Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153717.roa
File:                     AS153717.roa (raw, json)
Hash identifier:          WiXkUEtcGC7VbfbjX5sFN5ed3v+l4xFBQvBTTW2Enx8=
Subject key identifier:   5A:A8:57:D8:C9:60:5F:C2:7A:BB:FD:88:DE:C2:88:B1:56:16:83:EA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0FF2A396AB4E75BA7DE9F6E853EDE2998A1EECE2
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153717.roa
Signing time:             Fri 25 Jul 2025 05:56:01 +0000
ROA not before:           Fri 25 Jul 2025 05:51:01 +0000
ROA not after:            Fri 24 Jul 2026 05:56:01 +0000
asID:                     153717
IP address blocks:        2a13:9500:b9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:f2:a3:96:ab:4e:75:ba:7d:e9:f6:e8:53:ed:e2:99:8a:1e:ec:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 25 05:51:01 2025 GMT
            Not After : Jul 24 05:56:01 2026 GMT
        Subject: CN=5AA857D8C9605FC27ABBFD88DEC288B1561683EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:0a:b9:49:3a:36:74:a1:05:ad:28:24:0c:05:
                    18:ff:e4:89:88:ad:a5:33:98:4e:a7:1b:f0:de:e0:
                    35:03:4a:04:48:2b:7b:0b:af:1e:c8:44:02:e0:2b:
                    0d:43:0b:89:fb:5d:33:58:95:f2:d7:9e:62:34:13:
                    79:1d:e6:8a:34:81:40:25:65:48:ae:7c:09:3b:5f:
                    2d:2d:f9:3e:64:33:f6:fb:2c:80:34:56:86:34:ab:
                    6d:21:f1:4d:34:c0:c1:29:af:30:fd:80:98:c3:c0:
                    22:14:61:4b:9d:d4:6a:36:da:1b:02:b5:70:72:4d:
                    79:2c:dc:0e:09:4c:43:0c:eb:68:f4:9f:0d:f5:d5:
                    54:c3:92:a2:79:a4:cc:05:88:e9:5a:67:b6:23:e8:
                    cc:e7:f7:37:b8:fc:a4:67:7d:11:70:69:cf:e2:38:
                    3b:b0:83:b6:7b:53:24:8f:5f:5b:97:0d:65:13:cd:
                    6f:13:fc:60:41:21:49:fe:28:cc:04:ff:3a:03:fa:
                    31:b0:8c:d4:1b:4f:90:49:25:4a:7f:cd:ab:02:60:
                    73:3c:a2:a7:80:14:72:77:05:e6:88:7a:cf:9a:b4:
                    74:48:d9:83:88:b2:a1:66:24:62:7c:5c:1c:80:77:
                    98:6d:29:6f:d3:2c:c3:fc:13:0f:25:19:ec:36:ad:
                    08:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A8:57:D8:C9:60:5F:C2:7A:BB:FD:88:DE:C2:88:B1:56:16:83:EA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS153717.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:b9::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:69:2e:24:67:e7:4a:06:13:28:5d:72:92:0b:13:c5:b2:7a:
         98:0d:2d:b5:8d:70:3c:60:48:35:2c:a2:f2:b9:28:15:4a:cd:
         56:68:25:34:fc:da:fb:46:cc:4a:6b:5e:47:e6:bf:84:96:4e:
         8d:06:41:d6:3c:40:d3:db:3f:ed:15:19:7a:0b:27:cb:92:e3:
         5b:3f:64:95:d3:68:65:48:24:b5:67:1a:8d:08:4a:9f:da:5d:
         db:a8:13:80:f3:9f:83:17:ba:a7:7b:33:59:21:30:6b:dc:ba:
         d0:bb:cb:22:21:6f:6b:a9:a3:2e:36:f6:12:02:6f:0f:3f:3a:
         d0:71:9c:02:5f:86:e4:56:a6:25:32:2d:02:bd:e4:77:68:b4:
         f3:7e:06:fd:f4:29:60:cd:bf:52:0e:1a:22:7c:0f:d4:b1:6e:
         f6:60:a5:d3:29:e6:b4:1a:e5:cf:60:9f:22:39:2a:42:21:0f:
         cf:ff:f8:7e:a5:0d:24:55:96:17:a2:f8:ec:d4:b2:33:a6:d1:
         e3:83:c3:7c:d9:79:9b:8c:16:ba:e7:8e:a0:d9:98:43:06:46:
         b3:c4:42:c1:7b:05:91:bd:82:18:da:01:15:bb:79:54:bb:94:
         e2:32:3d:d0:1f:8b:dc:7f:08:cb:4d:f9:d9:38:28:86:10:f4:
         2f:26:3d:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUD/KjlqtOdbp96fboU+3imYoe7OIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjUwNTUxMDFaFw0yNjA3MjQwNTU2MDFaMDMxMTAvBgNV
BAMTKDVBQTg1N0Q4Qzk2MDVGQzI3QUJCRkQ4OERFQzI4OEIxNTYxNjgzRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVCrlJOjZ0oQWtKCQMBRj/5ImI
raUzmE6nG/De4DUDSgRIK3sLrx7IRALgKw1DC4n7XTNYlfLXnmI0E3kd5oo0gUAl
ZUiufAk7Xy0t+T5kM/b7LIA0VoY0q20h8U00wMEprzD9gJjDwCIUYUud1Go22hsC
tXByTXks3A4JTEMM62j0nw311VTDkqJ5pMwFiOlaZ7Yj6Mzn9ze4/KRnfRFwac/i
ODuwg7Z7UySPX1uXDWUTzW8T/GBBIUn+KMwE/zoD+jGwjNQbT5BJJUp/zasCYHM8
oqeAFHJ3BeaIes+atHRI2YOIsqFmJGJ8XByAd5htKW/TLMP8Ew8lGew2rQhnAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUWqhX2MlgX8J6u/2I3sKIsVYWg+owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTUzNzE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAC5MA0GCSqGSIb3DQEBCwUAA4IBAQCjaS4kZ+dKBhMoXXKSCxPFsnqYDS21jXA8
YEg1LKLyuSgVSs1WaCU0/Nr7RsxKa15H5r+Elk6NBkHWPEDT2z/tFRl6CyfLkuNb
P2SV02hlSCS1ZxqNCEqf2l3bqBOA85+DF7qnezNZITBr3LrQu8siIW9rqaMuNvYS
Am8PPzrQcZwCX4bkVqYlMi0CveR3aLTzfgb99Clgzb9SDhoifA/UsW72YKXTKea0
GuXPYJ8iOSpCIQ/P//h+pQ0kVZYXovjs1LIzptHjg8N82XmbjBa6546g2ZhDBkaz
xELBewWRvYIY2gEVu3lUu5TiMj3QH4vcfwjLTfnZOCiGEPQvJj2p
-----END CERTIFICATE-----