Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
File:                     AS213945.roa (raw, json)
Hash identifier:          StX+ScB0kJXgEKSXn6MVq/5Auy+blfKcO1CAmyZZso0=
Subject key identifier:   EE:B4:E3:85:E2:70:42:9F:AD:51:14:B7:27:68:C6:D4:2A:4D:D7:0B
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4DBCC1AB4058B276076B9604C6B8453BB219E9E6
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa
Signing time:             Thu 29 May 2025 12:06:29 +0000
ROA not before:           Thu 29 May 2025 12:01:29 +0000
ROA not after:            Thu 28 May 2026 12:06:29 +0000
asID:                     213945
IP address blocks:        217.18.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:bc:c1:ab:40:58:b2:76:07:6b:96:04:c6:b8:45:3b:b2:19:e9:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May 29 12:01:29 2025 GMT
            Not After : May 28 12:06:29 2026 GMT
        Subject: CN=EEB4E385E270429FAD5114B72768C6D42A4DD70B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:61:a7:b4:45:d6:46:5f:83:e9:36:82:9f:2e:
                    e8:bb:ff:51:c4:f0:ff:a0:bc:80:02:19:8c:a9:cd:
                    1e:8c:3a:1f:88:21:6f:a1:10:e0:5f:fe:c4:1b:52:
                    0c:48:46:55:f1:a3:79:21:b2:71:bb:e0:72:48:55:
                    b1:82:4e:65:de:5f:a7:4e:1c:75:eb:06:89:b3:f2:
                    1d:68:80:54:27:9d:b0:1a:ea:b4:30:6c:94:c3:90:
                    93:24:7e:13:85:45:35:4b:ba:70:de:9b:67:0b:d3:
                    3c:0a:e7:b6:04:da:dc:0c:f7:07:34:3a:62:38:bd:
                    49:fe:67:81:d6:68:15:90:98:f6:0e:db:9d:67:0e:
                    56:1b:b1:78:9e:82:b5:c2:8d:96:47:8f:91:ae:df:
                    2c:7c:1e:c9:00:63:1b:3e:77:9e:a8:d6:ce:51:07:
                    5e:fe:0a:83:ba:36:c9:0f:df:8f:0b:81:3b:8c:f6:
                    98:9f:6d:59:22:f2:37:d0:9d:89:c4:1a:13:d1:b3:
                    22:1d:a7:84:47:26:3b:f9:85:58:57:f1:47:8c:b3:
                    58:df:7c:1b:23:c9:f3:0d:f0:a7:30:16:7d:0a:e1:
                    2e:c3:30:ae:ef:81:9c:bf:2b:fd:06:f3:86:3c:0f:
                    a9:1d:e2:d0:f1:42:0c:c6:33:61:ee:f1:61:6e:cb:
                    93:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B4:E3:85:E2:70:42:9F:AD:51:14:B7:27:68:C6:D4:2A:4D:D7:0B
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213945.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.18.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:00:7f:ac:ad:0a:d1:c3:db:f5:8a:3a:a9:74:19:3a:16:af:
         c1:57:0b:66:d0:7c:94:a4:28:cc:42:9c:70:2c:c1:e3:a9:72:
         d0:bf:a0:d9:3e:e0:31:09:29:c1:d0:2b:40:15:4c:86:f0:0e:
         33:57:e1:40:e5:51:15:38:f1:7e:a3:96:f3:89:a8:45:e0:c2:
         ed:81:ea:66:9b:13:67:db:7c:09:43:e8:80:be:68:c4:a6:d0:
         ce:af:f9:eb:ab:b8:b6:0a:4e:4a:2a:e6:49:71:2f:51:7d:6f:
         2b:5a:c1:d1:62:e8:d6:30:58:fa:ac:89:90:54:60:4f:f9:51:
         1d:d2:93:4f:55:81:3f:e4:ed:55:af:a9:50:15:99:a9:fc:22:
         d4:dd:be:97:5e:da:d5:bd:a8:ea:1f:32:f5:7b:5e:7a:09:62:
         13:2e:11:70:55:fd:e0:b4:77:6e:74:39:d0:2a:d5:8e:d2:ec:
         28:a2:f0:a5:3f:3f:c7:a1:ad:67:c6:f0:49:42:11:16:22:7b:
         3f:b4:ca:c9:d9:f0:f5:89:2b:36:3d:4d:c7:b7:83:4b:02:05:
         47:d0:6a:e0:cf:e8:b2:88:9c:c8:3b:cc:08:6c:ef:a5:15:1a:
         1d:48:35:9a:ca:b3:f8:98:82:97:1a:43:72:a5:0a:ab:02:fc:
         36:a1:63:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTbzBq0BYsnYHa5YExrhFO7IZ6eYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MjkxMjAxMjlaFw0yNjA1MjgxMjA2MjlaMDMxMTAvBgNV
BAMTKEVFQjRFMzg1RTI3MDQyOUZBRDUxMTRCNzI3NjhDNkQ0MkE0REQ3MEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+Yae0RdZGX4PpNoKfLui7/1HE
8P+gvIACGYypzR6MOh+IIW+hEOBf/sQbUgxIRlXxo3khsnG74HJIVbGCTmXeX6dO
HHXrBomz8h1ogFQnnbAa6rQwbJTDkJMkfhOFRTVLunDem2cL0zwK57YE2twM9wc0
OmI4vUn+Z4HWaBWQmPYO251nDlYbsXiegrXCjZZHj5Gu3yx8HskAYxs+d56o1s5R
B17+CoO6NskP348LgTuM9pifbVki8jfQnYnEGhPRsyIdp4RHJjv5hVhX8UeMs1jf
fBsjyfMN8KcwFn0K4S7DMK7vgZy/K/0G84Y8D6kd4tDxQgzGM2Hu8WFuy5O5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU7rTjheJwQp+tURS3J2jG1CpN1wswHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2RLR
MA0GCSqGSIb3DQEBCwUAA4IBAQCWAH+srQrRw9v1ijqpdBk6Fq/BVwtm0HyUpCjM
QpxwLMHjqXLQv6DZPuAxCSnB0CtAFUyG8A4zV+FA5VEVOPF+o5bziahF4MLtgepm
mxNn23wJQ+iAvmjEptDOr/nrq7i2Ck5KKuZJcS9RfW8rWsHRYujWMFj6rImQVGBP
+VEd0pNPVYE/5O1Vr6lQFZmp/CLU3b6XXtrVvajqHzL1e156CWITLhFwVf3gtHdu
dDnQKtWO0uwoovClPz/Hoa1nxvBJQhEWIns/tMrJ2fD1iSs2PU3Ht4NLAgVH0Grg
z+iyiJzIO8wIbO+lFRodSDWayrP4mIKXGkNypQqrAvw2oWMW
-----END CERTIFICATE-----