Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa
File:                     AS213493.roa (raw, json)
Hash identifier:          HlZzESlrj86DSZQPhDXjQYMFh6Cc2pWs8A30xXMD+CY=
Subject key identifier:   93:CF:93:1B:0B:39:B2:23:0F:4E:61:A6:16:60:2D:38:75:EB:23:C7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6C06A0FE5F2519B660B29405478FFBC0B9A3511B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa
Signing time:             Thu 30 Jan 2025 21:01:31 +0000
ROA not before:           Thu 30 Jan 2025 20:56:31 +0000
ROA not after:            Thu 29 Jan 2026 21:01:31 +0000
asID:                     213493
IP address blocks:        2a0f:85c1:b72::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:06:a0:fe:5f:25:19:b6:60:b2:94:05:47:8f:fb:c0:b9:a3:51:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 30 20:56:31 2025 GMT
            Not After : Jan 29 21:01:31 2026 GMT
        Subject: CN=93CF931B0B39B2230F4E61A616602D3875EB23C7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:13:2f:2b:69:0d:d9:72:a4:05:67:59:f8:45:
                    18:ef:d1:36:d0:14:83:b0:85:a3:ee:56:c4:d3:f9:
                    31:13:4c:d3:ec:08:15:55:75:72:2b:e3:eb:11:03:
                    a0:87:ac:9b:cd:0a:7d:e1:a1:50:a0:73:c9:c1:4e:
                    4a:e5:0a:4a:5f:6b:c1:e7:0d:e6:16:93:ad:ef:15:
                    32:2e:b9:df:32:98:05:0b:81:87:6b:ce:47:42:10:
                    a1:dc:ae:14:8d:cb:67:23:54:c5:e9:28:e1:e6:0a:
                    ff:59:d4:ac:af:ac:04:9f:11:67:81:a8:52:81:56:
                    58:d8:e1:49:6a:eb:40:31:75:f1:a9:20:78:3a:54:
                    ef:40:07:ff:5a:ac:3c:32:e9:be:b9:0a:ee:16:3a:
                    ee:18:b9:25:ee:76:b8:45:b8:51:9d:3e:48:00:43:
                    1e:17:03:07:4b:84:fb:69:aa:77:15:37:12:cf:19:
                    2c:fb:24:60:2d:68:6b:40:15:1d:bf:bd:af:db:7d:
                    cc:49:9e:62:64:ca:42:51:1b:bd:ca:16:66:e0:ef:
                    1b:08:46:7b:81:ec:54:1d:9a:59:90:0b:fe:55:c0:
                    43:c3:94:52:ec:a4:29:aa:a0:67:fe:c5:de:42:c2:
                    16:bf:26:09:38:22:7b:6e:fd:1d:d1:77:c0:20:da:
                    5b:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:CF:93:1B:0B:39:B2:23:0F:4E:61:A6:16:60:2D:38:75:EB:23:C7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213493.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b72::/48

    Signature Algorithm: sha256WithRSAEncryption
         49:2f:f4:45:29:83:03:17:46:1f:bf:87:dd:34:2f:2b:7c:8a:
         3b:71:e3:38:34:3b:0d:23:db:7a:57:11:dd:8c:f8:36:69:22:
         ad:c1:be:91:d4:1d:b7:94:32:83:2e:a4:69:9d:f7:e9:61:a2:
         5a:da:cb:d1:3f:ab:ff:55:32:b0:99:db:ba:59:37:eb:e1:6f:
         32:5a:42:98:9d:6c:b0:43:29:4e:f6:1c:46:13:18:3a:08:ca:
         46:c7:7f:6a:b1:75:bd:4d:6d:09:2b:a1:59:a5:c5:25:61:48:
         e8:ed:8e:8c:2c:29:d6:ae:e2:17:6f:04:7c:f1:8c:2b:bb:ef:
         87:98:9b:e7:d8:28:70:bc:a8:a9:70:5e:51:30:de:a3:17:55:
         1e:b5:5d:bd:ac:92:7a:dc:29:6d:3a:85:42:33:da:64:4b:d2:
         c0:ed:9d:83:0c:bb:c5:99:7f:4d:58:62:d2:19:5a:e3:86:28:
         90:32:3a:57:26:0d:3d:9e:48:71:9b:11:6e:9d:3d:e4:c3:c1:
         cb:aa:47:04:18:5f:97:be:62:d1:48:3b:a4:4a:68:45:31:e2:
         d7:c8:79:b3:5f:2b:21:56:30:04:82:8c:84:c3:5d:44:d7:e3:
         f0:88:e7:e0:7b:77:5c:84:86:2b:a5:af:e1:e7:ea:ba:49:40:
         28:3b:fc:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbAag/l8lGbZgspQFR4/7wLmjURswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAxMzAyMDU2MzFaFw0yNjAxMjkyMTAxMzFaMDMxMTAvBgNV
BAMTKDkzQ0Y5MzFCMEIzOUIyMjMwRjRFNjFBNjE2NjAyRDM4NzVFQjIzQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6Ey8raQ3ZcqQFZ1n4RRjv0TbQ
FIOwhaPuVsTT+TETTNPsCBVVdXIr4+sRA6CHrJvNCn3hoVCgc8nBTkrlCkpfa8Hn
DeYWk63vFTIuud8ymAULgYdrzkdCEKHcrhSNy2cjVMXpKOHmCv9Z1KyvrASfEWeB
qFKBVljY4Ulq60AxdfGpIHg6VO9AB/9arDwy6b65Cu4WOu4YuSXudrhFuFGdPkgA
Qx4XAwdLhPtpqncVNxLPGSz7JGAtaGtAFR2/va/bfcxJnmJkykJRG73KFmbg7xsI
RnuB7FQdmlmQC/5VwEPDlFLspCmqoGf+xd5Cwha/Jgk4Intu/R3Rd8Ag2lt3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUk8+TGws5siMPTmGmFmAtOHXrI8cwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNDkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQtyMA0GCSqGSIb3DQEBCwUAA4IBAQBJL/RFKYMDF0Yfv4fdNC8rfIo7ceM4NDsN
I9t6VxHdjPg2aSKtwb6R1B23lDKDLqRpnffpYaJa2svRP6v/VTKwmdu6WTfr4W8y
WkKYnWywQylO9hxGExg6CMpGx39qsXW9TW0JK6FZpcUlYUjo7Y6MLCnWruIXbwR8
8Ywru++HmJvn2ChwvKipcF5RMN6jF1UetV29rJJ63CltOoVCM9pkS9LA7Z2DDLvF
mX9NWGLSGVrjhiiQMjpXJg09nkhxmxFunT3kw8HLqkcEGF+XvmLRSDukSmhFMeLX
yHmzXyshVjAEgoyEw11E1+PwiOfge3dchIYrpa/h5+q6SUAoO/yc
-----END CERTIFICATE-----