Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS55470.roa
File:                     AS55470.roa (raw, json)
Hash identifier:          1uU2yRoInJTy2oZTNSozojg07fNSmL/7osvqNRW/8ZY=
Subject key identifier:   F2:94:21:F9:FD:12:ED:D2:4C:6D:D4:00:9C:F9:1F:B2:F2:B7:A3:77
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       400E4D057E97EA34030ADCFCEC2016429D38261A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS55470.roa
Signing time:             Tue 03 Jun 2025 17:50:13 +0000
ROA not before:           Tue 03 Jun 2025 17:45:13 +0000
ROA not after:            Tue 02 Jun 2026 17:50:13 +0000
asID:                     55470
IP address blocks:        2a13:9500:7f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:0e:4d:05:7e:97:ea:34:03:0a:dc:fc:ec:20:16:42:9d:38:26:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  3 17:45:13 2025 GMT
            Not After : Jun  2 17:50:13 2026 GMT
        Subject: CN=F29421F9FD12EDD24C6DD4009CF91FB2F2B7A377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:69:09:cd:22:69:28:97:9b:e3:03:1f:03:d0:
                    1e:3b:55:77:80:68:26:49:09:f7:69:95:39:02:c1:
                    f6:80:98:3c:a4:64:84:ba:14:17:b2:56:39:94:fc:
                    32:ee:83:27:ce:18:1b:c1:a1:85:c1:a3:43:ef:76:
                    6d:4d:16:ba:93:a7:9c:2d:2a:a9:95:a9:3d:bc:33:
                    46:89:4c:47:df:16:c5:56:67:5d:29:af:34:ed:c3:
                    eb:7c:c5:ef:fd:d8:4c:56:56:d5:9b:0f:1c:2f:a9:
                    88:14:4b:3e:6d:c3:b4:d9:ee:ab:23:06:ed:86:a8:
                    c3:55:50:e7:04:ed:c9:f3:60:b3:37:0c:af:36:40:
                    97:43:f8:f6:29:cd:5b:41:ae:56:b4:b5:d4:96:a3:
                    4d:7c:09:e9:d7:93:8e:00:cb:b8:f1:4a:e4:ef:9b:
                    3d:ec:91:ca:28:f1:db:c2:c8:cc:5f:b8:61:25:c1:
                    b5:1d:bd:22:39:31:43:c0:ca:64:83:0d:5e:03:19:
                    4d:32:e3:40:a5:42:17:4c:70:9d:d4:73:e2:86:23:
                    7a:dc:e7:5e:10:ae:6d:4b:55:1e:75:00:68:bd:b7:
                    3e:fa:77:6b:10:59:ca:c1:f7:76:57:fb:64:ec:b7:
                    03:a4:16:9a:b2:6b:f5:54:06:fb:e4:7e:75:ed:5c:
                    e0:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:94:21:F9:FD:12:ED:D2:4C:6D:D4:00:9C:F9:1F:B2:F2:B7:A3:77
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS55470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:7f::/48

    Signature Algorithm: sha256WithRSAEncryption
         2a:06:26:b8:65:56:ce:bd:9d:e3:d3:22:9b:33:ce:de:53:a6:
         2b:1d:63:2e:a9:ac:90:f6:3a:4b:83:97:bf:de:23:a9:bd:c9:
         7d:3e:7b:bd:9c:57:f5:33:2c:f2:eb:06:fd:03:55:90:48:c8:
         0b:44:a3:a7:56:04:bd:16:53:9f:dd:f7:0e:28:8b:8c:2f:0f:
         d2:47:f9:b2:85:34:f2:bc:a4:b9:e8:7a:da:48:0b:98:44:e5:
         b0:60:35:1a:cc:00:e8:a4:9f:86:d1:91:77:68:6f:97:64:98:
         8e:40:45:7c:23:23:0c:8b:a8:17:99:4a:f1:2c:04:62:0e:1f:
         62:2b:58:d3:fc:da:25:fe:ba:4f:35:72:4b:85:ac:77:78:21:
         31:8c:d8:8f:81:ec:eb:90:6e:de:12:b3:ed:42:92:68:ea:1d:
         10:a9:0e:c2:9c:c9:4f:91:f9:6e:70:dc:68:39:2c:e5:cf:91:
         6b:a5:ee:91:06:f7:59:e9:6b:23:66:4b:8d:a9:14:a7:14:5a:
         47:15:c4:3b:58:84:c3:34:b7:fa:e3:d6:fc:3a:2f:a6:4e:19:
         91:a6:bd:e8:53:d5:50:46:74:2d:e4:0e:c0:44:87:9c:85:9f:
         92:68:28:44:25:ff:f7:5d:70:89:d8:7f:80:b3:23:46:b5:6d:
         89:b4:d6:c1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQA5NBX6X6jQDCtz87CAWQp04JhowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDMxNzQ1MTNaFw0yNjA2MDIxNzUwMTNaMDMxMTAvBgNV
BAMTKEYyOTQyMUY5RkQxMkVERDI0QzZERDQwMDlDRjkxRkIyRjJCN0EzNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSaQnNImkol5vjAx8D0B47VXeA
aCZJCfdplTkCwfaAmDykZIS6FBeyVjmU/DLugyfOGBvBoYXBo0Pvdm1NFrqTp5wt
KqmVqT28M0aJTEffFsVWZ10przTtw+t8xe/92ExWVtWbDxwvqYgUSz5tw7TZ7qsj
Bu2GqMNVUOcE7cnzYLM3DK82QJdD+PYpzVtBrla0tdSWo018CenXk44Ay7jxSuTv
mz3skcoo8dvCyMxfuGElwbUdvSI5MUPAymSDDV4DGU0y40ClQhdMcJ3Uc+KGI3rc
514Qrm1LVR51AGi9tz76d2sQWcrB93ZX+2TstwOkFpqya/VUBvvkfnXtXOAZAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU8pQh+f0S7dJMbdQAnPkfsvK3o3cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTU0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AH8wDQYJKoZIhvcNAQELBQADggEBACoGJrhlVs69nePTIpszzt5TpisdYy6prJD2
OkuDl7/eI6m9yX0+e72cV/UzLPLrBv0DVZBIyAtEo6dWBL0WU5/d9w4oi4wvD9JH
+bKFNPK8pLnoetpIC5hE5bBgNRrMAOikn4bRkXdob5dkmI5ARXwjIwyLqBeZSvEs
BGIOH2IrWNP82iX+uk81ckuFrHd4ITGM2I+B7OuQbt4Ss+1CkmjqHRCpDsKcyU+R
+W5w3Gg5LOXPkWul7pEG91npayNmS42pFKcUWkcVxDtYhMM0t/rj1vw6L6ZOGZGm
vehT1VBGdC3kDsBEh5yFn5JoKEQl//ddcInYf4CzI0a1bYm01sE=
-----END CERTIFICATE-----