Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215955.roa
File:                     AS215955.roa (raw, json)
Hash identifier:          IGRdiDQjqZWnkGvZsB9Szzamw4J+BjFDE5QZtpZRW9A=
Subject key identifier:   B2:2E:90:1A:24:2A:7C:32:75:79:99:10:53:D4:54:21:67:41:F2:71
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6AF73AA78869B0ECDA2E1095B2E26B1E51F3255C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215955.roa
Signing time:             Thu 09 Oct 2025 14:00:12 +0000
ROA not before:           Thu 09 Oct 2025 13:55:12 +0000
ROA not after:            Thu 08 Oct 2026 14:00:12 +0000
asID:                     215955
IP address blocks:        2a13:9500:ed::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:f7:3a:a7:88:69:b0:ec:da:2e:10:95:b2:e2:6b:1e:51:f3:25:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct  9 13:55:12 2025 GMT
            Not After : Oct  8 14:00:12 2026 GMT
        Subject: CN=B22E901A242A7C327579991053D454216741F271
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c1:f7:70:f5:66:f9:40:ac:b9:c6:d7:92:ce:
                    54:c5:d1:93:96:98:c4:1c:a8:d5:45:cd:e3:7d:cb:
                    a3:cd:23:2b:39:e1:b8:e7:38:c6:0f:ac:f3:1a:e9:
                    af:62:e3:b7:5c:c1:87:10:b4:ae:aa:21:ae:0e:99:
                    8b:3b:55:56:a3:74:bc:3f:03:be:32:a6:42:d2:da:
                    24:69:f5:ce:8c:77:3b:8f:00:52:72:89:8f:62:71:
                    8d:31:b5:71:a4:a0:29:c2:03:4c:c0:41:3d:f7:de:
                    76:d3:19:86:84:04:80:ab:39:7a:d3:c7:7d:c6:46:
                    2e:1e:29:cd:07:ed:59:3a:0b:ef:b3:f8:95:3d:b1:
                    1b:34:d9:65:6a:e0:e6:53:41:85:06:34:ee:18:44:
                    3d:18:31:01:6f:2b:3c:c3:2e:57:15:75:6d:88:87:
                    65:e9:63:f7:c5:f9:8f:24:f0:44:01:c4:a8:36:42:
                    91:29:6a:df:96:11:73:2e:8e:3b:66:68:ca:06:55:
                    ac:b6:7a:ac:59:0d:65:2d:46:de:c1:08:70:91:e1:
                    1a:9e:13:b4:5e:e9:4d:01:a8:08:2e:5d:90:3f:73:
                    53:4c:90:3b:52:03:ef:29:7a:27:f4:46:0f:c0:8b:
                    89:1d:18:44:dd:3e:50:ab:03:3b:9c:02:ac:f7:bb:
                    a5:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:2E:90:1A:24:2A:7C:32:75:79:99:10:53:D4:54:21:67:41:F2:71
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215955.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:ed::/48

    Signature Algorithm: sha256WithRSAEncryption
         81:b4:c9:b5:63:93:e4:a2:c1:48:03:9c:da:52:b0:b1:3c:71:
         87:98:15:a1:e4:c4:ee:13:39:ea:64:21:25:7d:64:02:54:cf:
         2a:4f:4f:b7:e8:08:ab:a6:5d:60:f6:e1:9d:9a:bb:b4:47:23:
         64:5a:55:d1:e3:56:de:c6:2d:46:a3:29:00:b6:57:e9:55:8f:
         27:e0:4a:c9:1c:57:38:65:57:f4:d4:bf:4d:70:ea:00:9f:08:
         01:36:7c:a2:03:ea:3e:76:0f:d4:06:77:af:d2:03:f3:6a:eb:
         65:18:60:fa:5c:16:73:6f:ab:a7:f6:0b:64:2d:6a:d6:ef:68:
         ee:55:f9:ee:bd:49:58:0b:07:44:6e:98:c4:4b:53:41:a7:70:
         bd:a9:d0:a7:14:50:be:38:3f:9e:a3:e4:03:01:c2:33:d0:47:
         79:ec:f9:78:5f:73:3b:15:53:c1:7e:6b:77:aa:b2:19:7a:46:
         43:65:af:8e:8c:be:d7:f8:4d:47:bc:47:f3:75:d1:d7:23:d1:
         b0:b2:89:af:e9:df:f8:13:ed:87:ea:29:81:cb:60:14:ed:4f:
         bb:84:ee:51:b0:1d:58:97:51:ef:23:cb:a2:62:46:ac:93:b4:
         63:a4:17:b2:99:03:fa:28:9a:78:67:6b:3e:d8:e1:4e:2f:ea:
         b1:c1:1f:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUavc6p4hpsOzaLhCVsuJrHlHzJVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMDkxMzU1MTJaFw0yNjEwMDgxNDAwMTJaMDMxMTAvBgNV
BAMTKEIyMkU5MDFBMjQyQTdDMzI3NTc5OTkxMDUzRDQ1NDIxNjc0MUYyNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkwfdw9Wb5QKy5xteSzlTF0ZOW
mMQcqNVFzeN9y6PNIys54bjnOMYPrPMa6a9i47dcwYcQtK6qIa4OmYs7VVajdLw/
A74ypkLS2iRp9c6MdzuPAFJyiY9icY0xtXGkoCnCA0zAQT333nbTGYaEBICrOXrT
x33GRi4eKc0H7Vk6C++z+JU9sRs02WVq4OZTQYUGNO4YRD0YMQFvKzzDLlcVdW2I
h2XpY/fF+Y8k8EQBxKg2QpEpat+WEXMujjtmaMoGVay2eqxZDWUtRt7BCHCR4Rqe
E7Re6U0BqAguXZA/c1NMkDtSA+8peif0Rg/Ai4kdGETdPlCrAzucAqz3u6UfAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsi6QGiQqfDJ1eZkQU9RUIWdB8nEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1OTU1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADtMA0GCSqGSIb3DQEBCwUAA4IBAQCBtMm1Y5PkosFIA5zaUrCxPHGHmBWh5MTu
EznqZCElfWQCVM8qT0+36Airpl1g9uGdmru0RyNkWlXR41bexi1GoykAtlfpVY8n
4ErJHFc4ZVf01L9NcOoAnwgBNnyiA+o+dg/UBnev0gPzautlGGD6XBZzb6un9gtk
LWrW72juVfnuvUlYCwdEbpjES1NBp3C9qdCnFFC+OD+eo+QDAcIz0Ed57Pl4X3M7
FVPBfmt3qrIZekZDZa+OjL7X+E1HvEfzddHXI9Gwsomv6d/4E+2H6imBy2AU7U+7
hO5RsB1Yl1HvI8uiYkask7RjpBeymQP6KJp4Z2s+2OFOL+qxwR+f
-----END CERTIFICATE-----