Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
File:                     AS214834.roa (raw, json)
Hash identifier:          ZlxzfAlq7kwStxtdm8/CUmeO0MiZ2EWMrz3/RfkMSw8=
Subject key identifier:   97:51:F7:BA:25:A0:59:69:70:3B:6D:10:CA:E2:14:FA:94:35:1A:BE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0E4DDA7CA41B9E6302DC536BEA4858EBDDA6942E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa
Signing time:             Mon 26 May 2025 05:10:51 +0000
ROA not before:           Mon 26 May 2025 05:05:51 +0000
ROA not after:            Mon 25 May 2026 05:10:51 +0000
asID:                     214834
IP address blocks:        2a13:9500:63::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:4d:da:7c:a4:1b:9e:63:02:dc:53:6b:ea:48:58:eb:dd:a6:94:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 26 05:05:51 2025 GMT
            Not After : May 25 05:10:51 2026 GMT
        Subject: CN=9751F7BA25A05969703B6D10CAE214FA94351ABE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:7c:6a:57:8b:b3:7c:be:03:3e:bb:d2:10:ee:
                    e3:46:48:3d:3e:8b:45:78:06:51:5b:9e:4f:0e:78:
                    36:29:4a:92:db:2d:f2:a2:06:f4:20:cf:78:a6:6d:
                    49:d8:db:ea:83:e2:05:d5:aa:89:db:05:a8:dc:ea:
                    78:a6:1d:dc:2c:41:3a:bc:8e:bd:47:57:e2:8e:36:
                    0b:aa:62:6e:88:a2:d2:6d:e2:a2:f5:48:37:20:83:
                    30:d9:87:17:df:c6:0d:6b:74:7e:68:fb:ee:4d:86:
                    da:c7:e2:8f:4d:83:6a:c4:26:12:e4:08:56:74:a1:
                    7a:f1:1f:f2:f9:34:03:96:ae:05:07:3d:a2:6d:bd:
                    56:5f:5b:8e:7c:b4:ca:e5:fc:db:92:dc:c4:ea:f8:
                    e2:b7:28:b9:48:e5:b5:17:c5:27:2c:d3:5d:bd:3b:
                    4a:06:93:a8:93:27:19:ce:77:f7:ba:2a:9c:9b:e5:
                    4b:57:06:83:ba:84:d4:f5:0a:f3:cf:d4:fb:72:09:
                    10:9c:fd:f6:dc:19:21:ef:0e:20:62:91:6b:2d:d4:
                    10:60:87:7e:a5:2c:5a:d6:08:72:51:63:29:6a:19:
                    fd:05:ad:b7:75:96:ee:03:ed:f7:41:10:e4:f1:96:
                    37:3c:e4:40:ab:d0:36:dd:6f:40:f0:e7:af:3b:3a:
                    90:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:51:F7:BA:25:A0:59:69:70:3B:6D:10:CA:E2:14:FA:94:35:1A:BE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214834.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:63::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:b0:6c:e7:8e:e0:53:72:e2:65:6c:81:a2:7c:99:0f:6a:7c:
         69:5d:a5:a4:6c:66:c6:1e:65:0d:ec:89:f0:c2:7e:59:95:cf:
         f0:9e:a6:d2:1d:1d:14:79:3b:c3:f6:f0:79:89:1f:53:ff:10:
         ff:18:f5:67:12:16:24:11:8d:1f:b4:02:f6:1b:34:ba:4d:e8:
         34:ca:24:b8:80:8a:a9:09:c1:64:60:0a:b6:c2:56:49:b2:7c:
         fb:50:3e:13:14:94:71:3d:b9:99:72:e2:b1:fe:04:40:d8:63:
         1d:32:a6:14:e7:33:19:63:5e:3b:65:00:7e:cb:50:ca:e3:cb:
         38:4c:97:92:dc:d9:2c:b5:c1:5e:ec:81:fe:d4:cd:4b:89:28:
         ff:c8:18:24:d0:dc:21:e9:95:db:b0:39:00:ee:bc:d7:2b:80:
         66:f2:f5:f6:f3:76:f2:eb:cb:ef:44:ae:6d:ac:9a:3f:74:f8:
         d0:23:ee:ae:25:6d:e5:5b:93:a7:70:5b:3a:de:49:20:db:4e:
         ca:cb:47:d5:12:54:fb:ac:91:0a:66:43:ee:98:5b:a4:0e:04:
         e4:ec:4f:67:ca:96:59:d2:8e:1c:e7:79:c1:5c:16:41:87:ad:
         60:e2:4f:67:66:15:5f:e2:ec:96:2e:1f:ec:9c:0d:21:5f:f1:
         b3:73:8e:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDk3afKQbnmMC3FNr6khY692mlC4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjYwNTA1NTFaFw0yNjA1MjUwNTEwNTFaMDMxMTAvBgNV
BAMTKDk3NTFGN0JBMjVBMDU5Njk3MDNCNkQxMENBRTIxNEZBOTQzNTFBQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5fGpXi7N8vgM+u9IQ7uNGSD0+
i0V4BlFbnk8OeDYpSpLbLfKiBvQgz3imbUnY2+qD4gXVqonbBajc6nimHdwsQTq8
jr1HV+KONguqYm6IotJt4qL1SDcggzDZhxffxg1rdH5o++5NhtrH4o9Ng2rEJhLk
CFZ0oXrxH/L5NAOWrgUHPaJtvVZfW458tMrl/NuS3MTq+OK3KLlI5bUXxScs0129
O0oGk6iTJxnOd/e6Kpyb5UtXBoO6hNT1CvPP1PtyCRCc/fbcGSHvDiBikWst1BBg
h36lLFrWCHJRYylqGf0Frbd1lu4D7fdBEOTxljc85ECr0Dbdb0Dw5687OpCfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUl1H3uiWgWWlwO20QyuIU+pQ1Gr4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABjMA0GCSqGSIb3DQEBCwUAA4IBAQAdsGznjuBTcuJlbIGifJkPanxpXaWkbGbG
HmUN7Inwwn5Zlc/wnqbSHR0UeTvD9vB5iR9T/xD/GPVnEhYkEY0ftAL2GzS6Teg0
yiS4gIqpCcFkYAq2wlZJsnz7UD4TFJRxPbmZcuKx/gRA2GMdMqYU5zMZY147ZQB+
y1DK48s4TJeS3NkstcFe7IH+1M1LiSj/yBgk0Nwh6ZXbsDkA7rzXK4Bm8vX283by
68vvRK5trJo/dPjQI+6uJW3lW5OncFs63kkg207Ky0fVElT7rJEKZkPumFukDgTk
7E9nypZZ0o4c53nBXBZBh61g4k9nZhVf4uyWLh/snA0hX/Gzc44v
-----END CERTIFICATE-----