Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213866.roa
File:                     AS213866.roa (raw, json)
Hash identifier:          sQRXmljzcyNDxO6nhAEJqqkpLAguC5HkMtblkfInQSM=
Subject key identifier:   BC:9B:4E:AB:F4:DA:B9:C3:90:70:02:DA:EA:23:B7:6C:B0:EF:E3:87
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       449B05CBBD480B173AA10B54DA98FC70C7741D2A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213866.roa
Signing time:             Thu 28 Aug 2025 16:15:23 +0000
ROA not before:           Thu 28 Aug 2025 16:10:23 +0000
ROA not after:            Thu 27 Aug 2026 16:15:23 +0000
asID:                     213866
IP address blocks:        2a0f:85c1:8f7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:9b:05:cb:bd:48:0b:17:3a:a1:0b:54:da:98:fc:70:c7:74:1d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 28 16:10:23 2025 GMT
            Not After : Aug 27 16:15:23 2026 GMT
        Subject: CN=BC9B4EABF4DAB9C3907002DAEA23B76CB0EFE387
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:7e:3e:1a:44:56:86:d3:82:ad:76:17:ae:b7:
                    f2:a4:8d:7c:a9:5e:ac:7c:b9:4b:d9:d7:d5:93:3e:
                    db:10:f7:0c:60:5d:a0:23:be:8f:cf:ac:f0:fe:fa:
                    72:8d:ee:40:d9:64:2d:b3:38:b7:aa:81:9d:a8:c7:
                    3c:49:1e:94:85:25:fb:f9:38:ad:f9:19:26:b8:66:
                    fa:f9:29:8a:d4:61:83:12:65:7c:2c:aa:cc:3b:db:
                    d0:9f:c2:3b:9c:a4:90:43:43:f9:4a:c5:23:8a:49:
                    d0:75:93:7b:6b:cf:82:1c:53:22:c3:9b:f2:92:6d:
                    e0:4b:d7:78:b3:fd:66:a9:29:da:70:eb:b2:3c:c3:
                    ad:ba:0c:02:b8:e4:67:5f:29:41:0e:29:1c:97:91:
                    62:21:98:3e:b7:69:35:bd:a8:55:65:36:28:da:8a:
                    90:e2:4a:99:f2:ad:da:9c:93:b1:a6:3d:c7:29:1a:
                    69:a0:92:f7:2c:1b:8f:d5:3a:eb:6d:fa:9d:2b:8f:
                    7f:fc:48:46:0f:04:58:aa:db:09:0a:ff:7c:f0:90:
                    5e:1a:4c:a2:12:c3:5e:39:ec:8e:a6:d2:3d:c8:3b:
                    13:56:61:39:5e:36:da:b1:70:92:87:98:8b:a0:cc:
                    fb:db:8f:58:8f:a4:89:a6:4b:f6:97:02:26:24:b0:
                    8d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:9B:4E:AB:F4:DA:B9:C3:90:70:02:DA:EA:23:B7:6C:B0:EF:E3:87
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS213866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:8f7::/48

    Signature Algorithm: sha256WithRSAEncryption
         20:e1:6f:df:4f:e7:d8:fc:d2:c6:ba:36:1e:d3:a2:55:fd:60:
         72:e0:c4:22:5a:9a:8a:c5:91:15:29:a6:03:a2:9d:9c:df:37:
         3c:64:29:10:4b:70:11:fe:7e:37:46:75:66:73:0a:15:8d:66:
         72:65:9f:4d:19:39:58:c6:8a:57:74:3d:48:e3:95:b7:26:88:
         e4:79:1d:5b:0c:a9:8a:98:7c:59:da:e9:0e:b2:77:b0:de:7d:
         f7:91:4f:74:4a:6e:b9:05:9c:c5:0f:07:c9:e1:09:09:3c:cb:
         bb:3a:25:e6:db:09:f5:a6:5a:d3:15:3c:d1:66:1a:5a:98:a8:
         fa:26:07:0c:c5:24:df:a6:7f:28:c3:eb:50:bf:08:ef:d1:97:
         72:9f:77:84:c3:ed:7f:33:d0:5c:03:89:67:d2:a6:93:34:4e:
         a7:19:2e:20:74:73:96:87:5a:84:9a:bf:62:f5:95:ac:e9:e1:
         4f:6b:31:a8:ff:35:12:ba:7b:a5:4e:3f:e8:71:38:55:92:25:
         27:da:f0:25:7d:bd:a5:fc:d8:cf:7f:95:06:74:27:ad:ee:e2:
         0a:52:38:c9:db:1c:6e:c4:6b:14:dc:61:57:66:61:d5:c7:77:
         10:c4:73:4d:f0:1a:16:a3:01:34:e1:60:4c:07:e4:c0:b4:8b:
         92:ff:d9:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURJsFy71ICxc6oQtU2pj8cMd0HSowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjgxNjEwMjNaFw0yNjA4MjcxNjE1MjNaMDMxMTAvBgNV
BAMTKEJDOUI0RUFCRjREQUI5QzM5MDcwMDJEQUVBMjNCNzZDQjBFRkUzODcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLfj4aRFaG04Ktdheut/KkjXyp
Xqx8uUvZ19WTPtsQ9wxgXaAjvo/PrPD++nKN7kDZZC2zOLeqgZ2oxzxJHpSFJfv5
OK35GSa4Zvr5KYrUYYMSZXwsqsw729CfwjucpJBDQ/lKxSOKSdB1k3trz4IcUyLD
m/KSbeBL13iz/WapKdpw67I8w626DAK45GdfKUEOKRyXkWIhmD63aTW9qFVlNija
ipDiSpnyrdqck7GmPccpGmmgkvcsG4/VOutt+p0rj3/8SEYPBFiq2wkK/3zwkF4a
TKISw1457I6m0j3IOxNWYTleNtqxcJKHmIugzPvbj1iPpImmS/aXAiYksI3NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUvJtOq/TaucOQcALa6iO3bLDv44cwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEzODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQj3MA0GCSqGSIb3DQEBCwUAA4IBAQAg4W/fT+fY/NLGujYe06JV/WBy4MQiWpqK
xZEVKaYDop2c3zc8ZCkQS3AR/n43RnVmcwoVjWZyZZ9NGTlYxopXdD1I45W3Jojk
eR1bDKmKmHxZ2ukOsnew3n33kU90Sm65BZzFDwfJ4QkJPMu7OiXm2wn1plrTFTzR
ZhpamKj6JgcMxSTfpn8ow+tQvwjv0Zdyn3eEw+1/M9BcA4ln0qaTNE6nGS4gdHOW
h1qEmr9i9ZWs6eFPazGo/zUSunulTj/ocThVkiUn2vAlfb2l/NjPf5UGdCet7uIK
UjjJ2xxuxGsU3GFXZmHVx3cQxHNN8BoWowE04WBMB+TAtIuS/9lV
-----END CERTIFICATE-----