Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
File:                     AS214693.roa (raw, json)
Hash identifier:          e175nNHExE2zSuWZpxS3eUNorJQi877H3SLvzX11RnA=
Subject key identifier:   09:35:86:3C:E0:5C:F2:14:F7:2B:B9:36:3C:F6:90:D1:AE:46:6A:D0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       458437D936564FD3522BAAEBC47EAF3568A9953C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa
Signing time:             Thu 02 Oct 2025 12:32:08 +0000
ROA not before:           Thu 02 Oct 2025 12:27:08 +0000
ROA not after:            Thu 01 Oct 2026 12:32:08 +0000
asID:                     214693
IP address blocks:        2a13:9500:af::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:84:37:d9:36:56:4f:d3:52:2b:aa:eb:c4:7e:af:35:68:a9:95:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  2 12:27:08 2025 GMT
            Not After : Oct  1 12:32:08 2026 GMT
        Subject: CN=0935863CE05CF214F72BB9363CF690D1AE466AD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:06:3a:76:08:65:eb:ec:b1:62:4f:0b:d9:3d:
                    02:e0:de:9f:a9:e4:0c:5e:48:04:08:c9:78:75:0b:
                    03:e6:a4:49:50:60:f2:b7:5f:98:2c:7a:38:01:f1:
                    17:99:fc:f0:36:59:87:90:fc:c9:02:12:23:4e:a5:
                    94:06:ea:92:da:c9:d0:71:32:1d:3e:b6:8a:29:5b:
                    df:03:23:a8:7a:1d:37:51:4f:33:ee:6d:ef:8c:cf:
                    4a:09:61:6f:10:a9:04:b5:2e:4e:63:2f:f4:bb:0d:
                    40:ce:15:ae:29:9a:2a:42:20:8b:25:2d:1d:2f:d2:
                    46:f4:a4:df:39:83:8e:e7:a8:07:7a:fa:f5:44:25:
                    8f:c6:43:06:15:09:53:6a:01:03:b9:fc:43:8c:cc:
                    29:6b:f0:7a:33:17:60:0a:ba:16:31:c1:2d:dd:62:
                    70:8b:a4:7b:39:fd:21:2f:43:60:75:bc:c9:66:0a:
                    20:a2:91:d7:9a:0b:a1:b2:a0:2a:6c:24:17:75:9c:
                    58:ef:d7:30:fe:45:4b:88:2c:ae:50:3b:e8:f8:b0:
                    24:b0:76:ce:30:7c:8c:db:26:83:36:dc:27:5f:d8:
                    95:aa:6f:b1:bc:76:ba:eb:65:52:bf:84:e9:ef:e7:
                    9d:ba:26:4d:d4:40:07:ef:30:1a:71:97:1d:7e:17:
                    27:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:35:86:3C:E0:5C:F2:14:F7:2B:B9:36:3C:F6:90:D1:AE:46:6A:D0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:af::/48

    Signature Algorithm: sha256WithRSAEncryption
         31:48:e0:e3:e1:50:5e:75:d0:0b:4d:37:57:fe:de:4b:c5:b9:
         05:36:48:c6:0f:cd:b8:3e:d7:77:f2:ef:79:f9:48:d1:ba:b9:
         2d:ba:7e:85:87:5a:6f:0a:d3:a1:a3:f1:18:6d:89:94:c7:88:
         e3:83:0e:4d:38:76:f5:c7:9b:0b:44:f6:4a:95:58:02:d5:7d:
         ea:bd:e0:90:ac:d4:b5:68:7e:ca:aa:83:d4:3e:29:e0:59:42:
         e5:6f:2b:c1:d0:6a:fe:bf:f2:8b:2a:46:c0:6e:e9:67:a2:86:
         44:01:24:0d:30:21:99:7c:1b:86:a0:2e:a9:56:b3:9e:d8:9e:
         dc:e7:71:98:39:54:1c:81:35:1e:bf:6a:72:58:ae:91:31:e1:
         20:09:c6:f7:13:f6:27:b2:2e:cf:4c:7a:b5:c0:5b:54:6f:07:
         ab:54:40:fa:d0:bc:53:fb:eb:36:09:1a:4e:66:f0:4e:f8:21:
         72:2b:b2:59:c3:ed:3e:60:bb:32:7f:04:76:c3:a3:c7:91:99:
         b0:a6:a8:b2:23:de:53:07:86:b9:3d:62:0e:95:61:15:26:99:
         8c:d2:84:24:d9:86:53:aa:87:6e:1c:84:23:4a:8a:6d:dc:de:
         56:3a:07:4a:15:ec:d2:9f:2c:88:25:83:cc:8a:98:74:ca:e6:
         1e:72:62:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURYQ32TZWT9NSK6rrxH6vNWiplTwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDIxMjI3MDhaFw0yNjEwMDExMjMyMDhaMDMxMTAvBgNV
BAMTKDA5MzU4NjNDRTA1Q0YyMTRGNzJCQjkzNjNDRjY5MEQxQUU0NjZBRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYBjp2CGXr7LFiTwvZPQLg3p+p
5AxeSAQIyXh1CwPmpElQYPK3X5gsejgB8ReZ/PA2WYeQ/MkCEiNOpZQG6pLaydBx
Mh0+toopW98DI6h6HTdRTzPube+Mz0oJYW8QqQS1Lk5jL/S7DUDOFa4pmipCIIsl
LR0v0kb0pN85g47nqAd6+vVEJY/GQwYVCVNqAQO5/EOMzClr8HozF2AKuhYxwS3d
YnCLpHs5/SEvQ2B1vMlmCiCikdeaC6GyoCpsJBd1nFjv1zD+RUuILK5QO+j4sCSw
ds4wfIzbJoM23Cdf2JWqb7G8drrrZVK/hOnv5526Jk3UQAfvMBpxlx1+FyddAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCTWGPOBc8hT3K7k2PPaQ0a5GatAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACvMA0GCSqGSIb3DQEBCwUAA4IBAQAxSODj4VBeddALTTdX/t5LxbkFNkjGD824
Ptd38u95+UjRurktun6Fh1pvCtOho/EYbYmUx4jjgw5NOHb1x5sLRPZKlVgC1X3q
veCQrNS1aH7KqoPUPingWULlbyvB0Gr+v/KLKkbAbulnooZEASQNMCGZfBuGoC6p
VrOe2J7c53GYOVQcgTUev2pyWK6RMeEgCcb3E/Ynsi7PTHq1wFtUbwerVED60LxT
++s2CRpOZvBO+CFyK7JZw+0+YLsyfwR2w6PHkZmwpqiyI95TB4a5PWIOlWEVJpmM
0oQk2YZTqoduHIQjSopt3N5WOgdKFezSnyyIJYPMiph0yuYecmKY
-----END CERTIFICATE-----