Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152672.roa
File:                     AS152672.roa (raw, json)
Hash identifier:          xQJ4Z7Jk8fw2ccwqDYHAZ/XPtW3Tk5LIIcM0RaJeUwI=
Subject key identifier:   EA:EF:45:A4:5B:3A:CA:E3:10:81:53:5A:A8:F2:63:0F:11:99:2E:A1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4292F3195CF7D14961119DF18F96E206F037E700
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152672.roa
Signing time:             Sat 14 Jun 2025 16:33:44 +0000
ROA not before:           Sat 14 Jun 2025 16:28:44 +0000
ROA not after:            Sat 13 Jun 2026 16:33:44 +0000
asID:                     152672
IP address blocks:        2a13:9500:92::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 18:17:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:92:f3:19:5c:f7:d1:49:61:11:9d:f1:8f:96:e2:06:f0:37:e7:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 14 16:28:44 2025 GMT
            Not After : Jun 13 16:33:44 2026 GMT
        Subject: CN=EAEF45A45B3ACAE31081535AA8F2630F11992EA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:09:4e:6d:38:73:f7:52:1a:39:30:ee:12:ad:
                    fa:fa:37:0b:3b:e1:45:7a:6d:03:de:55:4f:96:0a:
                    f5:55:42:12:94:7c:66:ce:cf:46:ed:30:1a:5e:39:
                    b9:b1:89:92:07:3d:6f:9d:68:99:a0:ff:dc:07:d4:
                    c5:08:09:c4:63:6d:c3:d4:fc:b0:d3:f3:4f:1c:31:
                    f1:c5:83:d9:00:ef:b4:a9:11:69:f0:5a:fa:09:23:
                    22:70:05:5f:2c:b1:c0:e3:7f:10:76:34:61:63:eb:
                    47:03:19:0a:70:47:43:a1:75:17:3d:86:54:70:2e:
                    eb:5c:df:bb:17:30:91:5f:b8:7f:53:8f:46:7c:36:
                    42:46:18:1b:c0:8e:69:d4:16:9d:e0:cd:2a:d9:db:
                    23:47:54:7d:ea:9f:39:56:b3:d9:e7:81:00:8a:fd:
                    d1:ae:7f:a4:62:f4:ac:93:14:ee:0b:97:02:9d:01:
                    fc:1f:18:a5:ed:ac:54:2d:2a:ae:dc:68:3f:15:90:
                    84:42:5c:b8:95:92:40:29:19:cb:1e:36:00:bc:84:
                    c6:0a:4e:d1:ef:9c:4f:f5:ec:d2:e9:6e:f2:57:70:
                    c2:ae:94:22:c0:93:82:d1:5e:05:4a:63:43:8f:07:
                    dd:3c:4b:ac:71:88:85:ff:c0:e5:f7:a8:a7:52:58:
                    03:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:EF:45:A4:5B:3A:CA:E3:10:81:53:5A:A8:F2:63:0F:11:99:2E:A1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS152672.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:92::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:57:09:c3:98:21:6d:62:ad:7f:7b:c1:89:9d:f3:cd:33:94:
         4c:34:fb:9b:66:aa:c4:f8:30:df:5b:0c:a7:04:89:27:e6:7e:
         a1:99:0b:3d:a5:a9:d3:a2:1f:52:db:4a:8e:e4:ac:27:e6:74:
         b5:7f:10:0e:02:b4:e8:4c:a9:46:d1:d4:7d:58:6e:0d:81:9b:
         a3:7e:ad:33:ac:a2:61:b6:9d:24:04:08:3c:e8:93:d4:07:01:
         23:dd:77:e3:2f:c7:7c:ef:1d:97:2d:31:eb:00:ca:dc:e7:47:
         4a:cf:85:3b:b4:78:9e:f3:c2:ba:1f:10:a7:84:ae:88:12:d3:
         75:cc:3f:9c:2f:92:70:34:67:76:8c:86:a2:70:96:ac:fd:a0:
         0e:26:c6:16:b6:53:06:d4:cc:1b:5f:6b:4e:78:f0:f6:fd:1a:
         3d:4b:94:e2:65:94:a4:23:5a:ae:fa:a7:62:cf:23:a9:d7:b3:
         81:ab:5b:54:11:61:16:a9:ca:fb:6b:8e:58:c9:aa:7e:0c:14:
         bc:ee:08:09:8a:fe:cb:b8:54:80:a5:32:e5:a0:b2:1e:05:e3:
         7f:b4:20:cd:38:42:41:ca:8e:e1:4c:a9:73:c5:0a:58:7b:6b:
         42:84:47:ca:d7:e0:d9:15:e3:64:f0:dd:6c:4a:d2:d2:05:cd:
         6f:6d:5c:5e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQpLzGVz30UlhEZ3xj5biBvA35wAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTQxNjI4NDRaFw0yNjA2MTMxNjMzNDRaMDMxMTAvBgNV
BAMTKEVBRUY0NUE0NUIzQUNBRTMxMDgxNTM1QUE4RjI2MzBGMTE5OTJFQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDECU5tOHP3Uho5MO4Srfr6Nws7
4UV6bQPeVU+WCvVVQhKUfGbOz0btMBpeObmxiZIHPW+daJmg/9wH1MUICcRjbcPU
/LDT808cMfHFg9kA77SpEWnwWvoJIyJwBV8sscDjfxB2NGFj60cDGQpwR0OhdRc9
hlRwLutc37sXMJFfuH9Tj0Z8NkJGGBvAjmnUFp3gzSrZ2yNHVH3qnzlWs9nngQCK
/dGuf6Ri9KyTFO4LlwKdAfwfGKXtrFQtKq7caD8VkIRCXLiVkkApGcseNgC8hMYK
TtHvnE/17NLpbvJXcMKulCLAk4LRXgVKY0OPB908S6xxiIX/wOX3qKdSWANzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU6u9FpFs6yuMQgVNaqPJjDxGZLqEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUyNjcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACSMA0GCSqGSIb3DQEBCwUAA4IBAQCXVwnDmCFtYq1/e8GJnfPNM5RMNPubZqrE
+DDfWwynBIkn5n6hmQs9panToh9S20qO5Kwn5nS1fxAOArToTKlG0dR9WG4NgZuj
fq0zrKJhtp0kBAg86JPUBwEj3XfjL8d87x2XLTHrAMrc50dKz4U7tHie88K6HxCn
hK6IEtN1zD+cL5JwNGd2jIaicJas/aAOJsYWtlMG1MwbX2tOePD2/Ro9S5TiZZSk
I1qu+qdizyOp17OBq1tUEWEWqcr7a45Yyap+DBS87ggJiv7LuFSApTLloLIeBeN/
tCDNOEJByo7hTKlzxQpYe2tChEfK1+DZFeNk8N1sStLSBc1vbVxe
-----END CERTIFICATE-----