Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216032.roa
File:                     AS216032.roa (raw, json)
Hash identifier:          b1r3YPEpS+kZp8fxwP3wELAOo6kJS0LyF53QGuY88Z8=
Subject key identifier:   57:2B:5F:46:23:63:D7:31:8F:DA:91:67:B5:1E:F3:BB:6F:7B:9E:30
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       432BEE1679705B3C83864AB616601699067E80EB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216032.roa
Signing time:             Tue 20 May 2025 12:53:44 +0000
ROA not before:           Tue 20 May 2025 12:48:44 +0000
ROA not after:            Tue 19 May 2026 12:53:44 +0000
asID:                     216032
IP address blocks:        2a13:9500:54::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:2b:ee:16:79:70:5b:3c:83:86:4a:b6:16:60:16:99:06:7e:80:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 20 12:48:44 2025 GMT
            Not After : May 19 12:53:44 2026 GMT
        Subject: CN=572B5F462363D7318FDA9167B51EF3BB6F7B9E30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:a3:06:08:4d:ea:3e:1d:24:c3:60:b1:cb:4e:
                    4a:ba:77:a4:9e:4e:c4:45:e2:bf:3b:76:4e:70:f9:
                    6e:b7:93:9c:51:f3:7a:91:5a:26:9b:d3:0a:2e:52:
                    bb:21:af:f2:68:50:a6:e5:49:d5:72:4a:55:e1:da:
                    d9:9b:fc:94:bd:14:f3:e4:13:78:2a:1d:6b:e9:82:
                    68:62:f5:86:00:62:46:9f:e5:a0:ca:75:65:c4:1d:
                    13:ea:df:09:e6:db:5a:af:88:2b:a0:41:ae:4d:45:
                    35:0a:4f:5d:76:4e:a3:3a:87:a5:06:3d:fc:f9:a7:
                    ef:4c:9e:bc:d4:f8:37:6d:12:bc:83:49:a8:a8:ae:
                    03:12:a6:dd:8d:99:94:ae:e8:1b:c1:54:76:85:b9:
                    82:ab:6c:17:81:30:e8:e2:48:bd:d2:20:56:b2:65:
                    f8:92:1f:07:55:79:c6:b1:65:57:16:b1:aa:12:35:
                    63:65:79:9a:d8:0d:35:39:22:14:79:c3:43:89:3c:
                    b7:11:e6:87:22:14:9d:94:d9:4c:98:15:24:cc:d7:
                    7b:62:fc:9e:e8:0a:55:94:42:35:6f:77:bc:18:b5:
                    70:7c:8e:56:f8:7b:fc:13:7d:b4:a4:cb:b9:45:61:
                    2f:dd:56:97:1c:8a:50:0f:4c:c5:20:ee:ad:c4:2c:
                    d2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:2B:5F:46:23:63:D7:31:8F:DA:91:67:B5:1E:F3:BB:6F:7B:9E:30
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:54::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:81:ce:19:e6:ab:73:5b:6f:bc:33:91:b4:06:f1:09:2f:21:
         95:0d:f2:e2:e3:a8:7b:0f:ff:74:3b:a7:9f:a0:61:8c:64:e6:
         ee:47:ac:bb:a7:fe:3e:cf:df:c7:56:76:c3:34:d5:a0:b4:4c:
         58:dc:04:9c:4b:40:d1:33:19:2a:b1:e9:0e:57:52:25:7a:fe:
         80:84:87:53:c9:61:44:75:56:07:fa:96:88:21:a1:47:36:b8:
         28:d9:10:6a:25:f4:b4:ae:21:3a:86:b2:d3:9a:b6:5f:65:42:
         82:d1:88:87:fb:a6:51:06:d3:d4:49:26:31:b1:85:fd:39:4a:
         5f:f4:cb:e8:50:e1:68:41:57:69:5b:19:ed:cd:8d:99:c4:86:
         ef:e2:fe:fd:6f:02:39:ab:c4:8a:63:45:35:c4:d8:fe:3c:79:
         56:d8:9c:58:35:b9:99:a1:51:b3:2a:7a:56:3b:8a:c3:33:53:
         51:4e:71:d8:6c:04:04:7f:22:d1:34:93:7c:a8:92:02:65:79:
         13:fe:e0:af:ff:d5:06:44:6a:f6:d3:c2:85:f1:91:65:3e:c4:
         99:29:3f:fc:eb:8b:2c:f6:9f:9c:cc:5c:d5:7f:60:cb:0d:a5:
         25:67:dc:75:cf:be:50:89:43:8b:ae:cd:76:a7:d2:5b:6c:1e:
         75:69:b8:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQyvuFnlwWzyDhkq2FmAWmQZ+gOswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MjAxMjQ4NDRaFw0yNjA1MTkxMjUzNDRaMDMxMTAvBgNV
BAMTKDU3MkI1RjQ2MjM2M0Q3MzE4RkRBOTE2N0I1MUVGM0JCNkY3QjlFMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2owYITeo+HSTDYLHLTkq6d6Se
TsRF4r87dk5w+W63k5xR83qRWiab0wouUrshr/JoUKblSdVySlXh2tmb/JS9FPPk
E3gqHWvpgmhi9YYAYkaf5aDKdWXEHRPq3wnm21qviCugQa5NRTUKT112TqM6h6UG
Pfz5p+9MnrzU+DdtEryDSaiorgMSpt2NmZSu6BvBVHaFuYKrbBeBMOjiSL3SIFay
ZfiSHwdVecaxZVcWsaoSNWNleZrYDTU5IhR5w0OJPLcR5ociFJ2U2UyYFSTM13ti
/J7oClWUQjVvd7wYtXB8jlb4e/wTfbSky7lFYS/dVpccilAPTMUg7q3ELNKrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUVytfRiNj1zGP2pFntR7zu297njAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABUMA0GCSqGSIb3DQEBCwUAA4IBAQArgc4Z5qtzW2+8M5G0BvEJLyGVDfLi46h7
D/90O6efoGGMZObuR6y7p/4+z9/HVnbDNNWgtExY3AScS0DRMxkqsekOV1Ilev6A
hIdTyWFEdVYH+paIIaFHNrgo2RBqJfS0riE6hrLTmrZfZUKC0YiH+6ZRBtPUSSYx
sYX9OUpf9MvoUOFoQVdpWxntzY2ZxIbv4v79bwI5q8SKY0U1xNj+PHlW2JxYNbmZ
oVGzKnpWO4rDM1NRTnHYbAQEfyLRNJN8qJICZXkT/uCv/9UGRGr208KF8ZFlPsSZ
KT/864ss9p+czFzVf2DLDaUlZ9x1z75QiUOLrs12p9JbbB51abj2
-----END CERTIFICATE-----