Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205941.roa
File:                     AS205941.roa (raw, json)
Hash identifier:          ziUd7RolxH73sibIXVK9Dj31BJVjVqqan1c4/C2L1LI=
Subject key identifier:   8E:13:24:56:73:05:1F:AE:56:C1:97:DE:A7:C5:47:5D:F0:B1:E6:28
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       18C0F1AE252A56C555E7B5BD8CC62697E1497059
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205941.roa
Signing time:             Sat 01 Nov 2025 12:41:32 +0000
ROA not before:           Sat 01 Nov 2025 12:36:32 +0000
ROA not after:            Sat 31 Oct 2026 12:41:32 +0000
asID:                     205941
IP address blocks:        2a13:9500:103::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:c0:f1:ae:25:2a:56:c5:55:e7:b5:bd:8c:c6:26:97:e1:49:70:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Nov  1 12:36:32 2025 GMT
            Not After : Oct 31 12:41:32 2026 GMT
        Subject: CN=8E13245673051FAE56C197DEA7C5475DF0B1E628
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:f4:77:b5:f0:07:34:e3:1f:ba:e9:a6:87:be:
                    8b:d8:23:da:6d:86:4a:5e:45:f6:f1:fa:37:5f:64:
                    f3:58:39:80:0d:9a:dc:35:77:52:8f:49:a3:fd:5a:
                    f1:00:05:d8:8b:0b:04:dd:cb:d0:bb:3e:c9:77:63:
                    76:ae:d4:16:29:71:64:f9:d6:07:36:ab:8e:42:9d:
                    68:c6:cc:66:18:7e:53:fc:50:30:8a:d7:10:14:b9:
                    c2:a7:15:d6:03:6d:bb:d3:28:6f:d1:01:14:ed:9c:
                    d1:2b:33:5a:d6:35:f8:4a:8a:b4:25:61:32:cb:5a:
                    5c:3c:b5:fe:b2:c6:9a:17:4e:30:34:14:3d:77:eb:
                    a3:10:8d:63:84:98:59:8f:5c:98:76:85:6b:9b:25:
                    a3:d2:01:98:d5:18:5d:32:08:85:ba:fe:a5:82:e3:
                    92:4f:2f:12:e8:93:a8:f2:98:2f:df:24:ee:6a:c7:
                    1b:bc:5d:3c:c1:3c:b7:36:96:91:01:92:7f:b9:84:
                    f4:a6:fa:8a:00:57:33:5e:ff:7e:b6:cf:1a:01:9d:
                    fb:3f:cd:7f:5b:6a:65:14:53:42:e9:50:b8:6d:bc:
                    06:dc:e5:6c:37:00:8e:2a:3c:cc:d7:2d:8c:0a:20:
                    97:7e:e1:dc:ea:97:ee:58:9f:3d:18:a9:33:5b:21:
                    76:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:13:24:56:73:05:1F:AE:56:C1:97:DE:A7:C5:47:5D:F0:B1:E6:28
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205941.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:103::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:26:58:49:67:62:11:76:9c:54:f3:07:a7:e9:65:56:59:14:
         2e:4c:b6:d2:d9:dc:0c:7c:a0:67:54:16:0d:2c:19:8b:66:63:
         ce:10:4a:a5:43:af:18:c6:d2:ad:fe:7c:38:63:90:77:23:c7:
         66:4b:c0:0f:70:52:b8:64:3d:9f:fe:e4:db:3e:e7:92:1b:e8:
         46:69:ae:f8:f1:05:35:f9:a2:91:13:66:b7:31:6a:03:90:77:
         19:0c:51:4c:e0:a2:fa:1d:bd:d0:ff:a3:40:dc:83:29:ba:21:
         d5:9e:82:93:81:c5:38:bf:a6:45:0f:f1:9c:84:b4:17:36:21:
         db:a0:f1:48:30:73:06:4d:c0:70:f1:cc:9b:59:66:ab:f0:90:
         68:54:5c:3d:ed:eb:df:59:f9:94:0c:77:14:d9:e3:73:bf:55:
         f9:b1:53:d0:73:16:ca:8d:f4:c5:0c:de:29:3e:7a:23:b5:cd:
         e7:46:2b:4b:9d:6e:b7:7f:2e:40:e1:f5:df:8f:0a:09:a2:a3:
         1c:4d:67:c0:bb:fa:ec:74:46:28:d3:f6:b6:fc:6f:90:2a:14:
         47:b2:ad:ec:70:b0:08:0a:98:13:db:ae:09:e3:23:32:3e:9e:
         2b:86:dd:b9:18:0c:09:16:e6:25:85:ad:7b:ee:8b:eb:17:bd:
         9a:28:c8:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGMDxriUqVsVV57W9jMYml+FJcFkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTExMDExMjM2MzJaFw0yNjEwMzExMjQxMzJaMDMxMTAvBgNV
BAMTKDhFMTMyNDU2NzMwNTFGQUU1NkMxOTdERUE3QzU0NzVERjBCMUU2MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC79He18Ac04x+66aaHvovYI9pt
hkpeRfbx+jdfZPNYOYANmtw1d1KPSaP9WvEABdiLCwTdy9C7Psl3Y3au1BYpcWT5
1gc2q45CnWjGzGYYflP8UDCK1xAUucKnFdYDbbvTKG/RARTtnNErM1rWNfhKirQl
YTLLWlw8tf6yxpoXTjA0FD1366MQjWOEmFmPXJh2hWubJaPSAZjVGF0yCIW6/qWC
45JPLxLok6jymC/fJO5qxxu8XTzBPLc2lpEBkn+5hPSm+ooAVzNe/362zxoBnfs/
zX9bamUUU0LpULhtvAbc5Ww3AI4qPMzXLYwKIJd+4dzql+5Ynz0YqTNbIXbRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUjhMkVnMFH65WwZfep8VHXfCx5igwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA1OTQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAEDMA0GCSqGSIb3DQEBCwUAA4IBAQB7JlhJZ2IRdpxU8wen6WVWWRQuTLbS2dwM
fKBnVBYNLBmLZmPOEEqlQ68YxtKt/nw4Y5B3I8dmS8APcFK4ZD2f/uTbPueSG+hG
aa748QU1+aKRE2a3MWoDkHcZDFFM4KL6Hb3Q/6NA3IMpuiHVnoKTgcU4v6ZFD/Gc
hLQXNiHboPFIMHMGTcBw8cybWWar8JBoVFw97evfWfmUDHcU2eNzv1X5sVPQcxbK
jfTFDN4pPnojtc3nRitLnW63fy5A4fXfjwoJoqMcTWfAu/rsdEYo0/a2/G+QKhRH
sq3scLAICpgT264J4yMyPp4rht25GAwJFuYlha177ovrF72aKMif
-----END CERTIFICATE-----