Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213001.roa
File:                     AS213001.roa (raw, json)
Hash identifier:          bZVlu9CUqMCyfFKheLGYvwAPdxFLxfzWo0SSp+JKS3Y=
Subject key identifier:   FE:DD:EA:94:35:2D:DC:C7:26:E5:A0:D3:84:75:C9:B3:31:58:44:9B
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       64E78D886E34B8EA920FED5C19E1B41BAEA69099
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213001.roa
Signing time:             Fri 05 Jun 2026 11:36:11 +0000
ROA not before:           Fri 05 Jun 2026 11:31:11 +0000
ROA not after:            Fri 04 Jun 2027 11:36:11 +0000
asID:                     213001
IP address blocks:        95.135.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:e7:8d:88:6e:34:b8:ea:92:0f:ed:5c:19:e1:b4:1b:ae:a6:90:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  5 11:31:11 2026 GMT
            Not After : Jun  4 11:36:11 2027 GMT
        Subject: CN=FEDDEA94352DDCC726E5A0D38475C9B33158449B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:19:65:da:3f:31:70:20:7a:61:97:95:6b:88:
                    88:a1:d1:9e:97:da:a2:3b:e0:49:d9:04:92:1d:1f:
                    b2:e1:28:fd:e3:c3:9d:16:8c:6b:cf:90:30:dc:1d:
                    dc:a1:13:8a:21:1c:84:11:d5:7e:0d:e9:cf:de:ca:
                    49:38:14:2a:1b:ee:ff:fc:7e:e4:b1:19:9a:22:c7:
                    d0:0c:d1:34:ea:7a:1d:dd:f2:ff:36:9e:9b:78:65:
                    c4:b2:23:74:7d:6b:2b:06:6c:d6:5a:d8:b7:92:d4:
                    88:35:d1:84:1e:c5:c9:46:03:3f:9c:15:4d:78:e2:
                    28:db:1a:2e:71:b7:53:5d:e4:ea:13:dc:c1:2b:2d:
                    f1:1a:19:43:36:ed:2a:36:28:db:5f:22:89:b2:7e:
                    86:cc:43:e4:5c:5e:cd:82:f4:5b:db:05:e3:6a:31:
                    04:dd:82:86:3f:48:ff:e0:0c:8d:92:5b:4a:9c:de:
                    59:be:b9:13:3a:28:f0:33:eb:2b:e2:dc:68:12:6c:
                    ed:7c:e8:6d:68:50:ca:dc:7b:ad:18:b3:b7:72:f6:
                    33:b6:03:de:b5:ca:c5:b1:5f:38:28:39:33:21:b6:
                    1f:92:00:1d:98:00:33:db:d3:88:80:80:0b:ea:d3:
                    c4:80:12:e4:a3:56:26:0d:4b:1c:08:aa:1c:69:bb:
                    d9:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:EA:94:35:2D:DC:C7:26:E5:A0:D3:84:75:C9:B3:31:58:44:9B
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213001.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:31:fc:7b:e8:6e:06:98:c8:29:5c:b6:4f:77:0f:34:01:c7:
         75:b7:10:16:03:cb:e4:54:70:84:c5:45:4a:cc:1f:d4:9b:b0:
         ce:0f:1a:6a:4a:eb:44:97:3f:cd:82:f9:dd:47:57:78:7c:57:
         70:f9:ed:9e:ce:1c:d0:d1:c1:9a:d0:51:72:bd:91:35:fc:88:
         11:7d:54:c7:d3:26:da:ab:ad:df:4c:a2:b0:fd:80:a2:cf:1c:
         a6:3c:fd:74:d2:24:2c:90:a7:c4:81:0f:5b:f5:35:01:22:9c:
         86:65:2c:85:f0:e7:12:58:14:49:9b:2c:8b:e3:af:86:5d:b0:
         d0:4a:41:8b:f5:b1:f4:5a:93:f6:2f:b2:7d:be:e9:2c:d7:bb:
         ae:f4:d9:a1:4d:9f:9a:26:81:12:f6:7b:6c:12:9c:48:73:4e:
         b8:d9:c5:b7:49:06:87:99:62:76:3a:49:c1:06:15:4b:de:47:
         78:10:a2:62:66:97:27:29:c9:6e:8a:49:cf:f4:ac:a5:13:f0:
         b6:32:5e:3a:f1:7b:15:3b:84:ac:b3:8a:75:c6:cb:9a:a9:8e:
         c8:11:94:c5:7a:f4:7d:8f:76:f2:f3:62:39:f1:23:32:0e:7d:
         18:97:80:68:1b:3f:35:e5:82:8e:6f:c8:45:8b:7e:73:1f:18:
         88:e6:5a:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZOeNiG40uOqSD+1cGeG0G66mkJkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDUxMTMxMTFaFw0yNzA2MDQxMTM2MTFaMDMxMTAvBgNV
BAMTKEZFRERFQTk0MzUyRERDQzcyNkU1QTBEMzg0NzVDOUIzMzE1ODQ0OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBGWXaPzFwIHphl5VriIih0Z6X
2qI74EnZBJIdH7LhKP3jw50WjGvPkDDcHdyhE4ohHIQR1X4N6c/eykk4FCob7v/8
fuSxGZoix9AM0TTqeh3d8v82npt4ZcSyI3R9aysGbNZa2LeS1Ig10YQexclGAz+c
FU144ijbGi5xt1Nd5OoT3MErLfEaGUM27So2KNtfIomyfobMQ+RcXs2C9FvbBeNq
MQTdgoY/SP/gDI2SW0qc3lm+uRM6KPAz6yvi3GgSbO186G1oUMrce60Ys7dy9jO2
A961ysWxXzgoOTMhth+SAB2YADPb04iAgAvq08SAEuSjViYNSxwIqhxpu9mRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/t3qlDUt3Mcm5aDThHXJszFYRJswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzMDAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4dF
MA0GCSqGSIb3DQEBCwUAA4IBAQB+Mfx76G4GmMgpXLZPdw80Acd1txAWA8vkVHCE
xUVKzB/Um7DODxpqSutElz/NgvndR1d4fFdw+e2ezhzQ0cGa0FFyvZE1/IgRfVTH
0ybaq63fTKKw/YCizxymPP100iQskKfEgQ9b9TUBIpyGZSyF8OcSWBRJmyyL46+G
XbDQSkGL9bH0WpP2L7J9vuks17uu9NmhTZ+aJoES9ntsEpxIc0642cW3SQaHmWJ2
OknBBhVL3kd4EKJiZpcnKcluiknP9KylE/C2Ml468XsVO4Sss4p1xsuaqY7IEZTF
evR9j3by82I58SMyDn0Yl4BoGz815YKOb8hFi35zHxiI5lo9
-----END CERTIFICATE-----