Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa
File:                     AS214762.roa (raw, json)
Hash identifier:          arH4QMBcCHIFg+kyG3Q3CvZIGoJt+20pPAaG9yOYCmY=
Subject key identifier:   92:F8:66:D0:A5:9E:B5:23:47:0C:28:7E:40:B4:40:AF:56:35:3B:69
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5416F7ED5E19CB51F3BF161EAA332F111E1D393B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa
Signing time:             Tue 20 May 2025 12:53:39 +0000
ROA not before:           Tue 20 May 2025 12:48:39 +0000
ROA not after:            Tue 19 May 2026 12:53:39 +0000
asID:                     214762
IP address blocks:        2a13:9500:53::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:16:f7:ed:5e:19:cb:51:f3:bf:16:1e:aa:33:2f:11:1e:1d:39:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 20 12:48:39 2025 GMT
            Not After : May 19 12:53:39 2026 GMT
        Subject: CN=92F866D0A59EB523470C287E40B440AF56353B69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:9e:56:63:ef:dd:40:bd:27:fa:6b:c9:1c:c7:
                    a9:29:fe:4a:50:a1:07:55:05:0c:bd:fa:bf:fc:cf:
                    a5:0b:4b:46:cf:29:e1:6d:39:bf:80:ca:3a:f6:61:
                    0a:1b:47:40:09:38:fd:0f:4c:32:ff:36:f0:7b:59:
                    b1:ca:44:60:ca:77:66:6f:16:81:e4:51:d4:4c:bf:
                    4b:2b:a6:e3:b3:91:9f:85:20:84:9f:4c:af:6c:f1:
                    71:83:91:f7:5a:7e:db:6e:62:09:4e:b9:05:38:5e:
                    f9:db:ad:eb:72:f2:46:f7:53:e4:a0:cf:7a:aa:f8:
                    f6:61:ea:2e:7c:8d:a8:52:dc:f8:9e:bc:47:59:31:
                    e4:69:64:9f:ec:c7:24:fc:9c:f3:66:c9:83:33:65:
                    d6:25:f0:fb:58:1a:19:df:20:67:31:84:4c:75:56:
                    d1:67:2b:4c:49:75:ad:d7:aa:36:89:65:df:21:47:
                    74:91:31:d8:07:76:7e:60:38:88:3f:21:4e:a8:38:
                    57:94:e5:68:9d:4e:13:47:36:7a:0b:8e:49:b3:49:
                    0f:20:0b:f1:81:d3:c1:2b:2e:d6:3b:4e:32:5b:ac:
                    8c:da:0d:0e:92:6a:e5:b3:92:39:08:dd:79:45:c5:
                    96:34:e5:a1:3b:1b:23:e8:81:0d:e3:b8:54:8d:88:
                    19:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:F8:66:D0:A5:9E:B5:23:47:0C:28:7E:40:B4:40:AF:56:35:3B:69
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:53::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:9d:1d:b8:4c:1c:ed:fc:8b:ed:18:49:52:22:05:d6:62:3e:
         96:8b:81:6d:73:16:17:41:1c:1e:3c:3c:71:96:2e:c9:39:bb:
         69:29:96:9c:84:f1:ee:8c:4b:b4:7c:c5:8f:d4:6a:44:e0:03:
         1e:5f:4d:78:42:34:00:4c:4f:4a:7a:39:ff:de:ca:93:eb:d8:
         73:3a:83:14:c1:7c:f5:98:74:de:31:ef:3c:e2:35:8a:42:45:
         2c:65:8f:70:e9:95:47:c2:bb:9c:f2:ab:cc:19:d5:83:e5:1d:
         60:07:4a:96:26:21:7c:e9:6a:59:f2:a0:81:4d:47:cf:2a:e6:
         f3:55:4e:cd:4b:9c:ac:b2:ef:1a:dd:a7:c5:f4:16:a8:0a:62:
         0c:51:9b:c0:6f:73:60:24:8d:40:cf:fa:ad:c0:11:1a:8f:f9:
         37:e5:08:02:ea:95:a3:f3:d2:22:15:ef:4f:63:30:67:8b:39:
         b4:eb:7b:33:f0:ba:b8:4e:d3:ae:0c:8c:61:3a:f0:30:2c:98:
         35:c1:46:20:fb:99:ec:41:2c:f7:02:bd:fc:de:36:aa:5f:c9:
         bd:c7:5d:4f:39:95:ac:03:e1:5e:9a:2c:54:d0:d7:47:81:8f:
         d7:07:1a:8e:e2:4a:cc:27:f4:fe:28:4b:49:94:50:03:1f:8b:
         a5:43:74:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVBb37V4Zy1HzvxYeqjMvER4dOTswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjAxMjQ4MzlaFw0yNjA1MTkxMjUzMzlaMDMxMTAvBgNV
BAMTKDkyRjg2NkQwQTU5RUI1MjM0NzBDMjg3RTQwQjQ0MEFGNTYzNTNCNjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVnlZj791AvSf6a8kcx6kp/kpQ
oQdVBQy9+r/8z6ULS0bPKeFtOb+Ayjr2YQobR0AJOP0PTDL/NvB7WbHKRGDKd2Zv
FoHkUdRMv0srpuOzkZ+FIISfTK9s8XGDkfdafttuYglOuQU4Xvnbrety8kb3U+Sg
z3qq+PZh6i58jahS3PievEdZMeRpZJ/sxyT8nPNmyYMzZdYl8PtYGhnfIGcxhEx1
VtFnK0xJda3XqjaJZd8hR3SRMdgHdn5gOIg/IU6oOFeU5WidThNHNnoLjkmzSQ8g
C/GB08ErLtY7TjJbrIzaDQ6SauWzkjkI3XlFxZY05aE7GyPogQ3juFSNiBnvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUkvhm0KWetSNHDCh+QLRAr1Y1O2kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0NzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABTMA0GCSqGSIb3DQEBCwUAA4IBAQBtnR24TBzt/IvtGElSIgXWYj6Wi4FtcxYX
QRwePDxxli7JObtpKZachPHujEu0fMWP1GpE4AMeX014QjQATE9Kejn/3sqT69hz
OoMUwXz1mHTeMe884jWKQkUsZY9w6ZVHwruc8qvMGdWD5R1gB0qWJiF86WpZ8qCB
TUfPKubzVU7NS5yssu8a3afF9BaoCmIMUZvAb3NgJI1Az/qtwBEaj/k35QgC6pWj
89IiFe9PYzBnizm063sz8Lq4TtOuDIxhOvAwLJg1wUYg+5nsQSz3Ar383jaqX8m9
x11POZWsA+FemixU0NdHgY/XBxqO4krMJ/T+KEtJlFADH4ulQ3S8
-----END CERTIFICATE-----