Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215828.roa
File:                     AS215828.roa (raw, json)
Hash identifier:          dF5zNcFt/rTL8kuAFpXZeVT+XCfTDI2UYUNTKIU1P3I=
Subject key identifier:   60:31:86:73:25:DD:7A:C9:81:D1:52:00:08:B3:72:DE:2D:D0:5B:12
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       271446B4B980213469788CB5941E2DDD7AAF7C81
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215828.roa
Signing time:             Mon 13 Oct 2025 05:17:05 +0000
ROA not before:           Mon 13 Oct 2025 05:12:05 +0000
ROA not after:            Mon 12 Oct 2026 05:17:05 +0000
asID:                     215828
IP address blocks:        2a13:9500:ef::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:14:46:b4:b9:80:21:34:69:78:8c:b5:94:1e:2d:dd:7a:af:7c:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 13 05:12:05 2025 GMT
            Not After : Oct 12 05:17:05 2026 GMT
        Subject: CN=6031867325DD7AC981D1520008B372DE2DD05B12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3d:1e:53:51:33:1a:40:55:dd:1b:bd:2b:6e:
                    56:5a:a0:85:11:bc:c3:c5:75:08:89:e8:5a:bc:24:
                    bf:40:1c:b4:22:85:0c:4b:3f:6f:d8:de:60:26:65:
                    0f:3e:02:78:bf:86:3e:9f:cc:8f:10:30:99:c5:1a:
                    63:ee:31:83:2b:8c:39:f6:c8:7b:b1:43:32:43:f3:
                    54:b9:0b:01:e9:f6:e1:a6:55:74:93:ef:06:73:5f:
                    b1:ec:03:d0:78:82:f8:f5:ea:2b:3e:dc:2a:1e:a1:
                    f1:6c:05:a2:f0:1a:9d:91:0d:6a:e4:76:ea:12:1f:
                    ac:50:54:c0:d5:23:f4:21:c4:f2:c2:27:fa:f5:74:
                    16:32:16:df:2e:5e:96:ff:4d:8a:ba:fc:10:86:58:
                    37:d6:1c:51:ed:a4:fd:45:c6:a4:90:8f:11:59:ad:
                    d4:21:ca:07:9b:02:bf:20:22:af:11:5a:99:7a:8b:
                    91:d9:50:bf:7b:4b:23:74:07:01:a9:d1:ce:c2:95:
                    24:0a:aa:c1:1e:8d:25:9e:37:7f:83:2c:a9:91:85:
                    07:18:e9:a6:8d:dd:5f:02:d9:04:62:c8:84:e1:5f:
                    ff:74:01:de:05:a3:45:ae:94:23:67:64:d5:ef:b3:
                    d7:ba:17:78:b1:f7:6b:06:fb:25:19:b1:79:6d:5d:
                    8e:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:31:86:73:25:DD:7A:C9:81:D1:52:00:08:B3:72:DE:2D:D0:5B:12
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215828.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:ef::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:7f:03:b6:3e:8a:c1:83:24:b9:00:30:79:7f:0f:4c:68:6d:
         14:90:92:cf:c3:96:63:53:95:54:8e:4b:08:47:f7:aa:24:47:
         25:33:91:ff:4f:b2:bf:33:c6:db:60:d9:1e:2c:43:23:c9:32:
         ab:50:40:09:72:da:d8:0c:2a:39:6a:01:f5:04:c9:91:6a:a5:
         62:1b:b9:b4:bd:be:f9:56:41:85:0c:06:4c:0a:50:63:00:df:
         39:4d:6a:31:aa:a2:ce:a1:0d:01:83:d8:3b:2a:24:39:c3:05:
         7c:d2:89:17:e0:75:62:df:48:a0:b1:89:a2:20:c6:19:c7:c4:
         76:af:5d:20:fa:79:eb:f0:b3:96:b4:64:aa:56:bb:b9:03:27:
         56:bc:46:0d:a7:77:00:35:82:f6:f5:84:5a:6d:96:4a:69:e8:
         cf:dd:e2:af:63:c9:7b:6c:72:99:b7:ab:cd:f1:3d:5a:32:6d:
         64:a3:c1:35:1e:21:60:28:08:4c:28:5c:5e:34:d7:3b:42:8b:
         3b:7d:ca:f9:35:94:cc:72:c0:80:d9:15:d1:02:46:e7:72:93:
         42:f3:1c:fb:f0:0b:87:2a:16:46:fb:68:cf:51:cd:ca:98:60:
         a1:0e:ee:c5:74:03:23:cd:f1:dc:64:a5:44:0c:bd:98:e4:eb:
         bd:6d:53:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJxRGtLmAITRpeIy1lB4t3XqvfIEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTMwNTEyMDVaFw0yNjEwMTIwNTE3MDVaMDMxMTAvBgNV
BAMTKDYwMzE4NjczMjVERDdBQzk4MUQxNTIwMDA4QjM3MkRFMkREMDVCMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYPR5TUTMaQFXdG70rblZaoIUR
vMPFdQiJ6Fq8JL9AHLQihQxLP2/Y3mAmZQ8+Ani/hj6fzI8QMJnFGmPuMYMrjDn2
yHuxQzJD81S5CwHp9uGmVXST7wZzX7HsA9B4gvj16is+3CoeofFsBaLwGp2RDWrk
duoSH6xQVMDVI/QhxPLCJ/r1dBYyFt8uXpb/TYq6/BCGWDfWHFHtpP1FxqSQjxFZ
rdQhygebAr8gIq8RWpl6i5HZUL97SyN0BwGp0c7ClSQKqsEejSWeN3+DLKmRhQcY
6aaN3V8C2QRiyIThX/90Ad4Fo0WulCNnZNXvs9e6F3ix92sG+yUZsXltXY43AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYDGGcyXdesmB0VIACLNy3i3QWxIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1ODI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADvMA0GCSqGSIb3DQEBCwUAA4IBAQAgfwO2PorBgyS5ADB5fw9MaG0UkJLPw5Zj
U5VUjksIR/eqJEclM5H/T7K/M8bbYNkeLEMjyTKrUEAJctrYDCo5agH1BMmRaqVi
G7m0vb75VkGFDAZMClBjAN85TWoxqqLOoQ0Bg9g7KiQ5wwV80okX4HVi30igsYmi
IMYZx8R2r10g+nnr8LOWtGSqVru5AydWvEYNp3cANYL29YRabZZKaejP3eKvY8l7
bHKZt6vN8T1aMm1ko8E1HiFgKAhMKFxeNNc7Qos7fcr5NZTMcsCA2RXRAkbncpNC
8xz78AuHKhZG+2jPUc3KmGChDu7FdAMjzfHcZKVEDL2Y5Ou9bVMa
-----END CERTIFICATE-----