Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213705.roa
File:                     AS213705.roa (raw, json)
Hash identifier:          C1IClQNcTto8Ijl6uvQHugj/2xNiGxJf2IVbDmrgmNg=
Subject key identifier:   E1:33:DA:FC:C0:0C:A2:31:6A:E7:0C:86:53:92:3C:D1:81:6E:7A:85
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0253307DFE390E7B033DCCB74D0FE0D6B3CDABB3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213705.roa
Signing time:             Thu 12 Jun 2025 14:16:43 +0000
ROA not before:           Thu 12 Jun 2025 14:11:43 +0000
ROA not after:            Thu 11 Jun 2026 14:16:43 +0000
asID:                     213705
IP address blocks:        2a06:2b86::/32 maxlen: 48
                          2a0b:8701::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:53:30:7d:fe:39:0e:7b:03:3d:cc:b7:4d:0f:e0:d6:b3:cd:ab:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:43 2025 GMT
            Not After : Jun 11 14:16:43 2026 GMT
        Subject: CN=E133DAFCC00CA2316AE70C8653923CD1816E7A85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ae:5e:38:b9:68:b3:e2:5c:f9:c2:e5:0b:0c:
                    b4:64:da:76:ab:6a:cd:f9:2d:c9:2a:fc:c5:4f:33:
                    bb:79:20:89:c6:fd:23:15:6b:7e:25:29:c4:8d:3a:
                    9a:4f:75:80:1d:30:dd:b3:8c:3c:72:a9:9e:90:0a:
                    0a:98:07:31:9a:cc:e5:0f:0b:23:7e:70:88:f9:63:
                    12:89:11:a2:cc:77:73:9a:30:4c:0b:d1:5d:9a:86:
                    7d:7d:d6:0c:cf:20:9d:bb:72:18:2f:e9:ca:85:87:
                    81:22:5b:d5:12:7a:41:f3:a8:24:51:54:53:a1:a9:
                    c1:7f:57:4e:6a:d9:c0:f6:23:6e:16:c1:0a:ff:16:
                    3e:56:23:2b:1a:e8:57:88:52:6a:3b:02:10:00:ce:
                    d1:00:34:2f:db:00:89:b1:01:9b:c9:ff:4e:d3:c1:
                    bf:5f:07:48:78:78:be:83:ba:11:ba:08:8d:04:09:
                    12:d9:be:85:e8:a8:fe:53:29:72:1c:6a:17:76:0c:
                    89:a5:fc:d3:51:97:1f:54:62:fc:98:34:f1:3e:2d:
                    38:e5:04:97:cd:02:92:0a:4b:b8:1c:da:3f:08:d1:
                    82:cc:5d:10:02:41:fd:87:83:db:aa:aa:4c:a5:42:
                    8e:44:7b:6a:2a:72:46:fc:0a:6c:04:0d:eb:7b:73:
                    6c:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:33:DA:FC:C0:0C:A2:31:6A:E7:0C:86:53:92:3C:D1:81:6E:7A:85
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS213705.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:2b86::/32
                  2a0b:8701::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:ba:77:a5:79:49:3c:b6:ea:c5:37:f3:09:41:de:f6:e0:91:
         08:d0:97:55:cb:20:27:5d:0d:c2:bb:c2:6c:5d:76:7d:90:e9:
         e6:64:34:4c:59:79:05:a0:48:3a:e3:5d:26:0f:11:b9:8a:74:
         f8:93:77:78:e9:72:91:4f:a5:68:13:2a:25:aa:e7:4c:d0:2d:
         b3:f4:2b:89:24:45:84:39:39:b0:69:bc:1f:ba:24:9e:54:96:
         12:43:00:58:65:37:bd:79:fd:71:45:74:ae:fa:82:e8:17:d9:
         a3:99:9b:9c:64:9c:98:92:67:c5:b0:44:7f:38:3f:e5:dc:70:
         32:4a:fa:42:f1:31:2a:15:ff:b1:10:55:da:fd:54:cd:d6:a1:
         0a:00:f8:aa:7e:c7:03:c5:fb:64:3f:7c:b7:be:78:0f:10:3f:
         8e:f3:1e:67:b8:89:dc:dc:19:dc:14:c4:8f:53:51:7c:d1:23:
         5c:91:e1:b2:06:a0:48:ef:cc:3e:6b:87:5f:16:2f:43:59:fb:
         bc:39:ad:70:10:90:ad:2f:18:52:79:6b:20:d3:44:7c:04:ab:
         23:75:aa:67:dc:f2:7d:f8:f9:0e:cd:e4:e9:df:9a:73:c6:3d:
         60:57:68:dc:8c:13:9e:01:03:6a:9a:90:60:1b:5c:cc:d6:b2:
         86:18:52:3e
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUAlMwff45DnsDPcy3TQ/g1rPNq7MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExNDNaFw0yNjA2MTExNDE2NDNaMDMxMTAvBgNV
BAMTKEUxMzNEQUZDQzAwQ0EyMzE2QUU3MEM4NjUzOTIzQ0QxODE2RTdBODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzrl44uWiz4lz5wuULDLRk2nar
as35Lckq/MVPM7t5IInG/SMVa34lKcSNOppPdYAdMN2zjDxyqZ6QCgqYBzGazOUP
CyN+cIj5YxKJEaLMd3OaMEwL0V2ahn191gzPIJ27chgv6cqFh4EiW9USekHzqCRR
VFOhqcF/V05q2cD2I24WwQr/Fj5WIysa6FeIUmo7AhAAztEANC/bAImxAZvJ/07T
wb9fB0h4eL6DuhG6CI0ECRLZvoXoqP5TKXIcahd2DIml/NNRlx9UYvyYNPE+LTjl
BJfNApIKS7gc2j8I0YLMXRACQf2Hg9uqqkylQo5Ee2oqckb8CmwEDet7c2zFAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQU4TPa/MAMojFq5wyGU5I80YFueoUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjEzNzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKgYr
hgMFACoLhwEwDQYJKoZIhvcNAQELBQADggEBAIy6d6V5STy26sU38wlB3vbgkQjQ
l1XLICddDcK7wmxddn2Q6eZkNExZeQWgSDrjXSYPEbmKdPiTd3jpcpFPpWgTKiWq
50zQLbP0K4kkRYQ5ObBpvB+6JJ5UlhJDAFhlN715/XFFdK76gugX2aOZm5xknJiS
Z8WwRH84P+XccDJK+kLxMSoV/7EQVdr9VM3WoQoA+Kp+xwPF+2Q/fLe+eA8QP47z
Hme4idzcGdwUxI9TUXzRI1yR4bIGoEjvzD5rh18WL0NZ+7w5rXAQkK0vGFJ5ayDT
RHwEqyN1qmfc8n34+Q7N5OnfmnPGPWBXaNyME54BA2qakGAbXMzWsoYYUj4=
-----END CERTIFICATE-----