Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400958.roa
File:                     AS400958.roa (raw, json)
Hash identifier:          GnrTjV2v4K5jPBj5SE737Atr68Bkzm9wRzwTjb2TGy4=
Subject key identifier:   37:37:D8:9B:10:69:05:31:CF:02:6C:D1:62:CE:8A:10:9D:94:4A:86
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1339D6EA04671F63FB7A2FC6E7F1E5F635930020
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400958.roa
Signing time:             Mon 22 Sep 2025 19:00:22 +0000
ROA not before:           Mon 22 Sep 2025 18:55:22 +0000
ROA not after:            Mon 21 Sep 2026 19:00:22 +0000
asID:                     400958
IP address blocks:        2a13:9500:e9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:39:d6:ea:04:67:1f:63:fb:7a:2f:c6:e7:f1:e5:f6:35:93:00:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 22 18:55:22 2025 GMT
            Not After : Sep 21 19:00:22 2026 GMT
        Subject: CN=3737D89B10690531CF026CD162CE8A109D944A86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:38:16:fb:9e:00:22:cf:e4:02:d0:7e:32:d4:
                    14:bf:3f:31:7a:43:76:bf:d5:22:2f:92:80:da:0a:
                    b1:b6:58:90:14:0a:a5:3d:88:a0:a4:23:07:85:10:
                    ca:1e:a8:5e:96:97:d5:00:f0:7c:18:03:1c:7f:26:
                    79:24:8a:8d:66:72:f5:41:29:b8:bc:b0:ff:d1:b4:
                    cc:cc:ba:db:2d:5e:9e:8d:4a:a0:eb:fd:4f:2b:3c:
                    7d:ae:96:38:10:14:d6:c3:d9:a6:66:11:ec:0e:93:
                    84:e2:e1:63:48:9c:0c:0d:c2:a1:c1:6d:c4:12:34:
                    82:00:85:60:2e:11:79:10:1e:d1:49:10:7d:17:52:
                    81:3f:64:21:94:89:30:47:39:88:a2:4a:3a:00:38:
                    bb:84:bd:52:0b:1a:a3:5b:38:ca:44:c0:a3:23:59:
                    71:49:29:93:ce:02:a9:bf:2d:38:e1:db:fa:a7:7d:
                    72:4e:66:af:3b:a7:b0:91:53:be:2b:c3:d4:34:72:
                    c0:22:3b:07:e2:ea:3d:f8:bb:44:f8:3c:a0:f5:aa:
                    80:4c:a2:81:d2:4a:cd:8e:e4:36:2e:c7:fb:2f:23:
                    0b:f5:5d:9a:c8:78:a4:67:71:ca:8c:c1:ff:ca:07:
                    95:01:c7:5c:bc:d0:ce:01:c0:7a:8e:eb:48:de:cf:
                    90:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:37:D8:9B:10:69:05:31:CF:02:6C:D1:62:CE:8A:10:9D:94:4A:86
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400958.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:e9::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:4f:fa:f5:1a:eb:6c:c1:6e:31:11:d7:85:cf:fe:b8:6b:0c:
         ed:f4:aa:6d:9e:b9:c9:53:88:73:db:c6:0e:d4:ee:99:17:15:
         64:9a:59:0a:b2:c0:ea:54:fb:52:58:63:3e:e9:19:e0:71:5e:
         62:c9:1e:4d:c1:ab:d5:eb:3b:33:44:56:24:41:40:4f:e3:a4:
         22:95:2d:33:e6:3b:ef:c4:4a:33:9d:4c:de:78:31:5d:d6:9f:
         4a:77:71:c6:6c:35:39:a3:c1:a5:b9:c9:98:47:5e:58:0f:ae:
         db:22:4d:6f:32:73:d2:21:d4:a9:41:60:16:e3:95:70:cf:7e:
         4f:5b:fe:95:45:1b:6a:25:f3:43:22:cf:2d:b1:e8:bd:14:1b:
         71:45:09:49:e5:9a:47:9e:ed:c8:ec:fa:60:f8:29:76:f3:3b:
         f1:3f:d0:30:8b:78:c7:81:48:96:6b:dc:e9:ae:46:e5:ea:f4:
         e8:56:ec:10:f1:9e:85:bf:78:bd:18:ec:0a:68:79:43:8b:e1:
         bc:32:e9:fd:46:3e:4d:29:b2:97:3d:44:56:38:9d:8d:e8:b2:
         30:d3:6d:4d:af:96:fd:a0:97:2b:ef:74:32:9e:cb:25:8c:cf:
         3a:79:d3:bf:36:ac:26:bf:74:61:c0:17:53:3a:ff:fe:08:8d:
         71:2b:06:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEznW6gRnH2P7ei/G5/Hl9jWTACAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjIxODU1MjJaFw0yNjA5MjExOTAwMjJaMDMxMTAvBgNV
BAMTKDM3MzdEODlCMTA2OTA1MzFDRjAyNkNEMTYyQ0U4QTEwOUQ5NDRBODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyOBb7ngAiz+QC0H4y1BS/PzF6
Q3a/1SIvkoDaCrG2WJAUCqU9iKCkIweFEMoeqF6Wl9UA8HwYAxx/Jnkkio1mcvVB
Kbi8sP/RtMzMutstXp6NSqDr/U8rPH2uljgQFNbD2aZmEewOk4Ti4WNInAwNwqHB
bcQSNIIAhWAuEXkQHtFJEH0XUoE/ZCGUiTBHOYiiSjoAOLuEvVILGqNbOMpEwKMj
WXFJKZPOAqm/LTjh2/qnfXJOZq87p7CRU74rw9Q0csAiOwfi6j34u0T4PKD1qoBM
ooHSSs2O5DYux/svIwv1XZrIeKRnccqMwf/KB5UBx1y80M4BwHqO60jez5DNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUNzfYmxBpBTHPAmzRYs6KEJ2USoYwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwOTU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADpMA0GCSqGSIb3DQEBCwUAA4IBAQCLT/r1GutswW4xEdeFz/64awzt9KptnrnJ
U4hz28YO1O6ZFxVkmlkKssDqVPtSWGM+6RngcV5iyR5NwavV6zszRFYkQUBP46Qi
lS0z5jvvxEoznUzeeDFd1p9Kd3HGbDU5o8GlucmYR15YD67bIk1vMnPSIdSpQWAW
45Vwz35PW/6VRRtqJfNDIs8tsei9FBtxRQlJ5ZpHnu3I7Ppg+Cl28zvxP9Awi3jH
gUiWa9zprkbl6vToVuwQ8Z6Fv3i9GOwKaHlDi+G8Mun9Rj5NKbKXPURWOJ2N6LIw
021Nr5b9oJcr73QynssljM86edO/Nqwmv3RhwBdTOv/+CI1xKwZc
-----END CERTIFICATE-----