCLD8vJ3PE9PHZCgFvgvgdqJBr1wLvY4hwD
eVJHm3Gp/hQtRm+JqU8g85w3AYfRchGplV3eZT2Ed6zR8JG9r3maWpRdOQdmQpOV
fC3VSp5ybOdmrHPbk9z1toYxwvnIaUSADXIi2t5AZ2w4AJvvzjTcUdGtF3IgBPbA
Z+eeuOa4iEZqIXZKWOLFB/vpCzu3NIbvAmSHsmCOLeBiPSelkORD
-----END CERTIFICATE-----