Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135682.roa
File:                     AS135682.roa (raw, json)
Hash identifier:          1SYNRsbMlRNLACyw6o/GoNMoYomLTJfW2sC72scr61o=
Subject key identifier:   8C:16:F7:20:89:94:A8:7F:A5:A5:E4:CD:03:44:6A:8D:46:5A:4E:07
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       63BC8F7660ECA829228956B1B194D11E0124B0A4
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135682.roa
Signing time:             Sun 12 Apr 2026 13:59:46 +0000
ROA not before:           Sun 12 Apr 2026 13:54:46 +0000
ROA not after:            Sun 11 Apr 2027 13:59:46 +0000
asID:                     135682
IP address blocks:        2a13:9500:163::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:bc:8f:76:60:ec:a8:29:22:89:56:b1:b1:94:d1:1e:01:24:b0:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 12 13:54:46 2026 GMT
            Not After : Apr 11 13:59:46 2027 GMT
        Subject: CN=8C16F7208994A87FA5A5E4CD03446A8D465A4E07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:9f:d5:53:36:b4:2d:3a:d3:2e:cf:71:88:79:
                    dc:7a:20:b9:91:df:bc:85:7d:2c:e2:92:c4:80:82:
                    c4:f0:b5:9c:56:75:d3:00:0f:08:e6:23:33:33:cd:
                    93:63:21:6f:dd:f4:d1:b0:7d:7a:e7:12:ff:70:ed:
                    50:81:23:33:cf:af:fd:a9:a0:0b:d2:dd:0a:10:32:
                    12:c4:52:69:86:17:51:a8:8a:72:40:e1:6c:63:0a:
                    58:0a:72:b9:e7:ab:f9:47:5b:b1:f7:bc:51:04:23:
                    9d:43:b4:b1:9d:a7:57:a4:80:2d:8a:60:b5:29:aa:
                    d7:bc:b4:5c:85:69:b9:e9:79:ef:cb:8d:3a:d6:8c:
                    a2:ec:9b:ed:16:12:3c:01:1d:36:f4:e4:a7:4a:62:
                    50:49:5b:a5:c9:94:6f:74:65:e3:78:cc:9d:9c:82:
                    af:72:3f:17:cd:17:6d:40:ab:6a:47:6b:f2:c5:19:
                    e0:aa:60:58:b5:8c:4e:4a:5a:d3:dd:e2:8c:d9:c9:
                    1a:46:20:c0:e5:b3:dc:1b:63:f5:f4:ae:53:8e:c6:
                    89:42:d3:9d:a2:f3:98:9b:e9:53:75:5d:2d:0e:7d:
                    9a:61:f6:ec:c7:d1:53:d2:50:26:cc:03:70:3c:43:
                    84:69:0e:d2:75:a7:fb:cd:e7:89:37:68:00:40:24:
                    d2:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:16:F7:20:89:94:A8:7F:A5:A5:E4:CD:03:44:6A:8D:46:5A:4E:07
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS135682.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:163::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:ea:c7:dc:59:b0:0a:ca:7f:73:e6:e6:2d:f8:4d:a3:51:2b:
         6c:62:7b:1d:76:e1:ce:24:b8:1e:8e:c3:0a:2b:6d:67:49:86:
         0b:77:37:7c:f6:36:a6:c3:5a:90:77:53:e1:d3:35:f6:02:5d:
         6e:4d:47:dc:c9:16:70:3f:3a:1a:93:e9:13:f9:b6:66:fd:99:
         a1:df:b3:cf:f6:b1:73:8e:91:be:25:e9:8b:0a:da:dd:9d:d3:
         d7:8b:b7:ec:5d:ac:90:d0:94:08:ae:7f:e9:ce:8d:a7:74:1d:
         07:b6:7b:b9:2a:13:45:8f:4a:9b:d7:b7:9c:e4:ba:61:c9:69:
         4d:21:69:69:83:e7:1d:56:ef:db:98:6b:99:c1:9f:7f:f2:5a:
         6e:6c:65:33:61:3d:4f:ff:8a:99:2e:ba:5f:69:26:bb:a7:5f:
         25:1f:c8:67:56:07:58:81:0b:fe:67:8c:16:69:5c:96:f2:b7:
         4c:ad:86:50:ca:a5:94:b0:75:42:41:10:15:b6:74:bb:bc:de:
         54:87:ce:dd:76:99:16:b7:2f:40:7a:a3:d4:7d:a0:35:f6:19:
         70:b6:f8:af:67:d9:d0:25:c0:08:cb:13:20:24:3f:04:51:11:
         71:37:0d:fa:82:c7:41:ae:13:2f:c5:8a:a5:7b:39:87:54:6d:
         94:39:56:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUY7yPdmDsqCkiiVaxsZTRHgEksKQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTIxMzU0NDZaFw0yNzA0MTExMzU5NDZaMDMxMTAvBgNV
BAMTKDhDMTZGNzIwODk5NEE4N0ZBNUE1RTRDRDAzNDQ2QThENDY1QTRFMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbn9VTNrQtOtMuz3GIedx6ILmR
37yFfSziksSAgsTwtZxWddMADwjmIzMzzZNjIW/d9NGwfXrnEv9w7VCBIzPPr/2p
oAvS3QoQMhLEUmmGF1GoinJA4WxjClgKcrnnq/lHW7H3vFEEI51DtLGdp1ekgC2K
YLUpqte8tFyFabnpee/LjTrWjKLsm+0WEjwBHTb05KdKYlBJW6XJlG90ZeN4zJ2c
gq9yPxfNF21Aq2pHa/LFGeCqYFi1jE5KWtPd4ozZyRpGIMDls9wbY/X0rlOOxolC
052i85ib6VN1XS0OfZph9uzH0VPSUCbMA3A8Q4RpDtJ1p/vN54k3aABAJNKzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUjBb3IImUqH+lpeTNA0RqjUZaTgcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM1NjgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFjMA0GCSqGSIb3DQEBCwUAA4IBAQBA6sfcWbAKyn9z5uYt+E2jUStsYnsdduHO
JLgejsMKK21nSYYLdzd89jamw1qQd1Ph0zX2Al1uTUfcyRZwPzoak+kT+bZm/Zmh
37PP9rFzjpG+JemLCtrdndPXi7fsXayQ0JQIrn/pzo2ndB0Htnu5KhNFj0qb17ec
5LphyWlNIWlpg+cdVu/bmGuZwZ9/8lpubGUzYT1P/4qZLrpfaSa7p18lH8hnVgdY
gQv+Z4wWaVyW8rdMrYZQyqWUsHVCQRAVtnS7vN5Uh87ddpkWty9AeqPUfaA19hlw
tvivZ9nQJcAIyxMgJD8EURFxNw36gsdBrhMvxYqlezmHVG2UOVbq
-----END CERTIFICATE-----