Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa
File:                     AS210732.roa (raw, json)
Hash identifier:          U8semgNNqmOCoITnB89Ix00HIxAwfNiw5mefKvknlMk=
Subject key identifier:   3F:D1:42:92:87:D4:EC:76:D6:88:37:D5:0C:84:55:4D:F1:16:90:E1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       174EAB8EA6240087A5A8724EA2317CDC07F95869
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa
Signing time:             Fri 16 May 2025 18:13:34 +0000
ROA not before:           Fri 16 May 2025 18:08:34 +0000
ROA not after:            Fri 15 May 2026 18:13:34 +0000
asID:                     210732
IP address blocks:        2a13:9500:4a::/48 maxlen: 48
                          2a13:9500:4e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:4e:ab:8e:a6:24:00:87:a5:a8:72:4e:a2:31:7c:dc:07:f9:58:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 18:08:34 2025 GMT
            Not After : May 15 18:13:34 2026 GMT
        Subject: CN=3FD1429287D4EC76D68837D50C84554DF11690E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:eb:45:61:57:a2:21:2a:53:eb:3d:9f:f6:cc:
                    28:d7:b8:06:32:74:f3:8b:19:35:b3:5a:06:48:ac:
                    8d:b7:8c:01:bd:77:cf:69:aa:fb:53:a8:8b:92:d4:
                    48:db:00:64:c0:28:2f:90:33:5a:02:91:43:83:e3:
                    a9:65:09:38:9c:0c:36:58:37:73:2e:5c:3c:1f:21:
                    2d:dc:20:c5:ab:f8:de:4e:86:69:fc:06:1a:a8:9d:
                    ab:24:3f:42:5f:47:31:66:ea:62:6d:a7:9f:07:4b:
                    24:1f:7c:fe:79:6b:16:83:51:e0:ed:90:55:f0:8e:
                    5d:dd:f0:af:87:a1:1a:0f:d2:b0:a9:8e:69:c6:4c:
                    25:64:b2:e5:aa:73:f5:11:63:06:de:77:c3:25:b7:
                    bb:19:18:35:38:c6:66:e1:ff:c4:f0:b6:46:5e:12:
                    0d:80:84:d5:7c:15:7a:37:3e:67:b7:84:2c:4b:ca:
                    9a:08:e7:9d:26:68:f8:c4:77:80:8b:ba:d8:46:a1:
                    be:8f:8c:06:20:06:d7:d2:fe:62:dc:a4:9c:8f:ce:
                    b6:61:b8:45:31:87:de:61:01:32:9c:f4:9a:17:ed:
                    da:c2:29:f7:87:47:de:a1:53:13:36:1b:fe:60:f5:
                    28:8d:8b:d9:7c:8b:ae:db:51:22:e6:7c:a3:da:29:
                    68:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D1:42:92:87:D4:EC:76:D6:88:37:D5:0C:84:55:4D:F1:16:90:E1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS210732.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:4a::/48
                  2a13:9500:4e::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:07:93:1e:a3:eb:ef:c7:7e:39:45:03:49:81:3a:ba:10:92:
         b1:e1:d7:1a:c5:e6:af:b5:29:f2:f7:e0:fc:87:48:af:ec:18:
         e9:cd:55:22:7d:ce:47:a3:b3:e6:e2:2b:9f:19:ea:c6:59:20:
         8e:3f:f3:5a:1c:22:f2:aa:8c:5e:f1:d7:27:7b:52:20:bc:be:
         c0:23:80:f1:6f:38:30:86:93:75:47:2f:ec:57:db:37:3c:b4:
         d2:09:79:98:a5:f4:6e:42:5b:0b:ab:28:7c:4f:4a:13:39:da:
         19:89:9f:b7:b3:4d:88:88:84:6c:b2:88:51:17:8d:76:54:98:
         97:7b:72:89:29:34:f8:dc:0c:c5:08:e9:58:a1:fc:e2:5e:34:
         fe:e0:04:51:fb:6a:9c:26:d0:b5:fc:e4:e2:e6:66:1c:2a:94:
         bf:9e:6d:54:58:c5:4a:a4:c5:f7:78:6f:7d:41:55:31:ac:7d:
         f6:9e:35:12:6e:57:d9:02:4a:74:0e:2e:22:30:09:18:49:b3:
         04:e5:80:3a:d4:05:13:2d:9b:0f:6c:9a:d7:51:90:bf:9e:34:
         c4:dc:d3:7b:63:98:77:ed:4b:dd:fa:d9:76:f8:69:c9:e9:f8:
         8b:48:41:10:90:3a:89:c6:39:eb:02:55:f1:f3:72:81:60:89:
         f1:81:bc:de
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUF06rjqYkAIelqHJOojF83Af5WGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTYxODA4MzRaFw0yNjA1MTUxODEzMzRaMDMxMTAvBgNV
BAMTKDNGRDE0MjkyODdENEVDNzZENjg4MzdENTBDODQ1NTRERjExNjkwRTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+60VhV6IhKlPrPZ/2zCjXuAYy
dPOLGTWzWgZIrI23jAG9d89pqvtTqIuS1EjbAGTAKC+QM1oCkUOD46llCTicDDZY
N3MuXDwfIS3cIMWr+N5Ohmn8BhqonaskP0JfRzFm6mJtp58HSyQffP55axaDUeDt
kFXwjl3d8K+HoRoP0rCpjmnGTCVksuWqc/URYwbed8Mlt7sZGDU4xmbh/8TwtkZe
Eg2AhNV8FXo3Pme3hCxLypoI550maPjEd4CLuthGob6PjAYgBtfS/mLcpJyPzrZh
uEUxh95hATKc9JoX7drCKfeHR96hUxM2G/5g9SiNi9l8i67bUSLmfKPaKWiLAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUP9FCkofU7HbWiDfVDIRVTfEWkOEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEwNzMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AABKAwcAKhOVAABOMA0GCSqGSIb3DQEBCwUAA4IBAQCYB5Meo+vvx345RQNJgTq6
EJKx4dcaxeavtSny9+D8h0iv7BjpzVUifc5Ho7Pm4iufGerGWSCOP/NaHCLyqoxe
8dcne1IgvL7AI4DxbzgwhpN1Ry/sV9s3PLTSCXmYpfRuQlsLqyh8T0oTOdoZiZ+3
s02IiIRssohRF412VJiXe3KJKTT43AzFCOlYofziXjT+4ARR+2qcJtC1/OTi5mYc
KpS/nm1UWMVKpMX3eG99QVUxrH32njUSblfZAkp0Di4iMAkYSbME5YA61AUTLZsP
bJrXUZC/njTE3NN7Y5h37Uvd+tl2+GnJ6fiLSEEQkDqJxjnrAlXx83KBYInxgbze
-----END CERTIFICATE-----