Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210356.roa
File:                     AS210356.roa (raw, json)
Hash identifier:          BXf465CzCq8KVWfd0qoDyixWKiHM7hI75ktjjAUG7SI=
Subject key identifier:   1E:B9:54:49:FE:4F:25:4E:DE:75:21:19:3A:F0:45:3E:6D:75:A8:7E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4AE6F318F083A6A04BB8F038CBB7B04C0063E9EA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210356.roa
Signing time:             Tue 02 Jun 2026 13:19:14 +0000
ROA not before:           Tue 02 Jun 2026 13:14:14 +0000
ROA not after:            Tue 01 Jun 2027 13:19:14 +0000
asID:                     210356
IP address blocks:        2a13:9500:141::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:e6:f3:18:f0:83:a6:a0:4b:b8:f0:38:cb:b7:b0:4c:00:63:e9:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 13:14:14 2026 GMT
            Not After : Jun  1 13:19:14 2027 GMT
        Subject: CN=1EB95449FE4F254EDE7521193AF0453E6D75A87E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:67:b8:de:9c:46:c5:7b:03:3b:f5:f5:5e:ae:
                    58:6e:b5:65:7d:e2:de:6c:ee:07:0b:6f:9b:fb:ba:
                    5c:01:a8:8b:ca:68:bd:b4:50:b1:ed:88:ab:64:6e:
                    56:f0:20:55:57:85:4b:b9:61:69:86:cc:98:1e:21:
                    22:2b:aa:04:f3:df:d0:e9:60:d7:bb:d6:ff:a8:2c:
                    85:d4:67:05:92:78:ab:df:94:b2:43:a2:ef:1c:5f:
                    07:88:1d:22:db:08:44:a1:98:d8:2e:11:73:cc:bd:
                    af:46:44:84:2b:0d:2c:27:4a:58:bb:8f:bf:b8:14:
                    91:20:b8:5b:df:7f:ce:d0:28:58:9d:c4:9c:a6:fe:
                    5e:05:53:c1:89:d8:4f:fe:ef:d4:8d:7e:0f:69:25:
                    d7:ca:d3:da:92:9f:72:4e:ea:34:4d:95:d0:95:93:
                    9e:1c:4c:26:62:73:e5:87:9c:27:19:e4:31:2e:b8:
                    46:68:a1:fb:d4:00:c7:fc:b3:9a:76:ac:64:c6:02:
                    7b:05:6f:b9:de:5f:32:16:10:de:b3:a7:04:9c:5c:
                    22:dd:84:23:70:5b:db:a8:77:5d:97:33:28:c9:c2:
                    f0:da:f4:aa:81:de:4a:73:fc:b9:4b:84:d7:d0:e2:
                    ba:84:b0:39:2e:32:27:07:2a:7c:07:8f:5f:ba:ca:
                    06:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B9:54:49:FE:4F:25:4E:DE:75:21:19:3A:F0:45:3E:6D:75:A8:7E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210356.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:141::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:66:b6:a3:0d:40:1a:a8:11:70:f4:3c:67:ef:87:e4:d5:c2:
         4c:c8:f5:17:2c:af:af:74:67:92:47:09:fd:d8:4f:73:44:ee:
         cd:35:f3:c8:93:0b:14:ae:4d:7b:f1:24:8f:54:62:b3:d1:f9:
         c1:d8:1e:18:90:f3:e8:51:f2:11:da:14:35:dc:cd:c9:10:e4:
         c0:77:d6:3d:1e:70:9b:a3:43:2d:75:55:c2:bb:e1:cf:3d:f3:
         ca:c7:82:41:63:58:77:3a:52:34:76:da:e3:5c:45:3b:9c:b4:
         d1:24:d2:72:91:ac:3f:a6:19:c9:86:62:b4:4c:61:bb:50:56:
         7c:57:be:ba:f1:2d:89:84:b8:2d:d6:4f:e0:33:25:00:d9:7b:
         00:a5:eb:02:59:f7:f6:66:c0:84:9f:4c:26:1d:f9:16:c4:ae:
         fc:ac:be:b7:04:81:c6:af:f0:5b:d3:5f:76:8e:70:2e:c6:b3:
         c2:5e:d9:b1:2e:e3:81:b3:3c:8a:42:55:26:11:a3:9c:30:40:
         de:9b:48:b5:cd:77:0f:9e:9f:4b:f8:d1:28:ac:64:ec:9c:84:
         62:d9:ff:6d:d3:9e:59:48:55:df:a1:26:15:e9:be:74:13:26:
         33:22:72:46:ed:ad:9d:ec:14:fb:0b:76:f2:74:c7:f9:84:13:
         89:87:55:be
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSubzGPCDpqBLuPA4y7ewTABj6eowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxMzE0MTRaFw0yNzA2MDExMzE5MTRaMDMxMTAvBgNV
BAMTKDFFQjk1NDQ5RkU0RjI1NEVERTc1MjExOTNBRjA0NTNFNkQ3NUE4N0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCZ7jenEbFewM79fVerlhutWV9
4t5s7gcLb5v7ulwBqIvKaL20ULHtiKtkblbwIFVXhUu5YWmGzJgeISIrqgTz39Dp
YNe71v+oLIXUZwWSeKvflLJDou8cXweIHSLbCEShmNguEXPMva9GRIQrDSwnSli7
j7+4FJEguFvff87QKFidxJym/l4FU8GJ2E/+79SNfg9pJdfK09qSn3JO6jRNldCV
k54cTCZic+WHnCcZ5DEuuEZoofvUAMf8s5p2rGTGAnsFb7neXzIWEN6zpwScXCLd
hCNwW9uod12XMyjJwvDa9KqB3kpz/LlLhNfQ4rqEsDkuMicHKnwHj1+6ygatAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUHrlUSf5PJU7edSEZOvBFPm11qH4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwMzU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFBMA0GCSqGSIb3DQEBCwUAA4IBAQA5ZrajDUAaqBFw9Dxn74fk1cJMyPUXLK+v
dGeSRwn92E9zRO7NNfPIkwsUrk178SSPVGKz0fnB2B4YkPPoUfIR2hQ13M3JEOTA
d9Y9HnCbo0MtdVXCu+HPPfPKx4JBY1h3OlI0dtrjXEU7nLTRJNJykaw/phnJhmK0
TGG7UFZ8V7668S2JhLgt1k/gMyUA2XsApesCWff2ZsCEn0wmHfkWxK78rL63BIHG
r/Bb0192jnAuxrPCXtmxLuOBszyKQlUmEaOcMEDem0i1zXcPnp9L+NEorGTsnIRi
2f9t055ZSFXfoSYV6b50EyYzInJG7a2d7BT7C3bydMf5hBOJh1W+
-----END CERTIFICATE-----