Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329386.roa
File:                     AS329386.roa (raw, json)
Hash identifier:          ZZN+ukSgiL1uRip+fGDJUbP/AY01o3u7j5NmY3Wcstc=
Subject key identifier:   C9:61:E3:2D:1C:E5:7F:38:9F:E9:00:C2:E0:EA:50:62:E0:2D:91:21
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6DBD1523D52F3725C368DCFEAFC4A18BB04F7600
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329386.roa
Signing time:             Sun 31 Aug 2025 18:25:49 +0000
ROA not before:           Sun 31 Aug 2025 18:20:49 +0000
ROA not after:            Sun 30 Aug 2026 18:25:49 +0000
asID:                     329386
IP address blocks:        2a13:9500:d3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Sep 2025 19:30:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:bd:15:23:d5:2f:37:25:c3:68:dc:fe:af:c4:a1:8b:b0:4f:76:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug 31 18:20:49 2025 GMT
            Not After : Aug 30 18:25:49 2026 GMT
        Subject: CN=C961E32D1CE57F389FE900C2E0EA5062E02D9121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:e8:6f:9d:78:c9:a0:92:c7:b9:54:c6:f5:
                    1e:84:c8:cf:55:e9:3a:9f:24:b9:56:c1:13:96:8e:
                    82:40:4c:e3:10:6e:27:db:70:c7:e3:f2:db:0b:a3:
                    4c:48:0f:e2:0e:94:e1:bb:02:d5:1a:b7:25:26:e8:
                    5a:ef:6e:af:d6:f2:e5:fa:a5:6e:d4:b2:e9:8a:5a:
                    69:5a:f9:03:0a:1e:3e:d8:be:fd:e3:ff:f0:1f:61:
                    43:95:fa:68:65:f7:09:af:ce:64:f1:e2:05:21:19:
                    91:da:bf:6c:f7:5b:5a:f3:a3:78:c7:c2:ad:d9:0b:
                    2c:62:ad:0a:37:09:e6:a5:b7:d8:b6:c8:79:62:a0:
                    9e:e1:c9:c3:09:6b:ff:c3:dc:e3:d9:b8:e2:76:29:
                    a3:91:a9:1b:e9:5f:5b:8a:e0:45:34:72:9e:73:b2:
                    f4:94:b2:a1:cb:8a:dc:d5:00:e5:66:08:07:2f:04:
                    49:f5:6b:0f:f7:f2:f6:65:8f:b1:2b:d1:37:e6:6f:
                    fc:21:b1:4b:ba:eb:b7:8b:97:57:f3:5d:11:0f:7f:
                    f1:a2:c5:db:6e:27:35:71:68:2e:b9:09:f4:70:0e:
                    83:58:98:d4:ee:d0:85:90:75:c4:96:76:29:92:f6:
                    26:3c:ce:a8:4d:b2:b2:a1:ff:68:a8:65:a2:b7:ab:
                    31:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:61:E3:2D:1C:E5:7F:38:9F:E9:00:C2:E0:EA:50:62:E0:2D:91:21
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS329386.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:d3::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:27:98:5f:7a:af:57:61:ed:8a:8d:c6:c5:5e:16:39:4d:0a:
         3a:c9:b3:92:82:cf:54:dd:7d:aa:60:24:d7:5b:8c:0c:e4:9c:
         c3:97:25:7f:19:fb:79:00:8f:b0:40:0e:8e:9b:b5:3a:be:08:
         de:78:18:84:a6:16:13:50:20:75:5a:e6:d6:58:19:3d:55:53:
         83:64:e1:2f:1a:53:c0:54:65:d2:ca:c3:5a:c7:10:d0:96:f8:
         20:ba:2a:f8:b0:91:7c:e5:c5:53:ee:ca:b8:9e:99:7d:e5:f5:
         f2:75:f6:27:f1:41:d2:4c:b5:8e:36:0f:1f:64:f3:d7:60:19:
         ce:85:da:16:0f:09:6c:ab:7b:7f:f2:a5:d4:e9:7c:95:0d:cb:
         02:18:e1:dc:19:b5:6e:8d:9c:51:23:c4:e9:d8:97:cc:97:10:
         f8:46:d0:7d:25:1c:4e:c0:c2:03:de:88:df:c4:5b:7b:22:eb:
         7a:43:a6:71:96:2e:1e:9e:ca:50:f1:b5:88:be:c1:83:f4:d3:
         3e:2d:4a:6a:c8:18:46:1d:f8:0f:f2:ce:d4:15:37:7b:a8:3f:
         b9:1b:1b:67:8d:27:48:a0:a2:25:b5:e8:7a:dd:ec:5e:a0:65:
         64:b3:d1:e7:3b:ff:e9:89:db:1e:e8:1b:5d:72:04:1d:80:d1:
         de:cb:db:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbb0VI9UvNyXDaNz+r8Shi7BPdgAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MzExODIwNDlaFw0yNjA4MzAxODI1NDlaMDMxMTAvBgNV
BAMTKEM5NjFFMzJEMUNFNTdGMzg5RkU5MDBDMkUwRUE1MDYyRTAyRDkxMjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC04uhvnXjJoJLHuVTG9R6EyM9V
6TqfJLlWwROWjoJATOMQbifbcMfj8tsLo0xID+IOlOG7AtUatyUm6Frvbq/W8uX6
pW7UsumKWmla+QMKHj7Yvv3j//AfYUOV+mhl9wmvzmTx4gUhGZHav2z3W1rzo3jH
wq3ZCyxirQo3Cealt9i2yHlioJ7hycMJa//D3OPZuOJ2KaORqRvpX1uK4EU0cp5z
svSUsqHLitzVAOVmCAcvBEn1aw/38vZlj7Er0Tfmb/whsUu667eLl1fzXREPf/Gi
xdtuJzVxaC65CfRwDoNYmNTu0IWQdcSWdimS9iY8zqhNsrKh/2ioZaK3qzGhAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUyWHjLRzlfzif6QDC4OpQYuAtkSEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzI5Mzg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADTMA0GCSqGSIb3DQEBCwUAA4IBAQBsJ5hfeq9XYe2KjcbFXhY5TQo6ybOSgs9U
3X2qYCTXW4wM5JzDlyV/Gft5AI+wQA6Om7U6vgjeeBiEphYTUCB1WubWWBk9VVOD
ZOEvGlPAVGXSysNaxxDQlvgguir4sJF85cVT7sq4npl95fXydfYn8UHSTLWONg8f
ZPPXYBnOhdoWDwlsq3t/8qXU6XyVDcsCGOHcGbVujZxRI8Tp2JfMlxD4RtB9JRxO
wMID3ojfxFt7Iut6Q6Zxli4enspQ8bWIvsGD9NM+LUpqyBhGHfgP8s7UFTd7qD+5
GxtnjSdIoKIlteh63exeoGVks9HnO//pidse6BtdcgQdgNHey9vB
-----END CERTIFICATE-----