Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210699.roa
File:                     AS210699.roa (raw, json)
Hash identifier:          d3Bfu24Fv59rfE6EF8JQDKhEGGy6OVnfLds5VljjW6o=
Subject key identifier:   93:7A:5F:15:70:93:C8:78:3A:65:A5:76:46:99:2C:2A:49:E5:0D:E5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       512760929E4A3EA9FAC40375F6618BF6513CE3F3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210699.roa
Signing time:             Tue 04 Nov 2025 17:17:58 +0000
ROA not before:           Tue 04 Nov 2025 17:12:58 +0000
ROA not after:            Tue 03 Nov 2026 17:17:58 +0000
asID:                     210699
IP address blocks:        2a13:9500:104::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:27:60:92:9e:4a:3e:a9:fa:c4:03:75:f6:61:8b:f6:51:3c:e3:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov  4 17:12:58 2025 GMT
            Not After : Nov  3 17:17:58 2026 GMT
        Subject: CN=937A5F157093C8783A65A57646992C2A49E50DE5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:f1:1e:de:30:ab:2f:0d:5a:f0:d5:c2:d5:6f:
                    04:9d:f2:7a:4e:eb:93:dc:9b:c1:f5:76:bf:df:10:
                    43:da:ba:e8:59:c5:77:40:8d:f5:39:1a:12:5d:66:
                    cf:f0:1b:e1:9b:f4:a0:32:c9:a3:90:84:dc:c0:a6:
                    ce:15:a2:06:90:61:30:77:c8:69:64:1b:c9:29:bf:
                    22:11:a4:63:1b:68:e7:6b:9a:55:86:c9:06:fb:a6:
                    13:ca:1c:98:44:bf:e2:f3:65:05:55:5a:13:17:b0:
                    a2:03:06:d3:11:6a:d9:c0:04:8b:1a:81:c8:40:4e:
                    ca:fc:df:9f:94:e0:e3:c1:39:60:73:63:d8:0f:a8:
                    aa:87:15:08:20:c7:17:10:99:1c:8d:0c:a3:51:d9:
                    51:03:ed:33:12:88:c8:a3:5a:68:8a:98:3d:58:fa:
                    d8:8e:45:f5:6c:3c:e7:c4:5d:c8:d2:f1:92:e1:63:
                    97:03:bb:27:a1:23:33:84:85:4f:0f:c7:55:93:9a:
                    52:88:cb:28:84:2f:ee:84:b6:11:56:ff:c7:57:43:
                    9b:f1:0f:3a:52:91:9d:64:a2:89:36:ad:70:fb:9b:
                    e5:8c:c3:97:41:8e:11:34:d6:82:cc:38:c2:19:3f:
                    aa:7e:74:fe:76:0b:77:d9:a5:f3:e2:7d:20:0d:7e:
                    45:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:7A:5F:15:70:93:C8:78:3A:65:A5:76:46:99:2C:2A:49:E5:0D:E5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210699.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:104::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:b9:17:7a:5f:8a:89:6c:d2:8d:1b:4d:0d:96:61:9d:74:26:
         eb:f7:18:51:bc:31:a9:95:37:58:68:91:8f:84:ef:da:3e:64:
         4a:85:4d:e7:16:db:70:b6:85:44:30:ba:93:b0:d7:97:a0:7a:
         4e:58:f7:21:b3:8a:68:14:38:42:13:ac:20:84:42:61:e7:f5:
         86:0d:25:64:6c:2b:92:af:16:f0:f3:c4:a8:94:75:b6:a1:7d:
         38:c1:51:15:02:5b:d8:05:9f:42:f0:34:d1:a5:3f:6f:e1:ed:
         c2:c6:5e:f6:e0:2f:4e:74:cd:f2:84:74:ea:4e:74:20:1d:e6:
         c2:da:9a:03:e5:48:16:d3:b7:4c:7c:4a:4f:89:d3:87:59:5d:
         01:54:76:f3:59:9d:cf:a2:38:6b:ec:b5:b8:65:a5:f1:31:d6:
         e6:f8:42:e7:8a:7c:91:76:df:92:f9:e5:0f:ba:07:d6:53:f1:
         0d:b3:b1:2b:d2:3b:2e:8a:37:f5:5d:5a:93:b1:7e:4f:48:66:
         22:46:4a:44:31:ce:fb:21:cc:a9:8d:c8:74:f7:a3:0e:e0:cd:
         89:5c:3e:6e:53:5e:77:4e:d1:7b:54:af:17:2a:7b:d5:3d:68:
         aa:ed:cf:92:73:6b:b8:7d:f7:61:fe:52:bd:a9:34:92:97:4c:
         ce:08:00:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUSdgkp5KPqn6xAN19mGL9lE84/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDQxNzEyNThaFw0yNjExMDMxNzE3NThaMDMxMTAvBgNV
BAMTKDkzN0E1RjE1NzA5M0M4NzgzQTY1QTU3NjQ2OTkyQzJBNDlFNTBERTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk8R7eMKsvDVrw1cLVbwSd8npO
65Pcm8H1dr/fEEPauuhZxXdAjfU5GhJdZs/wG+Gb9KAyyaOQhNzAps4VogaQYTB3
yGlkG8kpvyIRpGMbaOdrmlWGyQb7phPKHJhEv+LzZQVVWhMXsKIDBtMRatnABIsa
gchATsr835+U4OPBOWBzY9gPqKqHFQggxxcQmRyNDKNR2VED7TMSiMijWmiKmD1Y
+tiORfVsPOfEXcjS8ZLhY5cDuyehIzOEhU8Px1WTmlKIyyiEL+6EthFW/8dXQ5vx
DzpSkZ1kook2rXD7m+WMw5dBjhE01oLMOMIZP6p+dP52C3fZpfPifSANfkUHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUk3pfFXCTyHg6ZaV2RpksKknlDeUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwNjk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAEEMA0GCSqGSIb3DQEBCwUAA4IBAQCEuRd6X4qJbNKNG00NlmGddCbr9xhRvDGp
lTdYaJGPhO/aPmRKhU3nFttwtoVEMLqTsNeXoHpOWPchs4poFDhCE6wghEJh5/WG
DSVkbCuSrxbw88SolHW2oX04wVEVAlvYBZ9C8DTRpT9v4e3Cxl724C9OdM3yhHTq
TnQgHebC2poD5UgW07dMfEpPidOHWV0BVHbzWZ3Pojhr7LW4ZaXxMdbm+ELninyR
dt+S+eUPugfWU/ENs7Er0jsuijf1XVqTsX5PSGYiRkpEMc77Icypjch096MO4M2J
XD5uU153TtF7VK8XKnvVPWiq7c+Sc2u4ffdh/lK9qTSSl0zOCAAO
-----END CERTIFICATE-----