Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139659.roa
File:                     AS139659.roa (raw, json)
Hash identifier:          PS9HccwtU7j4qOi/c1mctqVnYV8vHqoCTcpPeJ4No2c=
Subject key identifier:   92:C3:DB:3E:B2:1D:57:C4:44:C7:55:15:4D:0B:F0:A0:49:93:A1:04
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1D8061176805F7B7299327FEE502E940E3C2D008
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139659.roa
Signing time:             Fri 27 Mar 2026 18:57:17 +0000
ROA not before:           Fri 27 Mar 2026 18:52:17 +0000
ROA not after:            Fri 26 Mar 2027 18:57:17 +0000
asID:                     139659
IP address blocks:        2a13:9500:158::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:80:61:17:68:05:f7:b7:29:93:27:fe:e5:02:e9:40:e3:c2:d0:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 27 18:52:17 2026 GMT
            Not After : Mar 26 18:57:17 2027 GMT
        Subject: CN=92C3DB3EB21D57C444C755154D0BF0A04993A104
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:7c:5a:30:69:58:a2:c7:04:bc:a1:18:77:41:
                    57:98:01:2c:2c:d8:bb:c0:eb:7f:d3:17:42:a3:4d:
                    69:08:f2:77:0d:a3:e9:eb:a4:2d:aa:7d:c9:34:f8:
                    a8:98:75:d6:97:51:2f:c7:14:26:d1:2d:fc:91:4c:
                    ea:a3:4b:25:79:79:7b:4e:04:5b:ba:2c:fb:01:9d:
                    9e:c2:a2:3e:64:14:8b:e1:e1:62:fe:55:82:92:f6:
                    56:d6:57:4d:1b:80:29:c4:d4:67:e9:5d:52:49:11:
                    ee:d5:16:1d:58:b7:1b:ab:05:6f:18:29:0f:8c:7f:
                    a8:a7:65:f9:69:00:ce:1d:d8:94:83:39:54:c2:26:
                    6e:19:90:fc:4a:a8:fd:9c:1a:a0:82:32:c6:f4:0f:
                    da:ff:a2:51:3e:14:28:11:d0:75:1b:25:2b:fa:f9:
                    da:03:45:1d:30:7d:38:5f:bd:ad:2e:32:60:68:55:
                    5e:f3:d9:a5:40:c1:82:8d:74:55:11:77:e2:10:2d:
                    15:8a:63:fc:17:0f:6a:d9:8b:cd:22:65:ca:30:c8:
                    66:ce:22:01:b4:6a:05:f6:92:2a:41:b8:5a:64:d9:
                    87:82:12:bb:be:92:ce:41:06:d6:96:56:21:0c:cb:
                    29:85:ae:86:59:75:5e:66:d7:37:bf:af:76:21:47:
                    e3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:C3:DB:3E:B2:1D:57:C4:44:C7:55:15:4D:0B:F0:A0:49:93:A1:04
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS139659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:158::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:43:5e:8f:38:5d:ab:81:99:79:4e:43:fe:fc:c3:f1:58:08:
         09:d6:e5:ca:86:ce:e7:e9:e5:da:d4:7d:e3:43:e5:c6:2a:fe:
         03:50:6e:b6:10:ec:1f:3f:99:c1:f3:6b:8d:23:1f:f1:db:16:
         ee:f5:2f:9c:e0:b7:9e:44:bd:76:dd:3b:10:c8:4c:de:53:3d:
         65:08:81:48:f4:47:9d:a8:a2:dc:a2:5a:8f:fb:25:c2:97:b8:
         8b:30:0a:6e:61:e6:6b:de:13:eb:ab:bb:4e:af:a5:f3:d5:c2:
         cd:6f:97:fd:dc:27:d3:4a:7d:a5:10:cb:eb:a1:e1:2d:d1:2c:
         77:8d:86:ac:4e:a4:47:41:d2:f5:84:ed:5a:9b:74:b0:4f:ea:
         a5:16:51:dc:f5:66:28:c1:27:2f:de:e1:e7:d9:18:d6:5d:9d:
         db:af:53:a4:f4:c6:fa:27:52:b5:9a:6a:26:1c:92:05:30:1b:
         f6:00:c9:44:61:c6:17:28:d8:34:e2:6b:08:96:07:5d:9d:78:
         cd:fb:a6:c5:fb:d6:bf:59:ea:75:fb:5c:b5:e9:61:f6:e5:c9:
         a0:18:70:ff:22:ec:1b:94:ac:82:c2:13:93:25:3a:c7:a3:c5:
         ed:ee:6e:e8:7f:62:17:08:77:61:88:dc:51:78:ad:40:92:b5:
         87:1c:3d:a5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHYBhF2gF97cpkyf+5QLpQOPC0AgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjcxODUyMTdaFw0yNzAzMjYxODU3MTdaMDMxMTAvBgNV
BAMTKDkyQzNEQjNFQjIxRDU3QzQ0NEM3NTUxNTREMEJGMEEwNDk5M0ExMDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTfFowaViixwS8oRh3QVeYASws
2LvA63/TF0KjTWkI8ncNo+nrpC2qfck0+KiYddaXUS/HFCbRLfyRTOqjSyV5eXtO
BFu6LPsBnZ7Coj5kFIvh4WL+VYKS9lbWV00bgCnE1GfpXVJJEe7VFh1YtxurBW8Y
KQ+Mf6inZflpAM4d2JSDOVTCJm4ZkPxKqP2cGqCCMsb0D9r/olE+FCgR0HUbJSv6
+doDRR0wfThfva0uMmBoVV7z2aVAwYKNdFURd+IQLRWKY/wXD2rZi80iZcowyGbO
IgG0agX2kipBuFpk2YeCEru+ks5BBtaWViEMyymFroZZdV5m1ze/r3YhR+P9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUksPbPrIdV8REx1UVTQvwoEmToQQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTM5NjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFYMA0GCSqGSIb3DQEBCwUAA4IBAQAvQ16POF2rgZl5TkP+/MPxWAgJ1uXKhs7n
6eXa1H3jQ+XGKv4DUG62EOwfP5nB82uNIx/x2xbu9S+c4LeeRL123TsQyEzeUz1l
CIFI9EedqKLcolqP+yXCl7iLMApuYeZr3hPrq7tOr6Xz1cLNb5f93CfTSn2lEMvr
oeEt0Sx3jYasTqRHQdL1hO1am3SwT+qlFlHc9WYowScv3uHn2RjWXZ3br1Ok9Mb6
J1K1mmomHJIFMBv2AMlEYcYXKNg04msIlgddnXjN+6bF+9a/Wep1+1y16WH25cmg
GHD/IuwblKyCwhOTJTrHo8Xt7m7of2IXCHdhiNxReK1AkrWHHD2l
-----END CERTIFICATE-----