Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa
File:                     AS210732.roa (raw, json)
Hash identifier:          ZW0NjpgQSLO4ZPqBAK3iAv2Vi5A+6+mQVyJbLrgzTAI=
Subject key identifier:   A3:E8:52:14:5F:94:C9:D3:DB:E9:BB:13:12:44:EB:24:D3:34:52:B9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       47531B40E610E05E1659E621239DD27F54831A94
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa
Signing time:             Fri 26 Jun 2026 11:48:41 +0000
ROA not before:           Fri 26 Jun 2026 11:43:41 +0000
ROA not after:            Fri 25 Jun 2027 11:48:41 +0000
asID:                     210732
IP address blocks:        2a13:9500:4e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:53:1b:40:e6:10:e0:5e:16:59:e6:21:23:9d:d2:7f:54:83:1a:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 26 11:43:41 2026 GMT
            Not After : Jun 25 11:48:41 2027 GMT
        Subject: CN=A3E852145F94C9D3DBE9BB131244EB24D33452B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:0e:f8:ac:1c:8e:9e:02:43:17:73:58:cc:5c:
                    cf:5f:d9:c8:4c:4b:88:b7:aa:22:cb:d9:29:bc:2b:
                    f5:6a:70:02:df:a9:cb:b5:bf:6e:39:02:19:65:aa:
                    c8:da:a2:56:12:5c:10:d4:9a:bd:91:9f:60:cd:09:
                    99:22:ef:30:99:42:87:87:f0:ac:ef:9e:89:1e:53:
                    4c:64:4a:a3:b4:52:f2:28:10:12:03:0f:9e:95:be:
                    05:2c:c2:e1:9c:6c:0a:da:58:77:0a:d9:63:14:4f:
                    86:96:80:4d:7e:64:67:8b:fa:96:19:cc:0a:b5:58:
                    3e:3c:b1:85:ec:dc:26:5d:36:7b:ea:54:c7:4f:6d:
                    34:ba:60:59:f0:f9:80:38:f0:bb:41:cb:fd:4d:fa:
                    d2:bf:60:af:c1:c1:41:bb:9c:0a:f1:38:5f:02:12:
                    cb:2e:fe:14:99:ef:51:0a:d3:c6:9e:4f:df:00:5d:
                    b4:8e:a7:48:4e:0a:7c:b0:05:d3:c0:1d:a0:31:03:
                    ee:79:be:1f:33:b7:09:49:a6:71:5b:13:5d:15:a7:
                    59:e9:cb:c7:39:9a:92:72:78:f2:24:da:90:df:37:
                    8c:f9:fc:b2:e4:2c:c8:48:31:f2:18:f4:5a:4d:39:
                    17:e4:a7:9e:0a:7b:cc:69:d0:49:96:d4:b7:eb:e5:
                    dd:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:E8:52:14:5F:94:C9:D3:DB:E9:BB:13:12:44:EB:24:D3:34:52:B9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:4e::/48

    Signature Algorithm: sha256WithRSAEncryption
         7c:7d:0d:88:ed:2b:a2:c4:0c:d6:a1:de:86:68:b5:bf:65:25:
         54:46:84:6e:02:a0:cd:17:33:92:0c:89:8d:03:15:96:8a:ff:
         46:ab:ff:65:75:09:85:79:17:41:fe:99:76:c0:ee:7c:30:1b:
         96:fb:80:f7:62:df:33:9c:76:0d:83:a3:4d:a5:64:a1:75:00:
         57:95:a7:68:9d:01:cc:cf:ae:3b:17:fb:40:25:ab:eb:d9:46:
         f1:be:ce:f5:b0:ff:0b:21:b3:e8:1d:0e:ed:c6:f8:20:ad:eb:
         f1:e1:f0:12:d9:5f:da:e0:56:ee:f9:5f:2a:78:80:d2:5e:23:
         8d:5c:8e:ea:39:20:10:7a:44:16:ee:e4:f4:17:35:7c:1b:4c:
         a6:75:eb:1a:b8:5d:36:2c:05:59:db:d9:27:f9:2b:cd:14:ef:
         5b:6e:ba:86:99:39:f3:50:8b:33:f3:94:04:ef:28:e3:9e:5c:
         6e:d7:e3:a4:92:bf:9c:d7:c8:f2:d0:c3:dc:95:f2:fa:ee:ba:
         d4:19:44:d8:68:2e:44:cc:b5:89:e0:2b:32:64:c8:d4:1e:c4:
         40:3e:9f:f3:7d:de:ae:a2:2e:8a:b0:e6:e3:78:31:99:40:a1:
         c7:32:6f:03:f0:1d:e5:34:bb:e1:0f:58:74:77:31:7f:94:92:
         48:69:23:5f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUR1MbQOYQ4F4WWeYhI53Sf1SDGpQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MjYxMTQzNDFaFw0yNzA2MjUxMTQ4NDFaMDMxMTAvBgNV
BAMTKEEzRTg1MjE0NUY5NEM5RDNEQkU5QkIxMzEyNDRFQjI0RDMzNDUyQjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDDvisHI6eAkMXc1jMXM9f2chM
S4i3qiLL2Sm8K/VqcALfqcu1v245AhllqsjaolYSXBDUmr2Rn2DNCZki7zCZQoeH
8KzvnokeU0xkSqO0UvIoEBIDD56VvgUswuGcbAraWHcK2WMUT4aWgE1+ZGeL+pYZ
zAq1WD48sYXs3CZdNnvqVMdPbTS6YFnw+YA48LtBy/1N+tK/YK/BwUG7nArxOF8C
Essu/hSZ71EK08aeT98AXbSOp0hOCnywBdPAHaAxA+55vh8ztwlJpnFbE10Vp1np
y8c5mpJyePIk2pDfN4z5/LLkLMhIMfIY9FpNORfkp54Ke8xp0EmW1Lfr5d0ZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUo+hSFF+UydPb6bsTEkTrJNM0UrkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwNzMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABOMA0GCSqGSIb3DQEBCwUAA4IBAQB8fQ2I7SuixAzWod6GaLW/ZSVURoRuAqDN
FzOSDImNAxWWiv9Gq/9ldQmFeRdB/pl2wO58MBuW+4D3Yt8znHYNg6NNpWShdQBX
ladonQHMz647F/tAJavr2Ubxvs71sP8LIbPoHQ7txvggrevx4fAS2V/a4Fbu+V8q
eIDSXiONXI7qOSAQekQW7uT0FzV8G0ymdesauF02LAVZ29kn+SvNFO9bbrqGmTnz
UIsz85QE7yjjnlxu1+Okkr+c18jy0MPclfL67rrUGUTYaC5EzLWJ4CsyZMjUHsRA
Pp/zfd6uoi6KsObjeDGZQKHHMm8D8B3lNLvhD1h0dzF/lJJIaSNf
-----END CERTIFICATE-----