Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa
File:                     AS214838.roa (raw, json)
Hash identifier:          dkzDB7OABN3RPwIyeJiDR/5Fe0siJ7xmnM5yC9U3tR0=
Subject key identifier:   3D:4F:1D:B6:C0:F4:1E:2D:2E:88:CB:C8:A9:28:3A:92:65:D5:97:DD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       54EAFE7AC844A1699C2F0D2F95F82B25C723E97E
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa
Signing time:             Thu 29 May 2025 10:46:34 +0000
ROA not before:           Thu 29 May 2025 10:41:34 +0000
ROA not after:            Thu 28 May 2026 10:46:34 +0000
asID:                     214838
IP address blocks:        2a13:9500:6f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:ea:fe:7a:c8:44:a1:69:9c:2f:0d:2f:95:f8:2b:25:c7:23:e9:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 29 10:41:34 2025 GMT
            Not After : May 28 10:46:34 2026 GMT
        Subject: CN=3D4F1DB6C0F41E2D2E88CBC8A9283A9265D597DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:14:f0:c8:0c:be:bf:c5:8a:5e:cf:7a:e8:63:
                    95:c8:c3:6c:d0:a0:ec:92:fd:c9:dc:a2:89:e4:cb:
                    0b:a0:a0:82:48:a0:09:06:36:d3:53:40:7c:f5:9b:
                    a9:72:00:af:0f:f4:bc:3a:41:35:44:58:01:9e:1b:
                    ea:19:dc:3e:8f:61:97:2d:0f:9c:bb:01:cf:04:7c:
                    31:1c:db:6f:16:60:1c:c6:a1:07:dc:ec:f4:bc:4b:
                    4d:15:e2:40:a0:a5:ab:13:ed:21:49:67:ab:bb:90:
                    e3:d8:61:20:11:a7:51:07:00:b4:3e:25:57:58:8f:
                    32:36:1b:cc:99:64:3d:43:a7:12:28:cb:4a:ed:be:
                    11:0b:81:45:81:fd:8a:c0:a2:d5:7d:04:0f:c4:60:
                    48:c3:e5:1c:bc:7d:33:28:e0:4a:8a:48:05:bb:2b:
                    96:33:8a:de:94:a6:2b:06:d3:d6:91:46:78:44:7e:
                    a3:79:c8:e4:44:3f:e3:7a:d2:b9:13:95:d1:08:e1:
                    16:59:0f:7b:4b:df:6c:ed:1b:57:68:02:d6:05:93:
                    5d:e4:ea:41:e0:e1:db:35:29:29:99:e8:2f:fb:dc:
                    0e:e4:a5:bf:91:42:ad:1d:4b:3f:7b:01:1c:c9:6b:
                    43:54:00:12:9e:da:ae:e5:e7:2b:ca:2c:58:c7:43:
                    0e:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:4F:1D:B6:C0:F4:1E:2D:2E:88:CB:C8:A9:28:3A:92:65:D5:97:DD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:6f::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:ed:56:7f:d9:d6:0c:73:87:ea:d7:30:75:9e:c8:3d:5a:6c:
         47:8b:3e:9c:6e:f3:2d:56:c0:a3:28:0f:0f:41:56:80:47:09:
         c3:a0:3a:84:dc:26:88:b4:e7:cf:13:52:36:88:ee:ef:70:af:
         51:c1:ab:25:4f:ab:e0:94:38:4d:56:60:08:dc:ab:a0:98:88:
         64:4a:dc:c4:6d:b5:52:ea:78:d9:1d:80:65:c6:ce:e8:b0:a7:
         11:e9:d8:06:81:8f:31:0c:3b:e6:48:f4:fc:3f:2c:7c:94:4d:
         bf:6a:85:04:3b:5f:e1:53:0c:e8:69:75:52:66:a7:f4:ef:1b:
         bf:31:45:7f:9c:c3:8b:e4:26:0c:ce:50:3d:df:47:f6:e2:37:
         90:f9:96:d9:58:b6:14:fc:f5:39:e0:9f:fe:4e:5d:19:8e:a0:
         7c:78:40:c9:5c:f9:47:98:2a:dd:4b:46:f4:d9:c4:6c:ba:29:
         54:1d:56:90:45:a0:7b:57:23:02:e9:e1:72:cd:e0:e9:40:06:
         4b:e5:d1:e6:4a:28:ac:1c:f5:df:ec:98:d5:5b:2d:f1:48:62:
         fc:aa:28:39:ed:fe:37:7a:83:55:c1:9c:64:80:2e:1a:65:a3:
         40:68:2d:60:79:fc:a8:a5:2e:f9:81:f2:20:25:2c:11:fc:58:
         d3:36:bb:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVOr+eshEoWmcLw0vlfgrJccj6X4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjkxMDQxMzRaFw0yNjA1MjgxMDQ2MzRaMDMxMTAvBgNV
BAMTKDNENEYxREI2QzBGNDFFMkQyRTg4Q0JDOEE5MjgzQTkyNjVENTk3REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChFPDIDL6/xYpez3roY5XIw2zQ
oOyS/cncoonkywugoIJIoAkGNtNTQHz1m6lyAK8P9Lw6QTVEWAGeG+oZ3D6PYZct
D5y7Ac8EfDEc228WYBzGoQfc7PS8S00V4kCgpasT7SFJZ6u7kOPYYSARp1EHALQ+
JVdYjzI2G8yZZD1DpxIoy0rtvhELgUWB/YrAotV9BA/EYEjD5Ry8fTMo4EqKSAW7
K5Yzit6UpisG09aRRnhEfqN5yOREP+N60rkTldEI4RZZD3tL32ztG1doAtYFk13k
6kHg4ds1KSmZ6C/73A7kpb+RQq0dSz97ARzJa0NUABKe2q7l5yvKLFjHQw7zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUPU8dtsD0Hi0uiMvIqSg6kmXVl90wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0ODM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABvMA0GCSqGSIb3DQEBCwUAA4IBAQAo7VZ/2dYMc4fq1zB1nsg9WmxHiz6cbvMt
VsCjKA8PQVaARwnDoDqE3CaItOfPE1I2iO7vcK9RwaslT6vglDhNVmAI3KugmIhk
StzEbbVS6njZHYBlxs7osKcR6dgGgY8xDDvmSPT8Pyx8lE2/aoUEO1/hUwzoaXVS
Zqf07xu/MUV/nMOL5CYMzlA930f24jeQ+ZbZWLYU/PU54J/+Tl0ZjqB8eEDJXPlH
mCrdS0b02cRsuilUHVaQRaB7VyMC6eFyzeDpQAZL5dHmSiisHPXf7JjVWy3xSGL8
qig57f43eoNVwZxkgC4aZaNAaC1gefyopS75gfIgJSwR/FjTNru0
-----END CERTIFICATE-----