Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142271.roa
File:                     AS142271.roa (raw, json)
Hash identifier:          kIDuqYOGpWcCj0tWok7iF2204rfdyqeiuUoX/ZIyPT8=
Subject key identifier:   FF:AD:EF:98:CE:E6:6D:B2:5C:C5:1B:A7:B3:01:1A:75:AE:94:0E:A7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0F6D39363C0E2CD290A4E1457E73E2F5A5311115
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142271.roa
Signing time:             Tue 24 Feb 2026 15:48:35 +0000
ROA not before:           Tue 24 Feb 2026 15:43:35 +0000
ROA not after:            Tue 23 Feb 2027 15:48:35 +0000
asID:                     142271
IP address blocks:        2a13:9500:140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:6d:39:36:3c:0e:2c:d2:90:a4:e1:45:7e:73:e2:f5:a5:31:11:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 24 15:43:35 2026 GMT
            Not After : Feb 23 15:48:35 2027 GMT
        Subject: CN=FFADEF98CEE66DB25CC51BA7B3011A75AE940EA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d1:97:7c:5c:8c:07:27:74:b9:a3:1f:57:51:
                    bc:3c:48:bd:91:91:cd:fb:d7:9d:3a:34:be:5c:6e:
                    89:06:bd:90:e0:ed:88:55:68:7b:d6:6f:ea:ff:09:
                    a9:55:7c:34:20:d5:20:75:12:5b:36:8c:5d:fa:03:
                    ef:f5:5c:f0:c4:21:dc:99:e9:e6:ee:91:b0:68:32:
                    4f:35:02:ee:f3:de:56:38:53:9c:f6:55:2f:c1:81:
                    5f:e3:93:9a:30:47:a8:2a:60:cb:06:a7:46:ef:e0:
                    e2:69:e0:48:05:4c:f2:4c:cd:e5:96:0a:47:17:e6:
                    a4:58:67:fe:4e:39:fb:f6:cc:be:26:9f:cd:24:1f:
                    ba:46:c7:8d:f2:02:03:46:0a:14:fb:2c:a4:59:2b:
                    ef:fc:4f:5d:26:2b:e5:30:e0:56:43:57:d7:8f:32:
                    bf:47:72:0f:22:9c:80:c7:09:d6:c6:52:29:75:6b:
                    cc:93:4b:1a:a3:75:be:a8:d5:57:40:82:52:ca:aa:
                    a3:10:02:cf:7c:4a:0a:2a:2f:a0:68:cf:ad:9e:d6:
                    e1:71:43:1b:39:f2:52:93:f0:d7:8f:ce:17:92:49:
                    83:90:03:67:76:15:1d:e1:8a:4a:8b:a1:b7:25:02:
                    67:3d:07:84:27:19:09:e6:45:30:65:15:ed:45:e1:
                    7e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:AD:EF:98:CE:E6:6D:B2:5C:C5:1B:A7:B3:01:1A:75:AE:94:0E:A7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS142271.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:140::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:04:a3:8e:33:e2:fd:95:53:ef:a7:9d:0f:08:02:31:6e:4b:
         37:63:dd:47:51:d3:83:39:a3:f5:07:ba:89:50:7d:bd:7b:31:
         07:4b:ab:90:10:ad:f3:ae:41:42:fb:ff:14:2a:e7:b7:f3:d5:
         52:fb:ed:aa:0d:c2:83:4c:cf:71:a5:0e:9d:46:b5:b3:23:8a:
         d9:a5:2d:28:54:48:2a:87:25:c3:e3:50:ae:6b:38:05:ec:de:
         38:ea:ed:1f:0f:de:2c:9d:91:fd:1c:09:36:58:cf:3c:c4:00:
         a6:9e:de:07:12:83:ef:5c:1d:db:47:a9:7f:9d:79:38:c9:b9:
         91:12:08:5c:dd:ec:1f:22:84:0e:93:15:c1:4a:15:ee:c0:33:
         25:f2:ed:49:95:7f:0d:16:9e:c4:15:06:ca:a1:3c:29:5e:38:
         86:3a:05:fd:d7:e4:f6:f5:de:7f:94:e1:a5:a6:a0:85:1e:8a:
         0b:f3:5e:9f:86:ee:e9:3a:96:f7:5f:ec:39:52:02:08:86:bf:
         88:36:bc:01:74:f9:10:36:9b:12:76:a4:3b:61:7e:ea:77:10:
         ba:8d:29:2b:76:d1:1d:d5:0d:cb:96:f8:51:68:7a:a3:0c:f0:
         22:84:37:b6:18:0b:11:ed:f1:3e:c6:c8:22:b7:23:d8:de:b2:
         df:eb:2a:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUD205NjwOLNKQpOFFfnPi9aUxERUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjQxNTQzMzVaFw0yNzAyMjMxNTQ4MzVaMDMxMTAvBgNV
BAMTKEZGQURFRjk4Q0VFNjZEQjI1Q0M1MUJBN0IzMDExQTc1QUU5NDBFQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW0Zd8XIwHJ3S5ox9XUbw8SL2R
kc371506NL5cbokGvZDg7YhVaHvWb+r/CalVfDQg1SB1Els2jF36A+/1XPDEIdyZ
6ebukbBoMk81Au7z3lY4U5z2VS/BgV/jk5owR6gqYMsGp0bv4OJp4EgFTPJMzeWW
CkcX5qRYZ/5OOfv2zL4mn80kH7pGx43yAgNGChT7LKRZK+/8T10mK+Uw4FZDV9eP
Mr9Hcg8inIDHCdbGUil1a8yTSxqjdb6o1VdAglLKqqMQAs98SgoqL6Boz62e1uFx
Qxs58lKT8NePzheSSYOQA2d2FR3hikqLobclAmc9B4QnGQnmRTBlFe1F4X4XAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/63vmM7mbbJcxRunswEada6UDqcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTQyMjcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFAMA0GCSqGSIb3DQEBCwUAA4IBAQCRBKOOM+L9lVPvp50PCAIxbks3Y91HUdOD
OaP1B7qJUH29ezEHS6uQEK3zrkFC+/8UKue389VS++2qDcKDTM9xpQ6dRrWzI4rZ
pS0oVEgqhyXD41CuazgF7N446u0fD94snZH9HAk2WM88xACmnt4HEoPvXB3bR6l/
nXk4ybmREghc3ewfIoQOkxXBShXuwDMl8u1JlX8NFp7EFQbKoTwpXjiGOgX91+T2
9d5/lOGlpqCFHooL816fhu7pOpb3X+w5UgIIhr+INrwBdPkQNpsSdqQ7YX7qdxC6
jSkrdtEd1Q3LlvhRaHqjDPAihDe2GAsR7fE+xsgityPY3rLf6yrX
-----END CERTIFICATE-----