Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa
File:                     AS401818.roa (raw, json)
Hash identifier:          IGoPG6DSyWJyx0YM4x+MBpbg/Jiv/vw1bsgZgLQIk0k=
Subject key identifier:   47:13:90:39:3E:AF:3C:63:9A:58:4F:B2:F2:28:AA:23:96:B1:0D:FD
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       21F131467E51E65273CAE0BF035FA3FE21B4031A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa
Signing time:             Mon 15 Sep 2025 06:24:43 +0000
ROA not before:           Mon 15 Sep 2025 06:19:43 +0000
ROA not after:            Mon 14 Sep 2026 06:24:43 +0000
asID:                     401818
IP address blocks:        2a13:9500:e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:f1:31:46:7e:51:e6:52:73:ca:e0:bf:03:5f:a3:fe:21:b4:03:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 15 06:19:43 2025 GMT
            Not After : Sep 14 06:24:43 2026 GMT
        Subject: CN=471390393EAF3C639A584FB2F228AA2396B10DFD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c5:c8:af:d2:49:09:1d:53:3a:c0:aa:61:73:
                    0a:66:92:c6:81:7f:8f:61:08:cc:50:0e:e8:82:49:
                    32:fe:f3:16:70:f1:67:c4:cb:5e:3b:37:fe:34:ac:
                    c0:7e:ad:28:f6:13:27:75:67:52:0e:3e:27:af:92:
                    1b:f1:b8:fc:90:e6:fe:87:79:a8:e8:24:47:cd:c9:
                    68:ad:26:e5:89:f4:a5:29:65:c3:7e:45:62:85:12:
                    07:0a:ab:57:12:20:8f:a5:52:10:19:52:8d:b3:f6:
                    78:79:c4:00:16:43:e4:3d:59:c1:93:5c:a1:02:2e:
                    41:7c:4e:87:e7:f0:c9:fa:34:7b:32:c9:ef:db:c3:
                    9f:4c:40:79:76:5a:36:0b:3e:d6:76:4f:0f:9d:da:
                    96:78:1b:2b:da:81:f1:b6:1a:5c:b2:17:a5:9a:e2:
                    37:a8:c9:0e:b0:cb:7a:e1:c3:d2:1a:21:de:21:d5:
                    f0:d7:25:3b:82:ca:cb:9b:85:8c:18:32:fe:e5:b1:
                    3f:c9:42:2d:cc:b9:c1:d8:90:1a:de:e2:32:7a:cf:
                    2a:52:27:0b:0f:07:5a:54:69:8a:f3:07:b3:26:48:
                    5b:12:77:8c:e1:e4:18:9d:76:2b:34:25:bc:da:3c:
                    80:da:db:94:f3:dc:cb:b1:8d:da:c4:70:20:a2:e4:
                    2c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:13:90:39:3E:AF:3C:63:9A:58:4F:B2:F2:28:AA:23:96:B1:0D:FD
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401818.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:d1:07:2e:aa:9f:7a:c0:d7:46:44:ab:b5:f4:64:b1:b3:01:
         cf:8a:39:bc:db:0c:d1:7e:99:db:28:c1:4e:43:95:e8:a0:93:
         dd:3b:c2:1f:3f:ee:59:c0:ba:ee:98:f4:45:2c:cd:26:1a:b4:
         0b:66:2f:04:f5:e9:06:26:c6:3b:40:7c:f4:d0:83:83:14:15:
         8e:1d:fd:aa:d7:89:01:f6:2e:a8:b0:48:0e:22:ec:79:42:c9:
         df:cb:45:ad:be:84:f6:37:50:e2:01:85:3c:39:2a:bc:97:eb:
         ef:35:8c:21:89:da:82:17:86:ce:eb:1f:d7:60:f0:5f:aa:c8:
         b8:7e:e6:f8:64:f0:c8:58:e8:68:1a:ce:7a:11:d5:a9:41:60:
         3c:03:c2:7a:da:e4:fa:af:65:ed:ae:8b:f3:3a:e4:bd:e8:72:
         2b:bd:48:cc:7c:84:96:82:03:c0:e7:3e:8f:c3:f1:14:73:f8:
         6f:08:7c:32:65:39:e0:8c:d5:eb:85:60:ca:d3:ab:99:80:b0:
         2b:37:f5:c3:f0:3e:64:12:b9:47:06:bd:90:1b:d2:6d:8c:08:
         d3:ac:53:fd:fc:47:a0:01:0d:2b:55:36:2e:dd:2b:b9:dd:93:
         5b:83:66:e4:c4:27:c6:d2:8e:b9:3f:3f:2c:78:48:d0:da:df:
         87:21:79:6c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIfExRn5R5lJzyuC/A1+j/iG0AxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTUwNjE5NDNaFw0yNjA5MTQwNjI0NDNaMDMxMTAvBgNV
BAMTKDQ3MTM5MDM5M0VBRjNDNjM5QTU4NEZCMkYyMjhBQTIzOTZCMTBERkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjxciv0kkJHVM6wKphcwpmksaB
f49hCMxQDuiCSTL+8xZw8WfEy147N/40rMB+rSj2Eyd1Z1IOPievkhvxuPyQ5v6H
eajoJEfNyWitJuWJ9KUpZcN+RWKFEgcKq1cSII+lUhAZUo2z9nh5xAAWQ+Q9WcGT
XKECLkF8Tofn8Mn6NHsyye/bw59MQHl2WjYLPtZ2Tw+d2pZ4GyvagfG2GlyyF6Wa
4jeoyQ6wy3rhw9IaId4h1fDXJTuCysubhYwYMv7lsT/JQi3MucHYkBre4jJ6zypS
JwsPB1pUaYrzB7MmSFsSd4zh5Biddis0JbzaPIDa25Tz3MuxjdrEcCCi5CwDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURxOQOT6vPGOaWE+y8iiqI5axDf0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxODE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADgMA0GCSqGSIb3DQEBCwUAA4IBAQAD0Qcuqp96wNdGRKu19GSxswHPijm82wzR
fpnbKMFOQ5XooJPdO8IfP+5ZwLrumPRFLM0mGrQLZi8E9ekGJsY7QHz00IODFBWO
Hf2q14kB9i6osEgOIux5Qsnfy0WtvoT2N1DiAYU8OSq8l+vvNYwhidqCF4bO6x/X
YPBfqsi4fub4ZPDIWOhoGs56EdWpQWA8A8J62uT6r2XtrovzOuS96HIrvUjMfISW
ggPA5z6Pw/EUc/hvCHwyZTngjNXrhWDK06uZgLArN/XD8D5kErlHBr2QG9JtjAjT
rFP9/EegAQ0rVTYu3Su53ZNbg2bkxCfG0o65Pz8seEjQ2t+HIXls
-----END CERTIFICATE-----