Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa
File:                     AS56913.roa (raw, json)
Hash identifier:          NGDqlECLmmo80yekoRv4urnfJ32Fr9daCbfllH2QIag=
Subject key identifier:   95:31:26:10:B6:78:31:19:7E:5C:36:E9:E1:7D:BB:37:B1:A5:CE:D0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6F837896626611E4B5F1A19D846BC40656B1B731
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa
Signing time:             Fri 16 May 2025 18:13:29 +0000
ROA not before:           Fri 16 May 2025 18:08:29 +0000
ROA not after:            Fri 15 May 2026 18:13:29 +0000
asID:                     56913
IP address blocks:        2a13:9500:49::/48 maxlen: 48
                          2a13:9500:4d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:83:78:96:62:66:11:e4:b5:f1:a1:9d:84:6b:c4:06:56:b1:b7:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 18:08:29 2025 GMT
            Not After : May 15 18:13:29 2026 GMT
        Subject: CN=95312610B67831197E5C36E9E17DBB37B1A5CED0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:d6:c6:64:4a:36:ff:31:75:46:34:57:f1:92:
                    45:a9:bc:43:6f:8b:55:1c:da:ca:0b:db:c5:98:fe:
                    31:01:18:e9:57:ce:97:e1:71:31:70:3f:c2:0f:53:
                    eb:b4:08:f0:bc:7a:d1:de:73:b1:51:de:f9:63:26:
                    ea:e4:6c:1b:0a:8b:22:30:74:aa:a2:a1:fd:b6:5b:
                    ba:63:a4:6b:96:06:c2:92:3b:a9:de:c5:a4:2b:54:
                    d4:ae:7a:dd:40:c2:bd:c0:d9:d8:e5:8a:e7:c7:66:
                    e5:81:67:11:21:be:bd:c0:90:8f:69:7d:69:10:87:
                    1c:19:45:29:df:d2:54:5c:dd:7a:35:c6:db:ad:81:
                    72:29:0c:5b:f3:c2:61:a4:fd:34:67:6d:ce:f5:6d:
                    da:e5:6b:e6:96:96:92:d0:36:46:f9:9c:d4:29:a4:
                    56:66:a9:e0:40:88:f1:c6:57:00:32:a3:fe:34:79:
                    fd:cc:b7:a1:07:07:cc:83:0f:e9:c5:28:7a:b8:4f:
                    b7:7b:ab:9f:1f:35:35:63:81:95:8b:b1:4d:99:f1:
                    05:67:0a:10:6f:05:a0:7c:1f:72:ef:1c:b8:10:8c:
                    49:99:b1:cf:86:f7:87:14:76:12:ea:a9:a5:b2:57:
                    f4:62:9c:de:4e:ee:30:63:6d:07:a3:46:f6:f7:ea:
                    80:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:31:26:10:B6:78:31:19:7E:5C:36:E9:E1:7D:BB:37:B1:A5:CE:D0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:49::/48
                  2a13:9500:4d::/48

    Signature Algorithm: sha256WithRSAEncryption
         35:b6:65:2a:6f:3f:41:a1:24:52:95:ab:a6:05:02:7e:08:eb:
         e0:4f:d5:5b:79:c2:1c:75:60:b5:c8:c9:c4:04:52:25:bb:37:
         76:2e:f9:06:46:37:eb:88:50:53:5a:24:43:ac:ce:87:da:2c:
         88:fb:c3:ce:53:42:18:23:d2:c7:b0:37:26:d9:92:4a:1e:d8:
         1d:cb:31:99:9f:ea:45:85:7c:35:ac:b9:ff:8f:21:41:43:d8:
         3d:3e:77:cc:19:ff:09:c1:c8:1f:61:99:9a:98:89:3c:4a:ed:
         07:93:4e:79:c0:71:f3:36:1f:90:71:47:0c:21:4a:47:81:7d:
         b0:94:ee:28:43:ba:eb:00:04:9f:29:81:46:ba:be:6e:a9:8e:
         a7:4b:5a:5e:94:49:89:46:ec:92:2a:96:af:25:eb:f2:45:60:
         99:90:41:ab:79:0f:3e:c9:45:be:bb:10:3c:96:90:c7:24:1e:
         48:f2:52:03:d0:d9:28:02:71:5e:ca:c4:be:f7:47:50:41:3d:
         3e:cf:c6:20:82:bb:54:85:08:cd:6d:f2:b6:fd:e0:bc:d4:11:
         37:fd:91:80:9d:79:6f:66:fa:e9:fd:c3:1d:87:1c:f3:98:6f:
         7f:f3:b0:7e:df:ef:61:54:c5:d0:05:76:e0:a8:59:4d:d0:35:
         be:7c:c3:10
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUb4N4lmJmEeS18aGdhGvEBlaxtzEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTYxODA4MjlaFw0yNjA1MTUxODEzMjlaMDMxMTAvBgNV
BAMTKDk1MzEyNjEwQjY3ODMxMTk3RTVDMzZFOUUxN0RCQjM3QjFBNUNFRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX1sZkSjb/MXVGNFfxkkWpvENv
i1Uc2soL28WY/jEBGOlXzpfhcTFwP8IPU+u0CPC8etHec7FR3vljJurkbBsKiyIw
dKqiof22W7pjpGuWBsKSO6nexaQrVNSuet1Awr3A2djliufHZuWBZxEhvr3AkI9p
fWkQhxwZRSnf0lRc3Xo1xtutgXIpDFvzwmGk/TRnbc71bdrla+aWlpLQNkb5nNQp
pFZmqeBAiPHGVwAyo/40ef3Mt6EHB8yDD+nFKHq4T7d7q58fNTVjgZWLsU2Z8QVn
ChBvBaB8H3LvHLgQjEmZsc+G94cUdhLqqaWyV/RinN5O7jBjbQejRvb36oADAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUlTEmELZ4MRl+XDbp4X27N7GlztAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTY5MTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqE5UA
AEkDBwAqE5UAAE0wDQYJKoZIhvcNAQELBQADggEBADW2ZSpvP0GhJFKVq6YFAn4I
6+BP1Vt5whx1YLXIycQEUiW7N3Yu+QZGN+uIUFNaJEOszofaLIj7w85TQhgj0sew
NybZkkoe2B3LMZmf6kWFfDWsuf+PIUFD2D0+d8wZ/wnByB9hmZqYiTxK7QeTTnnA
cfM2H5BxRwwhSkeBfbCU7ihDuusABJ8pgUa6vm6pjqdLWl6USYlG7JIqlq8l6/JF
YJmQQat5Dz7JRb67EDyWkMckHkjyUgPQ2SgCcV7KxL73R1BBPT7PxiCCu1SFCM1t
8rb94LzUETf9kYCdeW9m+un9wx2HHPOYb3/zsH7f72FUxdAFduCoWU3QNb58wxA=
-----END CERTIFICATE-----