Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa
File:                     AS214478.roa (raw, json)
Hash identifier:          8L/ydVjwzozURPsaYbLerQM7bs0LWiXqAN8Zwz6CggQ=
Subject key identifier:   7C:95:26:C2:E6:D8:51:41:00:E0:B3:2F:62:38:C3:98:FB:0B:74:00
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       452046A31C315131D53FC02B63A065E401A09901
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa
Signing time:             Fri 30 May 2025 21:14:17 +0000
ROA not before:           Fri 30 May 2025 21:09:17 +0000
ROA not after:            Fri 29 May 2026 21:14:17 +0000
asID:                     214478
IP address blocks:        2a13:9500:76::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:20:46:a3:1c:31:51:31:d5:3f:c0:2b:63:a0:65:e4:01:a0:99:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 30 21:09:17 2025 GMT
            Not After : May 29 21:14:17 2026 GMT
        Subject: CN=7C9526C2E6D8514100E0B32F6238C398FB0B7400
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:b6:1c:4f:ad:a2:62:bf:b3:19:6e:3f:f8:68:
                    74:3a:85:67:43:c9:03:9d:e5:e4:ab:de:bd:ca:e7:
                    fe:f7:0f:ad:19:bd:99:e9:ee:92:cd:ae:fd:2d:ed:
                    48:de:d3:70:1b:53:e3:f5:48:d9:f3:25:ab:d3:e3:
                    5c:b0:e4:db:53:fd:50:c4:bb:b2:b6:8e:2d:cd:e2:
                    6b:da:9e:df:f2:ea:64:36:c5:93:0b:7d:c5:c9:05:
                    c3:b9:cb:ca:9a:7a:e8:67:9d:c2:19:1f:33:97:bf:
                    c3:76:db:a4:95:de:ac:31:89:05:4c:54:ab:ce:aa:
                    13:b3:1c:cc:7c:b6:e3:1c:28:ec:1d:5d:92:05:41:
                    e2:d1:3c:14:e4:2d:92:f4:23:6d:69:de:bc:18:24:
                    f4:31:d9:6e:a0:b0:2b:98:c6:12:62:cd:e8:4a:9d:
                    e2:4b:84:5b:43:de:ad:56:71:03:b0:1f:10:d9:57:
                    4f:60:eb:0c:3d:57:a0:76:14:22:7e:bf:ad:ef:c0:
                    7c:d5:6a:14:82:73:c2:ad:dc:a0:9d:4f:6a:7d:33:
                    b2:2e:61:02:cd:12:3b:28:26:dd:69:7c:72:d5:1e:
                    83:e2:6e:f3:15:2f:1e:e7:0d:ef:d4:ed:e0:fa:48:
                    d3:1b:3a:8e:cd:42:bc:14:30:e3:f0:eb:e1:e2:43:
                    71:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:95:26:C2:E6:D8:51:41:00:E0:B3:2F:62:38:C3:98:FB:0B:74:00
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214478.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:76::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:af:d7:7a:a2:a4:21:e2:95:d3:20:0c:ca:38:9b:c6:dd:05:
         72:40:eb:ce:e6:32:68:dd:9b:82:10:3c:e6:04:4c:73:1a:02:
         14:ec:c6:93:58:b7:e9:50:0f:17:4c:44:ce:8c:0c:25:0b:e7:
         e8:37:ac:f2:45:45:41:28:79:0a:ba:e8:b7:d7:26:2f:c3:cc:
         ba:c6:fc:25:b2:09:38:17:61:dd:9b:c6:69:c6:9c:eb:cb:35:
         bf:4b:9b:f4:c4:fd:f7:5d:22:e2:08:36:e2:e4:6f:c1:e0:0c:
         bd:5d:c4:84:a9:f4:00:61:7e:c4:5b:84:b4:3f:d1:ca:02:dc:
         bc:a0:8a:13:1f:ad:5b:02:65:a1:fe:8d:a3:6b:e8:b1:6d:b3:
         b9:07:09:e2:85:a0:df:8c:2c:ce:ad:78:a2:b1:ed:88:32:33:
         f4:2e:dc:56:b2:35:22:ba:3a:97:65:5f:3c:76:88:2d:52:a6:
         28:fe:a9:aa:53:5e:12:43:e4:13:fa:94:4a:3b:07:07:68:a6:
         9a:db:40:d0:48:16:90:d6:7b:28:ed:00:e3:1b:3a:9d:92:ad:
         e5:7a:ab:bf:7c:b2:a1:3d:a2:0c:9b:c7:80:d5:c5:61:c5:17:
         44:03:41:cb:5d:c1:cb:1d:05:bf:8b:22:00:93:5c:4d:d8:5a:
         60:c3:b9:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURSBGoxwxUTHVP8ArY6Bl5AGgmQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MzAyMTA5MTdaFw0yNjA1MjkyMTE0MTdaMDMxMTAvBgNV
BAMTKDdDOTUyNkMyRTZEODUxNDEwMEUwQjMyRjYyMzhDMzk4RkIwQjc0MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVthxPraJiv7MZbj/4aHQ6hWdD
yQOd5eSr3r3K5/73D60ZvZnp7pLNrv0t7Uje03AbU+P1SNnzJavT41yw5NtT/VDE
u7K2ji3N4mvant/y6mQ2xZMLfcXJBcO5y8qaeuhnncIZHzOXv8N226SV3qwxiQVM
VKvOqhOzHMx8tuMcKOwdXZIFQeLRPBTkLZL0I21p3rwYJPQx2W6gsCuYxhJizehK
neJLhFtD3q1WcQOwHxDZV09g6ww9V6B2FCJ+v63vwHzVahSCc8Kt3KCdT2p9M7Iu
YQLNEjsoJt1pfHLVHoPibvMVLx7nDe/U7eD6SNMbOo7NQrwUMOPw6+HiQ3H3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUfJUmwubYUUEA4LMvYjjDmPsLdAAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NDc4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAB2MA0GCSqGSIb3DQEBCwUAA4IBAQA4r9d6oqQh4pXTIAzKOJvG3QVyQOvO5jJo
3ZuCEDzmBExzGgIU7MaTWLfpUA8XTETOjAwlC+foN6zyRUVBKHkKuui31yYvw8y6
xvwlsgk4F2Hdm8ZpxpzryzW/S5v0xP33XSLiCDbi5G/B4Ay9XcSEqfQAYX7EW4S0
P9HKAty8oIoTH61bAmWh/o2ja+ixbbO5BwnihaDfjCzOrXiise2IMjP0LtxWsjUi
ujqXZV88dogtUqYo/qmqU14SQ+QT+pRKOwcHaKaa20DQSBaQ1nso7QDjGzqdkq3l
equ/fLKhPaIMm8eA1cVhxRdEA0HLXcHLHQW/iyIAk1xN2Fpgw7mh
-----END CERTIFICATE-----