Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa
File:                     AS216307.roa (raw, json)
Hash identifier:          hgTF09Q7+3kDaEziello4zv6bZ3YfPJfm9Y9JUZcjfQ=
Subject key identifier:   D6:FE:10:B2:5E:12:CC:22:F2:B6:5C:25:1B:68:22:4D:11:7D:B3:13
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       014451A09E10A679E94845CC5138D654A701853C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa
Signing time:             Mon 28 Jul 2025 06:16:01 +0000
ROA not before:           Mon 28 Jul 2025 06:11:01 +0000
ROA not after:            Mon 27 Jul 2026 06:16:01 +0000
asID:                     216307
IP address blocks:        2a13:9500:62::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 Aug 2025 12:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:44:51:a0:9e:10:a6:79:e9:48:45:cc:51:38:d6:54:a7:01:85:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 28 06:11:01 2025 GMT
            Not After : Jul 27 06:16:01 2026 GMT
        Subject: CN=D6FE10B25E12CC22F2B65C251B68224D117DB313
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:db:ea:65:bd:dc:ff:26:67:4d:4d:a3:af:a1:
                    dd:49:c7:57:c2:7e:3d:32:a4:8d:a2:45:c1:19:06:
                    6c:26:c4:54:d8:06:6e:a0:66:e5:9b:26:9b:80:07:
                    89:c1:d8:f6:1f:45:f0:4a:26:a6:56:8f:0d:ec:b0:
                    35:e9:f6:62:27:05:a0:6c:44:c2:23:79:d3:bf:9d:
                    27:34:44:f0:03:e1:7c:e2:f6:ce:06:ee:c7:cd:64:
                    f2:25:55:c5:83:7c:1f:d0:30:51:54:a3:03:d0:d4:
                    a2:ed:80:34:65:6e:ac:9c:02:52:de:e0:21:2a:0a:
                    77:66:b1:30:45:5e:c9:9b:6a:9a:63:77:53:d5:97:
                    05:6e:59:c3:13:ad:95:98:01:56:7d:a7:9b:cb:6f:
                    4a:18:e4:8d:77:b0:2d:9c:fd:17:b1:0b:29:2c:85:
                    86:87:70:7f:dd:32:fb:e1:5d:0f:9a:b9:a9:ba:37:
                    8f:2d:d6:7a:c4:10:8f:6e:44:ee:ee:5e:50:ec:d7:
                    43:22:42:7a:d9:fe:e6:1b:0d:4e:d6:98:b7:1f:77:
                    40:0f:44:d9:f9:28:69:9c:27:96:4b:52:19:89:34:
                    c9:81:59:2e:53:e7:35:51:8e:f5:e5:ab:48:48:51:
                    9d:4d:e0:b0:63:3e:a8:ab:15:de:9d:bf:ef:67:9e:
                    39:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:FE:10:B2:5E:12:CC:22:F2:B6:5C:25:1B:68:22:4D:11:7D:B3:13
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216307.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:62::/48

    Signature Algorithm: sha256WithRSAEncryption
         15:20:17:f1:d8:21:c5:bc:b2:ea:53:7e:1b:f5:9a:38:b7:fe:
         e2:75:86:1c:a9:07:93:be:60:81:a5:68:4f:09:b9:a2:ae:e5:
         d8:5b:68:0c:4f:b5:e1:85:63:4c:03:a0:d9:05:67:32:76:76:
         6a:c2:89:22:40:18:05:89:ec:14:cc:83:4b:29:d2:d5:34:21:
         55:96:32:2d:a0:87:88:c1:ce:53:9c:2f:39:59:de:0d:fd:1d:
         39:5c:31:96:60:95:0f:3f:2d:f7:9a:2f:5c:36:46:3c:0e:0c:
         31:6f:2f:b1:be:74:f9:94:12:0c:9c:e7:fd:30:c1:61:62:14:
         87:71:fc:e4:ef:5a:f9:29:32:47:14:c8:af:b4:75:19:74:0a:
         78:30:39:c9:f7:fb:5a:14:2f:39:b3:16:b8:20:f3:60:af:dd:
         a6:c2:62:1c:68:88:b6:05:53:14:38:47:c8:db:60:b8:6d:0c:
         73:c6:a5:2d:92:38:b6:1b:05:8a:42:c1:ea:c0:96:be:4c:a7:
         5e:bd:d1:c5:96:f1:21:8f:56:f4:75:4c:1c:40:61:39:20:9d:
         da:39:20:b4:93:a2:c5:84:64:c8:3c:e8:da:4d:66:86:fd:cb:
         35:c1:3c:be:ea:df:a0:cf:3a:04:a3:88:6e:dc:1a:74:dd:ee:
         d6:4e:8b:59
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAURRoJ4QpnnpSEXMUTjWVKcBhTwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjgwNjExMDFaFw0yNjA3MjcwNjE2MDFaMDMxMTAvBgNV
BAMTKEQ2RkUxMEIyNUUxMkNDMjJGMkI2NUMyNTFCNjgyMjREMTE3REIzMTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT2+plvdz/JmdNTaOvod1Jx1fC
fj0ypI2iRcEZBmwmxFTYBm6gZuWbJpuAB4nB2PYfRfBKJqZWjw3ssDXp9mInBaBs
RMIjedO/nSc0RPAD4Xzi9s4G7sfNZPIlVcWDfB/QMFFUowPQ1KLtgDRlbqycAlLe
4CEqCndmsTBFXsmbappjd1PVlwVuWcMTrZWYAVZ9p5vLb0oY5I13sC2c/RexCyks
hYaHcH/dMvvhXQ+auam6N48t1nrEEI9uRO7uXlDs10MiQnrZ/uYbDU7WmLcfd0AP
RNn5KGmcJ5ZLUhmJNMmBWS5T5zVRjvXlq0hIUZ1N4LBjPqirFd6dv+9nnjktAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1v4Qsl4SzCLytlwlG2giTRF9sxMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MzA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABiMA0GCSqGSIb3DQEBCwUAA4IBAQAVIBfx2CHFvLLqU34b9Zo4t/7idYYcqQeT
vmCBpWhPCbmiruXYW2gMT7XhhWNMA6DZBWcydnZqwokiQBgFiewUzINLKdLVNCFV
ljItoIeIwc5TnC85Wd4N/R05XDGWYJUPPy33mi9cNkY8Dgwxby+xvnT5lBIMnOf9
MMFhYhSHcfzk71r5KTJHFMivtHUZdAp4MDnJ9/taFC85sxa4IPNgr92mwmIcaIi2
BVMUOEfI22C4bQxzxqUtkji2GwWKQsHqwJa+TKdevdHFlvEhj1b0dUwcQGE5IJ3a
OSC0k6LFhGTIPOjaTWaG/cs1wTy+6t+gzzoEo4hu3Bp03e7WTotZ
-----END CERTIFICATE-----