Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa
File:                     AS47272.roa (raw, json)
Hash identifier:          skHhNyI7T8NDIyBqDQJiqOsg0raVmInlNvtfpOSZw3s=
Subject key identifier:   FB:A3:36:25:25:B6:63:A0:73:EF:C3:58:17:F9:ED:12:F0:32:A1:B2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4778AEC12A513927D531B14A8DDC8D101D0D4304
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa
Signing time:             Wed 13 May 2026 14:47:13 +0000
ROA not before:           Wed 13 May 2026 14:42:13 +0000
ROA not after:            Wed 12 May 2027 14:47:13 +0000
asID:                     47272
IP address blocks:        2a13:9500:8e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:78:ae:c1:2a:51:39:27:d5:31:b1:4a:8d:dc:8d:10:1d:0d:43:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 13 14:42:13 2026 GMT
            Not After : May 12 14:47:13 2027 GMT
        Subject: CN=FBA3362525B663A073EFC35817F9ED12F032A1B2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5e:70:91:5f:ad:07:22:7c:21:fe:95:82:a4:
                    fd:f7:34:8f:57:30:7f:1e:9a:b0:4d:e2:29:ae:e0:
                    29:a7:4e:39:4a:da:33:1f:d0:15:37:4d:ed:47:c4:
                    f6:aa:8c:2c:98:2c:ec:e4:d4:ff:1b:55:16:ba:c3:
                    17:18:f9:23:2e:22:07:f9:05:c6:03:2b:87:43:a3:
                    80:40:4c:03:1e:06:0e:d9:de:f9:6a:c5:b2:f5:c8:
                    8b:a3:06:ce:de:e3:52:58:d1:35:c6:87:4f:27:26:
                    16:68:21:f0:12:a2:1b:ba:63:a0:2e:47:fb:37:38:
                    0d:da:04:41:a6:a4:43:2c:43:dd:78:1a:b6:fc:93:
                    c2:29:e0:94:3c:67:e9:12:0b:e9:da:9c:0e:63:65:
                    cc:13:b0:e1:f3:3d:74:07:d3:2c:c0:a6:4e:53:51:
                    33:9e:e0:41:f0:7c:b5:92:0b:71:7b:8a:8c:fa:60:
                    28:5a:2a:99:50:1f:43:01:1c:f9:61:34:44:88:0e:
                    36:5f:cc:28:ad:fd:af:52:47:8f:0d:9b:e3:b0:46:
                    c0:9c:82:30:b5:de:fc:f3:7b:c4:5b:56:57:c8:32:
                    1d:55:fb:2f:f9:b0:a0:d2:9f:4b:ab:c6:d0:8d:74:
                    0a:8f:f7:d6:1d:0d:ff:bb:31:b9:b5:75:79:72:31:
                    c3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A3:36:25:25:B6:63:A0:73:EF:C3:58:17:F9:ED:12:F0:32:A1:B2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8e::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:24:fe:ee:85:12:44:9b:55:5f:60:12:aa:bd:44:5d:91:20:
         bb:91:e7:25:4b:d6:d8:17:75:7e:2a:16:f9:40:27:99:00:0f:
         fa:28:0d:f7:cb:95:41:43:27:4e:59:64:67:62:f6:93:75:c1:
         b1:85:cd:75:4a:7d:a9:56:aa:61:b6:3d:ba:f0:e6:87:4f:f9:
         b2:e9:dc:f5:8f:2d:e5:b4:5b:c5:b6:eb:59:a8:a8:70:74:7c:
         6d:29:34:a9:9f:6b:2d:02:0c:f1:fb:7d:fb:5a:d7:84:1d:2f:
         a1:a5:88:98:b6:30:54:8f:eb:32:88:98:cf:2c:2e:9c:3e:b7:
         42:9d:c2:36:4b:3e:5b:70:09:25:dc:51:f7:36:62:58:cb:87:
         a9:6c:6f:58:11:bd:66:c2:e8:12:e4:c6:fb:8e:19:64:ea:60:
         96:71:4a:4a:ae:00:83:0f:85:04:5e:f1:0e:ec:a9:1b:80:17:
         a4:af:35:3b:49:06:32:6f:8e:d9:7b:a0:66:7a:7b:57:e3:4a:
         45:4b:04:18:5f:e1:c2:f7:8f:67:c2:0d:26:e8:53:0c:e3:be:
         85:39:2e:5f:c5:09:81:c7:6f:5e:5f:d7:71:a6:d6:cb:3f:f5:
         71:db:ca:48:f8:58:08:50:8f:0d:5f:73:d3:a2:36:30:1d:0a:
         f3:69:27:c4
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUR3iuwSpROSfVMbFKjdyNEB0NQwQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTMxNDQyMTNaFw0yNzA1MTIxNDQ3MTNaMDMxMTAvBgNV
BAMTKEZCQTMzNjI1MjVCNjYzQTA3M0VGQzM1ODE3RjlFRDEyRjAzMkExQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoXnCRX60HInwh/pWCpP33NI9X
MH8emrBN4imu4CmnTjlK2jMf0BU3Te1HxPaqjCyYLOzk1P8bVRa6wxcY+SMuIgf5
BcYDK4dDo4BATAMeBg7Z3vlqxbL1yIujBs7e41JY0TXGh08nJhZoIfASohu6Y6Au
R/s3OA3aBEGmpEMsQ914Grb8k8Ip4JQ8Z+kSC+nanA5jZcwTsOHzPXQH0yzApk5T
UTOe4EHwfLWSC3F7ioz6YChaKplQH0MBHPlhNESIDjZfzCit/a9SR48Nm+OwRsCc
gjC13vzze8RbVlfIMh1V+y/5sKDSn0urxtCNdAqP99YdDf+7Mbm1dXlyMcNvAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU+6M2JSW2Y6Bz78NYF/ntEvAyobIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDcyNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AI4wDQYJKoZIhvcNAQELBQADggEBAG8k/u6FEkSbVV9gEqq9RF2RILuR5yVL1tgX
dX4qFvlAJ5kAD/ooDffLlUFDJ05ZZGdi9pN1wbGFzXVKfalWqmG2Pbrw5odP+bLp
3PWPLeW0W8W261moqHB0fG0pNKmfay0CDPH7ffta14QdL6GliJi2MFSP6zKImM8s
Lpw+t0KdwjZLPltwCSXcUfc2YljLh6lsb1gRvWbC6BLkxvuOGWTqYJZxSkquAIMP
hQRe8Q7sqRuAF6SvNTtJBjJvjtl7oGZ6e1fjSkVLBBhf4cL3j2fCDSboUwzjvoU5
Ll/FCYHHb15f13Gm1ss/9XHbykj4WAhQjw1fc9OiNjAdCvNpJ8Q=
-----END CERTIFICATE-----