Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215672.roa
File:                     AS215672.roa (raw, json)
Hash identifier:          6TZ+NpbGecvAB2xfB3nfm3ShP3AcVM1Rjw629DxIz/s=
Subject key identifier:   5E:D4:AC:E4:D9:D7:5A:FD:2B:B4:1F:CC:2C:CE:05:9C:0A:7A:33:04
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1347F196EB8A38D2ECE4C3B1B048AAE320C3AF78
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215672.roa
Signing time:             Fri 17 Oct 2025 16:48:28 +0000
ROA not before:           Fri 17 Oct 2025 16:43:28 +0000
ROA not after:            Fri 16 Oct 2026 16:48:28 +0000
asID:                     215672
IP address blocks:        2a13:9500:fb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:47:f1:96:eb:8a:38:d2:ec:e4:c3:b1:b0:48:aa:e3:20:c3:af:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 17 16:43:28 2025 GMT
            Not After : Oct 16 16:48:28 2026 GMT
        Subject: CN=5ED4ACE4D9D75AFD2BB41FCC2CCE059C0A7A3304
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:a9:f3:4e:e6:32:8f:33:c6:e7:e9:0d:08:6a:
                    00:d2:0d:56:4e:03:4e:d9:7e:af:61:08:44:b3:87:
                    87:fb:57:b4:8c:2a:ec:45:8f:f1:ac:a3:8f:38:f4:
                    85:a3:eb:c8:f1:37:06:1a:33:ac:26:2f:1c:ac:e9:
                    59:3d:a1:be:46:bb:ea:c9:77:85:9a:53:d4:1e:64:
                    a5:93:fd:6d:3e:e7:c5:54:b3:22:31:96:85:1c:f9:
                    88:37:a6:d6:6b:3b:9f:6f:f3:25:1f:e8:bb:bc:35:
                    35:8c:f1:01:3d:27:d7:e5:31:a7:ce:57:e5:c9:a0:
                    ea:97:b8:57:11:00:2d:22:51:b4:6a:bf:63:72:e3:
                    1f:80:d0:d7:45:ee:a7:cf:71:6a:23:eb:d8:ef:4c:
                    5d:33:76:1e:02:74:9b:c3:c2:a0:28:92:da:49:32:
                    92:80:45:26:af:ef:78:db:b6:a5:95:78:dd:aa:d7:
                    db:57:6b:f0:0f:4f:ba:56:25:af:ed:e6:aa:ce:e1:
                    0d:f1:cd:55:15:0a:ad:29:70:23:96:c3:7c:61:49:
                    7d:48:ac:ac:d1:90:f8:78:d4:04:30:1a:74:aa:d0:
                    ce:1e:4d:d9:0f:ac:7b:cf:b4:75:88:57:0d:e8:3a:
                    35:5c:b5:82:bc:f4:16:19:69:81:28:fe:46:b5:30:
                    ff:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:D4:AC:E4:D9:D7:5A:FD:2B:B4:1F:CC:2C:CE:05:9C:0A:7A:33:04
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:fb::/48

    Signature Algorithm: sha256WithRSAEncryption
         a6:e6:ec:45:9d:a1:b3:a5:ad:68:b1:a5:07:00:3d:82:a9:2d:
         3c:bf:6d:7a:65:67:88:c5:79:da:32:04:75:0c:be:4c:7a:0f:
         3e:35:35:fc:55:34:b8:7f:4c:75:0c:24:a3:da:44:15:2b:8f:
         fe:50:b4:5d:22:34:e3:72:0b:79:41:85:3e:9f:e0:e7:84:d2:
         36:e4:75:7e:fd:bf:fb:52:ac:3c:4a:d4:05:35:1d:0b:cc:fe:
         29:91:7e:81:d8:4a:a6:99:20:20:75:6c:b0:24:ee:d6:12:93:
         c4:10:25:00:1b:f9:90:76:89:e4:fc:7a:4f:6c:37:84:d0:b5:
         7c:8a:b9:00:0c:7e:1f:d3:14:73:6d:91:b4:c6:c7:bb:ff:d5:
         e6:4a:78:a4:f7:b0:e6:ec:c7:ec:1c:cb:c0:ea:b0:c3:66:a5:
         7a:f7:c2:28:5f:f9:f6:de:e2:cf:a8:53:bc:9f:4f:4d:b9:8d:
         c4:51:9a:3d:d0:64:e8:cd:bf:d9:3f:0f:e7:ab:c6:c2:d1:30:
         13:0c:31:59:52:58:60:53:ad:cd:69:d0:18:1c:76:8c:dd:2c:
         42:9c:d3:91:8d:f4:88:f6:58:92:db:a8:f7:2f:34:f4:e4:0b:
         87:81:f5:45:40:13:77:9f:a6:4c:ec:fe:4f:dd:c4:66:31:a6:
         6a:af:0e:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE0fxluuKONLs5MOxsEiq4yDDr3gwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTcxNjQzMjhaFw0yNjEwMTYxNjQ4MjhaMDMxMTAvBgNV
BAMTKDVFRDRBQ0U0RDlENzVBRkQyQkI0MUZDQzJDQ0UwNTlDMEE3QTMzMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRqfNO5jKPM8bn6Q0IagDSDVZO
A07Zfq9hCESzh4f7V7SMKuxFj/Gso4849IWj68jxNwYaM6wmLxys6Vk9ob5Gu+rJ
d4WaU9QeZKWT/W0+58VUsyIxloUc+Yg3ptZrO59v8yUf6Lu8NTWM8QE9J9flMafO
V+XJoOqXuFcRAC0iUbRqv2Ny4x+A0NdF7qfPcWoj69jvTF0zdh4CdJvDwqAoktpJ
MpKARSav73jbtqWVeN2q19tXa/APT7pWJa/t5qrO4Q3xzVUVCq0pcCOWw3xhSX1I
rKzRkPh41AQwGnSq0M4eTdkPrHvPtHWIVw3oOjVctYK89BYZaYEo/ka1MP9XAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUXtSs5NnXWv0rtB/MLM4FnAp6MwQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAD7MA0GCSqGSIb3DQEBCwUAA4IBAQCm5uxFnaGzpa1osaUHAD2CqS08v216ZWeI
xXnaMgR1DL5Meg8+NTX8VTS4f0x1DCSj2kQVK4/+ULRdIjTjcgt5QYU+n+DnhNI2
5HV+/b/7Uqw8StQFNR0LzP4pkX6B2EqmmSAgdWywJO7WEpPEECUAG/mQdonk/HpP
bDeE0LV8irkADH4f0xRzbZG0xse7/9XmSnik97Dm7MfsHMvA6rDDZqV698IoX/n2
3uLPqFO8n09NuY3EUZo90GTozb/ZPw/nq8bC0TATDDFZUlhgU63NadAYHHaM3SxC
nNORjfSI9liS26j3LzT05AuHgfVFQBN3n6ZM7P5P3cRmMaZqrw7L
-----END CERTIFICATE-----