Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa
File:                     AS211575.roa (raw, json)
Hash identifier:          Gu1KGqoxPl1vMZnGNRhdBo77QNYSUxUn8f2iFnOPBhg=
Subject key identifier:   1D:5A:5C:1A:BC:AD:FA:A0:FF:2E:81:E6:2F:61:6B:7F:DC:F1:55:A0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4B99EE76A046C2AC7054C78DE9C65011F20B8FF5
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa
Signing time:             Tue 02 Jun 2026 15:47:23 +0000
ROA not before:           Tue 02 Jun 2026 15:42:23 +0000
ROA not after:            Tue 01 Jun 2027 15:47:23 +0000
asID:                     211575
IP address blocks:        2a13:9500:a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:99:ee:76:a0:46:c2:ac:70:54:c7:8d:e9:c6:50:11:f2:0b:8f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 15:42:23 2026 GMT
            Not After : Jun  1 15:47:23 2027 GMT
        Subject: CN=1D5A5C1ABCADFAA0FF2E81E62F616B7FDCF155A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:da:ea:18:7f:7f:a6:24:a0:29:7a:ef:dd:0d:
                    72:23:f8:92:c8:8a:30:0e:f2:22:de:68:fe:b6:c5:
                    dc:3e:88:73:a9:bb:a7:d4:0b:0c:a8:c8:35:85:53:
                    22:5e:5a:5e:85:64:d9:7b:24:18:98:b5:82:ed:da:
                    b9:44:7c:3c:88:39:14:76:db:9a:8d:4b:a4:47:46:
                    3d:a7:98:01:28:ee:55:31:5f:10:3f:63:f0:11:af:
                    03:6b:24:fa:39:24:ea:01:21:4b:54:ab:46:32:5a:
                    08:b3:83:3c:d3:28:77:1e:f2:69:a2:a9:dd:ca:06:
                    2f:25:d5:59:92:82:ac:c3:04:77:f3:23:2f:7d:f4:
                    74:c3:10:16:65:a4:bd:d5:e9:01:43:01:02:03:90:
                    8e:e2:b4:ff:dc:34:d6:fd:8a:d7:8a:a2:3c:6c:54:
                    3d:05:84:03:fe:fc:5c:88:d9:15:a6:bc:60:71:d5:
                    a4:92:08:85:64:73:9d:e2:ec:00:a9:ad:2c:3a:91:
                    a3:62:ca:62:55:25:f4:da:17:2e:f9:b6:cb:38:d3:
                    68:f6:6c:a1:bd:bd:97:90:20:6b:51:1e:4f:95:85:
                    f1:20:e6:18:c0:a0:b7:1d:fb:5c:2f:a5:98:f3:9a:
                    32:31:81:76:5c:e6:07:6a:64:ee:68:6d:ca:5e:e5:
                    74:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:5A:5C:1A:BC:AD:FA:A0:FF:2E:81:E6:2F:61:6B:7F:DC:F1:55:A0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211575.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a8:4e:d4:90:7d:da:ee:f6:07:e4:b8:51:97:1c:47:5a:2e:4d:
         c9:37:6e:8e:67:14:5e:af:9f:63:f0:3b:af:f3:bb:2e:6b:85:
         a2:0a:28:43:dc:b6:40:59:29:a3:11:b0:d6:eb:db:cb:66:fd:
         a0:8d:be:72:e0:e5:3f:38:fc:c4:16:b5:0d:62:f5:4d:42:9d:
         48:12:0c:50:c3:74:bb:1e:6f:58:b0:37:99:35:ad:b7:eb:e1:
         f4:9e:74:e3:04:11:c4:36:ab:bd:5b:2c:b3:86:8e:96:a5:08:
         8f:5b:bd:20:66:7e:17:dd:2b:ab:78:9c:95:43:9e:f4:d0:8f:
         13:8b:01:47:8e:51:94:65:5e:71:f2:4a:34:4b:18:bb:e1:95:
         8d:d9:bd:1b:47:c9:23:d3:0d:6d:58:1a:9e:9c:1a:0c:3e:7e:
         8a:0a:fd:8b:3e:b8:bd:48:d4:8f:3d:80:62:bb:2c:6e:e6:71:
         4a:e0:65:90:28:ab:10:1d:fe:e3:e3:30:6e:b1:0c:89:51:95:
         0d:20:53:dd:54:fb:26:32:21:41:d0:1d:f7:e2:e9:b1:a5:23:
         0d:59:e7:74:f6:32:a5:1e:60:fd:eb:cc:75:3f:fd:bf:bf:93:
         eb:39:46:53:9b:52:a4:99:d3:90:48:d0:03:a1:e7:36:96:29:
         71:37:1c:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUS5nudqBGwqxwVMeN6cZQEfILj/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDIxNTQyMjNaFw0yNzA2MDExNTQ3MjNaMDMxMTAvBgNV
BAMTKDFENUE1QzFBQkNBREZBQTBGRjJFODFFNjJGNjE2QjdGRENGMTU1QTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv2uoYf3+mJKApeu/dDXIj+JLI
ijAO8iLeaP62xdw+iHOpu6fUCwyoyDWFUyJeWl6FZNl7JBiYtYLt2rlEfDyIORR2
25qNS6RHRj2nmAEo7lUxXxA/Y/ARrwNrJPo5JOoBIUtUq0YyWgizgzzTKHce8mmi
qd3KBi8l1VmSgqzDBHfzIy999HTDEBZlpL3V6QFDAQIDkI7itP/cNNb9iteKojxs
VD0FhAP+/FyI2RWmvGBx1aSSCIVkc53i7ACprSw6kaNiymJVJfTaFy75tss402j2
bKG9vZeQIGtRHk+VhfEg5hjAoLcd+1wvpZjzmjIxgXZc5gdqZO5obcpe5XTfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUHVpcGryt+qD/LoHmL2Frf9zxVaAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNTc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACgMA0GCSqGSIb3DQEBCwUAA4IBAQCoTtSQfdru9gfkuFGXHEdaLk3JN26OZxRe
r59j8Duv87sua4WiCihD3LZAWSmjEbDW69vLZv2gjb5y4OU/OPzEFrUNYvVNQp1I
EgxQw3S7Hm9YsDeZNa236+H0nnTjBBHENqu9Wyyzho6WpQiPW70gZn4X3SureJyV
Q5700I8TiwFHjlGUZV5x8ko0Sxi74ZWN2b0bR8kj0w1tWBqenBoMPn6KCv2LPri9
SNSPPYBiuyxu5nFK4GWQKKsQHf7j4zBusQyJUZUNIFPdVPsmMiFB0B334umxpSMN
Wed09jKlHmD968x1P/2/v5PrOUZTm1KkmdOQSNADoec2lilxNxx7
-----END CERTIFICATE-----