Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215772.roa
File:                     AS215772.roa (raw, json)
Hash identifier:          IwxtHVrqEJGL5o222vXz4ozs71KHxYV0xQrRsforAUE=
Subject key identifier:   F2:5C:DE:4B:4C:EF:E6:46:3C:08:C8:AC:55:F4:43:88:C9:C2:EA:97
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3C84D2FFA5E096E6635B9776B1E43202AB5E0ECC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215772.roa
Signing time:             Tue 27 May 2025 15:28:14 +0000
ROA not before:           Tue 27 May 2025 15:23:14 +0000
ROA not after:            Tue 26 May 2026 15:28:14 +0000
asID:                     215772
IP address blocks:        2a13:9500:6a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:84:d2:ff:a5:e0:96:e6:63:5b:97:76:b1:e4:32:02:ab:5e:0e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 27 15:23:14 2025 GMT
            Not After : May 26 15:28:14 2026 GMT
        Subject: CN=F25CDE4B4CEFE6463C08C8AC55F44388C9C2EA97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:97:1e:e9:28:ec:28:8a:5f:45:1c:18:04:d2:
                    15:b8:bd:b4:6d:42:18:e4:04:9b:37:df:bd:04:c7:
                    c9:d1:aa:0b:e6:35:e4:26:2c:07:5b:3b:bb:24:9b:
                    85:25:fc:aa:ea:e9:82:97:93:32:12:92:c7:b0:e2:
                    24:56:b5:90:01:67:f5:d9:77:61:82:8f:e6:10:02:
                    17:c5:f0:cf:d8:d1:bf:ec:de:40:4b:64:f0:31:db:
                    ac:b4:f5:a4:5b:4b:35:f7:e4:d5:fa:eb:63:ba:1b:
                    ac:0c:3b:b3:c3:dd:36:6a:42:77:10:17:00:53:59:
                    ca:db:08:30:9d:6c:9c:93:a2:98:a7:60:f2:ad:d6:
                    5a:63:67:05:5c:bb:13:5e:ba:d4:67:08:c2:0c:8d:
                    c3:f9:e3:3e:17:ee:36:96:73:88:8a:c4:c5:2f:6e:
                    7b:80:fd:56:60:b7:77:a9:a7:1b:33:72:47:80:a8:
                    c8:52:00:a3:c9:b9:a2:27:aa:11:e1:ab:88:f5:03:
                    83:14:0d:7a:c3:71:98:b8:b2:cc:0b:8c:6a:99:b9:
                    26:04:56:23:e4:a5:19:e7:4c:7f:0b:30:20:b9:4e:
                    8d:de:4d:00:4d:a8:e5:a1:06:45:b9:76:c9:ae:59:
                    cf:6b:87:1f:4e:12:3d:c1:ac:73:49:35:62:2d:6a:
                    a1:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:5C:DE:4B:4C:EF:E6:46:3C:08:C8:AC:55:F4:43:88:C9:C2:EA:97
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215772.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:6a::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:31:9f:63:cf:dc:ef:e0:2c:5e:4e:1e:2c:5d:36:96:18:d3:
         82:74:53:11:db:dc:3e:40:50:da:57:ca:83:2f:b5:60:aa:54:
         a7:80:e0:27:e5:24:34:81:61:2b:48:68:86:2d:7e:a3:11:04:
         8a:d1:19:68:d8:78:e0:31:aa:cc:f1:b8:2b:cf:28:fe:2a:a0:
         f5:1f:5d:8b:f2:52:37:ce:35:cf:f2:68:f3:d0:82:47:c9:19:
         9e:1c:5b:33:d2:ef:8b:3f:09:5c:a5:e2:c5:f7:48:85:de:91:
         d5:34:e4:ad:4e:15:0f:ab:ea:a8:c0:96:c4:f8:b4:8f:84:29:
         0f:f3:5a:7f:5f:af:cb:d4:1a:6b:ba:ec:f9:7e:74:04:0d:70:
         e4:47:75:34:59:0f:19:6c:2c:f8:0f:e6:c3:20:96:a3:8b:f6:
         6f:74:a2:a2:a9:03:fd:8f:70:79:07:22:47:de:b8:cd:d8:0d:
         fa:fd:9d:f5:bf:be:4c:5e:2f:8c:6b:77:77:49:af:60:65:14:
         1b:a2:d0:66:b9:49:90:48:ce:a1:42:80:bd:55:03:95:87:b0:
         70:53:c8:47:36:72:f8:40:ea:b0:ca:80:2a:52:0e:e1:95:91:
         1b:94:8a:b5:8b:af:c8:32:3e:6a:96:2a:35:38:aa:27:3e:d7:
         ad:ee:c7:e5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPITS/6XgluZjW5d2seQyAqteDswwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjcxNTIzMTRaFw0yNjA1MjYxNTI4MTRaMDMxMTAvBgNV
BAMTKEYyNUNERTRCNENFRkU2NDYzQzA4QzhBQzU1RjQ0Mzg4QzlDMkVBOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXlx7pKOwoil9FHBgE0hW4vbRt
QhjkBJs3370Ex8nRqgvmNeQmLAdbO7skm4Ul/Krq6YKXkzISksew4iRWtZABZ/XZ
d2GCj+YQAhfF8M/Y0b/s3kBLZPAx26y09aRbSzX35NX662O6G6wMO7PD3TZqQncQ
FwBTWcrbCDCdbJyTopinYPKt1lpjZwVcuxNeutRnCMIMjcP54z4X7jaWc4iKxMUv
bnuA/VZgt3eppxszckeAqMhSAKPJuaInqhHhq4j1A4MUDXrDcZi4sswLjGqZuSYE
ViPkpRnnTH8LMCC5To3eTQBNqOWhBkW5dsmuWc9rhx9OEj3BrHNJNWItaqE1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU8lzeS0zv5kY8CMisVfRDiMnC6pcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1NzcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABqMA0GCSqGSIb3DQEBCwUAA4IBAQASMZ9jz9zv4CxeTh4sXTaWGNOCdFMR29w+
QFDaV8qDL7VgqlSngOAn5SQ0gWErSGiGLX6jEQSK0Rlo2HjgMarM8bgrzyj+KqD1
H12L8lI3zjXP8mjz0IJHyRmeHFsz0u+LPwlcpeLF90iF3pHVNOStThUPq+qowJbE
+LSPhCkP81p/X6/L1Bpruuz5fnQEDXDkR3U0WQ8ZbCz4D+bDIJaji/ZvdKKiqQP9
j3B5ByJH3rjN2A36/Z31v75MXi+Ma3d3Sa9gZRQbotBmuUmQSM6hQoC9VQOVh7Bw
U8hHNnL4QOqwyoAqUg7hlZEblIq1i6/IMj5qlio1OKonPtet7sfl
-----END CERTIFICATE-----