Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS262287.roa
File:                     AS262287.roa (raw, json)
Hash identifier:          s6lP7xYCGKfiqXpDM6FKq3Ejcstk5T8tLX4WFjXEBdc=
Subject key identifier:   2E:25:E4:1A:75:D6:C4:09:A6:48:83:09:FA:99:91:3A:40:48:05:52
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       743F8AA02B9A2660934CC649B7CA17503336C56A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS262287.roa
Signing time:             Thu 02 Jan 2025 07:43:07 +0000
ROA not before:           Thu 02 Jan 2025 07:38:07 +0000
ROA not after:            Thu 01 Jan 2026 07:43:07 +0000
asID:                     262287
IP address blocks:        2a13:9500:20::/48 maxlen: 48
                          2a13:9500:21::/48 maxlen: 48
                          2a13:9500:22::/48 maxlen: 48
                          2a13:9500:23::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:3f:8a:a0:2b:9a:26:60:93:4c:c6:49:b7:ca:17:50:33:36:c5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan  2 07:38:07 2025 GMT
            Not After : Jan  1 07:43:07 2026 GMT
        Subject: CN=2E25E41A75D6C409A6488309FA99913A40480552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ed:44:79:1d:eb:50:92:e5:bb:63:00:49:da:
                    91:a3:5f:7f:06:af:ab:ff:b0:ac:ac:e8:4c:07:1a:
                    99:c0:db:65:fe:77:35:a0:3e:fc:c8:54:d1:ab:fe:
                    d0:63:3c:d0:11:1d:d8:bf:c7:5f:ec:57:95:a3:22:
                    ac:ef:37:5d:02:33:bf:d1:a7:10:a6:d0:bb:95:be:
                    4f:21:26:df:08:c5:77:50:1c:42:f4:99:9d:b4:66:
                    8e:00:2c:4c:29:ab:a6:89:36:83:4b:92:72:1b:c4:
                    d8:44:ce:93:8e:19:2e:f9:37:24:b6:df:c5:d7:72:
                    94:a8:86:30:8c:37:0f:05:b0:09:2d:fd:0d:b8:00:
                    84:35:ef:1a:ec:98:30:16:8d:25:04:c3:30:99:dd:
                    b5:16:28:13:af:4c:f1:76:da:fe:bd:ee:ba:6f:9d:
                    78:55:fd:7f:a6:62:c0:b8:b0:e4:26:30:68:85:43:
                    26:8f:f9:e1:c3:9f:c6:20:59:54:3b:96:8b:cf:87:
                    87:c6:81:a0:86:a8:1e:a7:55:6f:de:4e:68:13:6a:
                    45:20:6c:50:ed:39:91:66:41:94:2d:cf:7c:d0:0a:
                    bf:23:b3:1a:4d:0d:b2:3d:82:e9:23:ac:7e:7a:98:
                    48:60:fc:2d:3c:67:fe:eb:49:4f:b0:67:8a:a8:6d:
                    f9:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:25:E4:1A:75:D6:C4:09:A6:48:83:09:FA:99:91:3A:40:48:05:52
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS262287.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:20::/46

    Signature Algorithm: sha256WithRSAEncryption
         1d:1d:47:b1:03:d5:0e:5c:8c:5c:ec:d6:af:9e:32:52:b5:40:
         a8:09:ec:69:d3:c5:82:fa:7b:84:d0:06:eb:e5:31:7e:ea:df:
         bf:f9:e0:9a:88:f4:bc:d4:ab:20:0f:68:3d:ad:24:c7:fe:51:
         6f:c3:4b:a7:f9:6f:5b:28:c1:6d:4e:50:fe:71:72:36:50:87:
         ad:b8:57:49:50:65:e0:f0:60:97:3e:dc:75:e5:6f:13:b3:24:
         4b:f8:f7:f1:ca:a1:a2:00:54:bd:4c:1f:a8:8c:d0:a3:1c:f0:
         19:09:85:08:fe:49:8e:e5:89:c1:8c:89:25:98:58:05:92:85:
         9d:d1:23:2d:2d:23:b4:74:77:b7:5c:d8:43:cd:47:57:60:ac:
         a1:82:fc:bc:91:2e:31:ea:05:85:b9:e6:a7:a5:0f:c1:31:17:
         3a:27:40:c9:4f:4a:79:de:6d:9e:c9:09:75:61:5a:b0:51:f2:
         f9:e0:d3:5a:ee:e0:79:d3:ef:37:65:5b:2f:a7:98:66:b6:ac:
         ca:c6:c4:40:f0:40:68:19:95:11:81:1a:2a:92:c6:ed:8e:66:
         ae:1f:e1:14:96:87:92:7c:7e:f2:e2:49:cd:f6:a4:51:c9:0c:
         8c:91:e0:cf:ca:ed:14:10:f7:a7:7a:52:de:da:cf:f0:f0:83:
         b8:3a:c6:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdD+KoCuaJmCTTMZJt8oXUDM2xWowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMDIwNzM4MDdaFw0yNjAxMDEwNzQzMDdaMDMxMTAvBgNV
BAMTKDJFMjVFNDFBNzVENkM0MDlBNjQ4ODMwOUZBOTk5MTNBNDA0ODA1NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe7UR5HetQkuW7YwBJ2pGjX38G
r6v/sKys6EwHGpnA22X+dzWgPvzIVNGr/tBjPNARHdi/x1/sV5WjIqzvN10CM7/R
pxCm0LuVvk8hJt8IxXdQHEL0mZ20Zo4ALEwpq6aJNoNLknIbxNhEzpOOGS75NyS2
38XXcpSohjCMNw8FsAkt/Q24AIQ17xrsmDAWjSUEwzCZ3bUWKBOvTPF22v697rpv
nXhV/X+mYsC4sOQmMGiFQyaP+eHDn8YgWVQ7lovPh4fGgaCGqB6nVW/eTmgTakUg
bFDtOZFmQZQtz3zQCr8jsxpNDbI9gukjrH56mEhg/C08Z/7rSU+wZ4qobfmDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULiXkGnXWxAmmSIMJ+pmROkBIBVIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjYyMjg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhOV
AAAgMA0GCSqGSIb3DQEBCwUAA4IBAQAdHUexA9UOXIxc7NavnjJStUCoCexp08WC
+nuE0Abr5TF+6t+/+eCaiPS81KsgD2g9rSTH/lFvw0un+W9bKMFtTlD+cXI2UIet
uFdJUGXg8GCXPtx15W8TsyRL+PfxyqGiAFS9TB+ojNCjHPAZCYUI/kmO5YnBjIkl
mFgFkoWd0SMtLSO0dHe3XNhDzUdXYKyhgvy8kS4x6gWFueanpQ/BMRc6J0DJT0p5
3m2eyQl1YVqwUfL54NNa7uB50+83ZVsvp5hmtqzKxsRA8EBoGZURgRoqksbtjmau
H+EUloeSfH7y4knN9qRRyQyMkeDPyu0UEPenelLe2s/w8IO4Osbj
-----END CERTIFICATE-----