Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213711.roa
File:                     AS213711.roa (raw, json)
Hash identifier:          09eMfD5zsSe368NVkaYpbBlOap0d7QPNE4XCUMomeq4=
Subject key identifier:   8F:CE:04:6F:A4:66:C7:20:68:EC:49:EC:E2:B3:E5:01:C0:37:85:DD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       77B22ADFFEE014DAB8320D097D6B551F39273902
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213711.roa
Signing time:             Mon 10 Nov 2025 13:18:10 +0000
ROA not before:           Mon 10 Nov 2025 13:13:10 +0000
ROA not after:            Mon 09 Nov 2026 13:18:10 +0000
asID:                     213711
IP address blocks:        2a13:9500:78::/48 maxlen: 48
                          2a13:9500:106::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Nov 2025 17:19:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:b2:2a:df:fe:e0:14:da:b8:32:0d:09:7d:6b:55:1f:39:27:39:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov 10 13:13:10 2025 GMT
            Not After : Nov  9 13:18:10 2026 GMT
        Subject: CN=8FCE046FA466C72068EC49ECE2B3E501C03785DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:a1:49:ec:46:f6:94:d2:38:20:a1:e7:b3:5e:
                    ab:5f:4b:a0:96:77:79:dd:fb:e1:7b:2c:e8:6a:74:
                    27:16:0a:43:8a:da:31:86:72:2e:06:c7:a9:89:8c:
                    1c:76:1d:28:df:c9:63:c0:b9:b8:6e:bf:37:f1:17:
                    c6:ef:f9:4c:5f:a5:eb:32:dc:01:ff:08:61:11:50:
                    2d:38:bc:3b:64:b9:d2:42:a9:77:6e:18:a3:d8:2b:
                    bb:9a:f9:42:32:9c:77:d8:7b:a5:80:f1:4e:94:d7:
                    8a:27:98:52:17:ec:9f:7b:ef:81:33:a2:57:56:0d:
                    92:23:a1:d7:9b:d1:ee:47:46:be:0b:a7:d4:eb:19:
                    20:3a:cb:3f:46:68:1c:5f:5d:07:70:99:98:ca:e5:
                    57:6a:4f:34:ca:1e:9e:c1:db:82:e5:f1:e3:cb:01:
                    1c:7c:e4:69:a1:70:a6:88:96:d5:25:50:6a:21:7d:
                    48:53:9c:9d:6f:48:13:a1:9c:a6:e0:53:01:23:0d:
                    d7:9d:f2:da:b3:a0:7a:03:3e:00:9b:cc:41:f7:04:
                    72:7a:c9:c9:30:bc:4d:b1:e9:8b:9a:68:ea:da:5c:
                    0e:9d:a1:ce:5e:98:e5:02:69:e8:4c:4c:ae:ef:f1:
                    35:53:5e:a1:ce:3d:80:df:52:bd:e3:7e:c0:80:de:
                    82:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:CE:04:6F:A4:66:C7:20:68:EC:49:EC:E2:B3:E5:01:C0:37:85:DD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213711.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:78::/48
                  2a13:9500:106::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:6d:7c:f6:52:ac:87:1d:7e:2c:52:be:75:3c:c9:fd:bc:93:
         13:75:ec:7b:9a:be:3a:d6:7c:ae:23:b6:48:9a:2c:a6:79:db:
         e1:bf:d8:bc:bc:24:aa:bd:55:a6:74:fc:ff:6a:ab:5c:32:a4:
         9d:6d:5f:60:70:e3:31:a7:0a:1e:da:aa:a9:0a:53:36:d5:ab:
         ed:c2:fd:19:90:d7:c6:bc:3e:65:61:79:2f:66:3f:61:cf:8b:
         e3:ff:1f:8d:62:95:fa:20:55:22:03:3c:ff:73:f0:94:31:42:
         81:5a:fa:4d:35:5e:47:61:25:cc:ac:27:5e:3c:c5:f5:e6:db:
         0f:33:a7:8c:70:df:83:18:f7:b5:41:68:3d:d0:36:e7:0d:d4:
         f2:ff:5b:dd:f9:8e:48:2c:5e:9f:08:6b:e3:08:16:8f:0e:28:
         5f:37:f1:89:c3:59:a2:c6:dd:a9:8e:88:9d:ad:2d:f6:ef:67:
         fb:83:fd:4a:26:11:af:e7:e5:70:02:bf:c5:e0:7e:f2:5f:ff:
         58:5a:01:5a:10:83:89:41:3e:f8:53:86:e0:1c:55:2c:39:fc:
         f2:5e:32:8b:17:1b:af:14:9a:0b:49:ee:2d:b7:f4:46:50:59:
         46:98:18:16:d2:59:5f:d4:2c:3c:d2:60:37:c4:a4:b2:41:5f:
         82:2a:53:3c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUd7Iq3/7gFNq4Mg0JfWtVHzknOQIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMTAxMzEzMTBaFw0yNjExMDkxMzE4MTBaMDMxMTAvBgNV
BAMTKDhGQ0UwNDZGQTQ2NkM3MjA2OEVDNDlFQ0UyQjNFNTAxQzAzNzg1REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYoUnsRvaU0jggoeezXqtfS6CW
d3nd++F7LOhqdCcWCkOK2jGGci4Gx6mJjBx2HSjfyWPAubhuvzfxF8bv+Uxfpesy
3AH/CGERUC04vDtkudJCqXduGKPYK7ua+UIynHfYe6WA8U6U14onmFIX7J9774Ez
oldWDZIjodeb0e5HRr4Lp9TrGSA6yz9GaBxfXQdwmZjK5VdqTzTKHp7B24Ll8ePL
ARx85GmhcKaIltUlUGohfUhTnJ1vSBOhnKbgUwEjDded8tqzoHoDPgCbzEH3BHJ6
yckwvE2x6YuaaOraXA6doc5emOUCaehMTK7v8TVTXqHOPYDfUr3jfsCA3oJDAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUj84Eb6RmxyBo7Ens4rPlAcA3hd0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNzExLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AAB4AwcAKhOVAAEGMA0GCSqGSIb3DQEBCwUAA4IBAQClbXz2UqyHHX4sUr51PMn9
vJMTdex7mr461nyuI7ZImiymedvhv9i8vCSqvVWmdPz/aqtcMqSdbV9gcOMxpwoe
2qqpClM21avtwv0ZkNfGvD5lYXkvZj9hz4vj/x+NYpX6IFUiAzz/c/CUMUKBWvpN
NV5HYSXMrCdePMX15tsPM6eMcN+DGPe1QWg90DbnDdTy/1vd+Y5ILF6fCGvjCBaP
DihfN/GJw1mixt2pjoidrS3272f7g/1KJhGv5+VwAr/F4H7yX/9YWgFaEIOJQT74
U4bgHFUsOfzyXjKLFxuvFJoLSe4tt/RGUFlGmBgW0llf1Cw80mA3xKSyQV+CKlM8
-----END CERTIFICATE-----