Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213693.roa
File:                     AS213693.roa (raw, json)
Hash identifier:          OlcvalWUGE368+pcLy716w3GgxhcBn5TkRi38aAclBk=
Subject key identifier:   CC:02:74:EF:85:8F:8B:D9:62:16:73:A8:73:E4:38:BD:D2:A0:6A:78
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       79498B13785BDD3FF78170F3A04C5EEFC274EBB4
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213693.roa
Signing time:             Mon 10 Mar 2025 22:22:01 +0000
ROA not before:           Mon 10 Mar 2025 22:17:01 +0000
ROA not after:            Mon 09 Mar 2026 22:22:01 +0000
asID:                     213693
IP address blocks:        2a0f:85c1:b36::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:49:8b:13:78:5b:dd:3f:f7:81:70:f3:a0:4c:5e:ef:c2:74:eb:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 10 22:17:01 2025 GMT
            Not After : Mar  9 22:22:01 2026 GMT
        Subject: CN=CC0274EF858F8BD9621673A873E438BDD2A06A78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:fe:9d:7c:71:4f:2f:c6:d3:cc:04:45:44:c6:
                    3b:5c:3b:20:2a:14:b8:f5:9b:cd:65:50:1c:93:71:
                    a8:d3:88:8b:f3:98:9d:64:59:f2:b2:78:eb:f0:8d:
                    07:fa:67:35:c8:9a:a1:cc:aa:c4:ce:91:eb:07:41:
                    4e:1f:8e:0d:aa:30:64:11:a9:31:13:96:89:34:56:
                    04:b1:4d:83:fb:05:fa:7f:de:d7:07:b6:eb:92:22:
                    1a:18:ea:65:57:e3:61:20:90:55:db:e4:6f:61:bd:
                    bf:51:cf:96:24:11:53:05:97:65:29:69:8f:0e:31:
                    54:e3:bd:06:02:84:41:7b:44:66:e2:7d:47:26:6e:
                    64:01:b5:ec:dc:3a:a7:22:a3:18:6b:8c:e9:69:4e:
                    3a:cf:f9:ce:15:7d:70:67:85:60:79:f2:c1:9c:0d:
                    49:cf:4d:ae:4a:e6:5e:91:f1:19:f1:73:b1:ea:de:
                    86:0f:25:91:c7:71:cc:ce:08:91:6f:59:b6:84:80:
                    2b:06:ef:1d:00:4f:c3:90:cb:ac:ca:f4:a0:e8:33:
                    94:e2:20:87:87:15:9b:20:9d:6d:c6:ec:8f:a5:69:
                    c5:1a:f6:b3:a7:f5:0c:11:8d:1d:78:08:36:9b:9b:
                    e3:aa:d8:81:69:be:7f:98:e7:86:c6:77:17:31:e8:
                    b8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:02:74:EF:85:8F:8B:D9:62:16:73:A8:73:E4:38:BD:D2:A0:6A:78
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213693.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:b36::/48

    Signature Algorithm: sha256WithRSAEncryption
         46:d5:cf:8e:25:71:f2:eb:b6:7c:74:8a:a1:fc:c5:51:95:10:
         58:89:b1:2b:40:0b:05:8b:cd:38:88:6a:e2:12:12:fc:de:f4:
         de:47:02:be:aa:fa:6a:c8:08:dd:6d:d5:e9:d1:c2:20:1a:cb:
         c0:be:44:49:2f:e7:32:b5:cb:79:bc:2e:d1:26:c6:fd:56:08:
         c6:18:11:c4:5f:a7:fc:df:09:05:5c:22:7a:de:04:89:b6:c1:
         f1:66:39:53:e8:b3:73:84:3f:a2:91:df:db:d0:ce:ea:b8:54:
         56:d1:ea:98:3b:9b:bd:de:ad:ff:ca:5c:66:30:67:23:30:f5:
         d4:eb:a2:80:9c:d8:bb:9e:93:51:78:98:4c:22:c5:28:c7:eb:
         3a:83:6b:b6:09:48:6c:e5:11:f8:df:79:2b:fc:cc:cf:3c:23:
         39:af:7f:4c:a1:f8:5d:4f:b5:1d:29:f8:15:cd:2e:cf:b2:2d:
         41:49:b9:3b:23:86:1e:cc:cc:a6:a7:b6:63:96:66:96:09:25:
         56:00:12:8b:7f:fd:fc:7b:11:0a:8e:d3:45:2f:40:3f:5b:8a:
         03:c0:37:2b:65:d9:50:6b:43:4e:d3:5e:9f:5c:12:61:c5:82:
         d0:85:e1:5a:0e:cb:87:8d:e1:4e:b3:0f:46:dc:21:de:26:4d:
         cb:13:a7:26
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUeUmLE3hb3T/3gXDzoExe78J067QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMTAyMjE3MDFaFw0yNjAzMDkyMjIyMDFaMDMxMTAvBgNV
BAMTKENDMDI3NEVGODU4RjhCRDk2MjE2NzNBODczRTQzOEJERDJBMDZBNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY/p18cU8vxtPMBEVExjtcOyAq
FLj1m81lUByTcajTiIvzmJ1kWfKyeOvwjQf6ZzXImqHMqsTOkesHQU4fjg2qMGQR
qTETlok0VgSxTYP7Bfp/3tcHtuuSIhoY6mVX42EgkFXb5G9hvb9Rz5YkEVMFl2Up
aY8OMVTjvQYChEF7RGbifUcmbmQBtezcOqcioxhrjOlpTjrP+c4VfXBnhWB58sGc
DUnPTa5K5l6R8Rnxc7Hq3oYPJZHHcczOCJFvWbaEgCsG7x0AT8OQy6zK9KDoM5Ti
IIeHFZsgnW3G7I+lacUa9rOn9QwRjR14CDabm+Oq2IFpvn+Y54bGdxcx6LhrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUzAJ074WPi9liFnOoc+Q4vdKgangwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzNjkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQs2MA0GCSqGSIb3DQEBCwUAA4IBAQBG1c+OJXHy67Z8dIqh/MVRlRBYibErQAsF
i804iGriEhL83vTeRwK+qvpqyAjdbdXp0cIgGsvAvkRJL+cytct5vC7RJsb9VgjG
GBHEX6f83wkFXCJ63gSJtsHxZjlT6LNzhD+ikd/b0M7quFRW0eqYO5u93q3/ylxm
MGcjMPXU66KAnNi7npNReJhMIsUox+s6g2u2CUhs5RH433kr/MzPPCM5r39Mofhd
T7UdKfgVzS7Psi1BSbk7I4YezMymp7ZjlmaWCSVWABKLf/38exEKjtNFL0A/W4oD
wDcrZdlQa0NO016fXBJhxYLQheFaDsuHjeFOsw9G3CHeJk3LE6cm
-----END CERTIFICATE-----