Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139648.roa
File:                     AS139648.roa (raw, json)
Hash identifier:          Jle+pwlaBiYnaDoBNj/+fbfGAsxA8fB9fyZDcpOwDfA=
Subject key identifier:   7B:C8:CB:3E:AD:0C:12:A0:D2:91:B6:0E:FF:23:01:BF:29:13:FC:39
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1AF31291230025C369CF894FA22C411A83507D4C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139648.roa
Signing time:             Tue 10 Jun 2025 13:30:15 +0000
ROA not before:           Tue 10 Jun 2025 13:25:15 +0000
ROA not after:            Tue 09 Jun 2026 13:30:15 +0000
asID:                     139648
IP address blocks:        2a13:9500:8d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:f3:12:91:23:00:25:c3:69:cf:89:4f:a2:2c:41:1a:83:50:7d:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 10 13:25:15 2025 GMT
            Not After : Jun  9 13:30:15 2026 GMT
        Subject: CN=7BC8CB3EAD0C12A0D291B60EFF2301BF2913FC39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:46:83:9c:be:91:cb:b2:c8:65:6f:b5:a2:8f:
                    b1:01:47:b9:b1:17:1d:bc:fa:ca:fd:26:11:00:61:
                    c6:87:20:5d:7f:cf:f8:34:dd:68:d1:31:3e:aa:78:
                    37:4c:a7:01:8e:26:7d:fe:a2:48:9b:6c:8f:fb:fa:
                    43:0f:3f:ce:62:4b:b5:df:6e:d8:10:0d:95:6d:ae:
                    e4:fc:3e:6a:71:aa:fa:a6:b6:bd:8b:87:71:f8:51:
                    53:ef:10:6a:24:bb:d1:d5:4d:06:e0:e2:9b:e8:32:
                    47:ee:65:2d:37:29:46:ec:72:45:01:c6:7a:06:a2:
                    23:bf:51:b7:99:19:2c:54:4d:0d:73:49:3c:a5:8f:
                    4a:c7:90:26:38:6e:4e:c7:62:0a:ac:54:1b:fd:31:
                    aa:2b:3e:bc:4f:e8:3d:9f:dd:1c:f4:c4:21:32:9f:
                    b2:c9:3c:47:2c:22:15:1c:82:dc:03:0c:5b:56:b1:
                    b8:e3:e3:71:b4:79:bb:a4:79:02:25:c4:4b:07:22:
                    18:5d:3f:9a:9e:6c:29:1b:61:40:a7:56:07:71:d2:
                    43:27:a9:a6:30:a9:be:c3:a9:7e:4a:fb:db:b7:62:
                    07:2e:5a:07:73:d9:18:a1:74:09:21:ba:34:7c:d9:
                    40:05:a2:06:20:85:2d:ab:71:69:78:82:aa:b2:f0:
                    93:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:C8:CB:3E:AD:0C:12:A0:D2:91:B6:0E:FF:23:01:BF:29:13:FC:39
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8d::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:b4:57:2b:eb:bf:d5:36:84:21:58:44:94:7f:e0:0f:66:9e:
         d2:16:fc:aa:d7:83:37:6a:76:4b:8b:22:33:9b:0a:ed:7c:b7:
         ab:99:3b:7d:cd:dc:81:92:58:be:e8:b3:d8:ec:0c:ca:20:44:
         5c:42:07:c8:be:7d:e2:13:90:64:a5:fb:01:67:f5:d1:6a:da:
         99:ca:5c:10:78:ba:45:fa:55:cd:51:af:55:b5:37:3c:fd:f5:
         0d:d4:f1:69:ed:fc:51:0f:57:a8:69:0c:d2:bf:aa:f7:e7:6f:
         d2:1d:fa:4e:07:3d:55:cb:98:78:47:6f:2b:47:52:41:0b:4e:
         c9:8c:b3:5b:2a:25:ec:00:7d:37:78:8d:9d:4f:40:76:18:29:
         96:80:a7:16:1f:23:fd:13:8e:ff:bb:52:fd:5b:1b:6f:02:2d:
         e0:0a:2d:17:fd:d0:e3:b5:c7:37:af:c9:c5:8e:25:70:bd:c2:
         f0:90:d6:cb:51:03:6a:76:69:69:87:06:7b:d4:05:f3:59:26:
         77:ed:39:fa:1a:ec:61:81:b8:7d:9a:86:24:d6:cf:02:06:31:
         3b:c0:0c:23:b4:d3:6d:ea:76:1a:bd:1d:d9:ec:ad:fd:c5:ef:
         6b:04:ef:60:50:e1:2d:0d:05:2d:87:98:d8:b5:35:f9:e3:61:
         3e:7a:08:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGvMSkSMAJcNpz4lPoixBGoNQfUwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTAxMzI1MTVaFw0yNjA2MDkxMzMwMTVaMDMxMTAvBgNV
BAMTKDdCQzhDQjNFQUQwQzEyQTBEMjkxQjYwRUZGMjMwMUJGMjkxM0ZDMzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIRoOcvpHLsshlb7Wij7EBR7mx
Fx28+sr9JhEAYcaHIF1/z/g03WjRMT6qeDdMpwGOJn3+okibbI/7+kMPP85iS7Xf
btgQDZVtruT8Pmpxqvqmtr2Lh3H4UVPvEGoku9HVTQbg4pvoMkfuZS03KUbsckUB
xnoGoiO/UbeZGSxUTQ1zSTylj0rHkCY4bk7HYgqsVBv9MaorPrxP6D2f3Rz0xCEy
n7LJPEcsIhUcgtwDDFtWsbjj43G0ebukeQIlxEsHIhhdP5qebCkbYUCnVgdx0kMn
qaYwqb7DqX5K+9u3YgcuWgdz2RihdAkhujR82UAFogYghS2rcWl4gqqy8JMZAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUe8jLPq0MEqDSkbYO/yMBvykT/DkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM5NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACNMA0GCSqGSIb3DQEBCwUAA4IBAQARtFcr67/VNoQhWESUf+APZp7SFvyq14M3
anZLiyIzmwrtfLermTt9zdyBkli+6LPY7AzKIERcQgfIvn3iE5BkpfsBZ/XRatqZ
ylwQeLpF+lXNUa9VtTc8/fUN1PFp7fxRD1eoaQzSv6r352/SHfpOBz1Vy5h4R28r
R1JBC07JjLNbKiXsAH03eI2dT0B2GCmWgKcWHyP9E47/u1L9WxtvAi3gCi0X/dDj
tcc3r8nFjiVwvcLwkNbLUQNqdmlphwZ71AXzWSZ37Tn6Guxhgbh9moYk1s8CBjE7
wAwjtNNt6nYavR3Z7K39xe9rBO9gUOEtDQUth5jYtTX542E+eghT
-----END CERTIFICATE-----