Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206971.roa
File:                     AS206971.roa (raw, json)
Hash identifier:          8JhJSndZTTBu4z3BwNMXUqz1cxgPal65rYE1jYs7ejo=
Subject key identifier:   C1:EE:84:1C:09:F2:2E:0A:57:4D:9D:BB:C9:84:85:3D:8A:2A:F1:22
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       74B02A42AD3BB2389064131EBBC3A08ED0623334
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206971.roa
Signing time:             Sun 25 Jan 2026 22:27:54 +0000
ROA not before:           Sun 25 Jan 2026 22:22:54 +0000
ROA not after:            Sun 24 Jan 2027 22:27:54 +0000
asID:                     206971
IP address blocks:        2a13:9500:d6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:b0:2a:42:ad:3b:b2:38:90:64:13:1e:bb:c3:a0:8e:d0:62:33:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 25 22:22:54 2026 GMT
            Not After : Jan 24 22:27:54 2027 GMT
        Subject: CN=C1EE841C09F22E0A574D9DBBC984853D8A2AF122
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b5:36:5e:2e:f9:56:a8:cc:4f:ab:00:09:c5:
                    08:e8:49:24:5d:4c:fe:73:3d:77:fd:d9:ba:4a:b3:
                    b1:37:d2:45:bd:e2:5a:f1:a9:2d:99:46:27:33:a8:
                    f7:e7:e6:77:a5:03:b7:d8:6a:e5:1b:18:52:b7:27:
                    77:03:05:0f:a7:67:15:c2:03:0f:eb:ed:a5:c0:9e:
                    f3:02:d1:42:1e:0c:50:10:69:d2:27:65:bc:de:3f:
                    52:90:8b:78:d2:9e:e2:13:0e:ae:7a:6d:d7:66:e8:
                    72:a2:05:a1:3b:c5:5a:cd:30:3b:71:a4:3c:a5:27:
                    54:15:64:f2:c6:38:b2:50:6f:ee:a8:75:37:e1:d9:
                    2c:60:d7:66:79:dd:c6:24:b2:d0:db:1f:fe:6c:cc:
                    50:3c:0c:cf:ee:2b:d4:4e:9a:37:da:e0:83:2d:21:
                    5d:04:0c:40:8f:b6:98:e5:76:81:3b:63:35:c7:05:
                    ab:09:8a:9d:1c:a0:32:71:1f:33:78:e1:7f:21:54:
                    b6:f9:06:a8:7b:49:bb:95:2d:e1:3a:f5:cb:98:ae:
                    e0:31:aa:86:74:29:33:21:85:55:03:da:f0:1e:bf:
                    96:bc:62:05:dc:5c:7e:8b:93:a9:0a:34:76:ca:f4:
                    e0:a5:de:ff:34:c9:0c:4b:31:44:cb:02:41:ed:ec:
                    59:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:EE:84:1C:09:F2:2E:0A:57:4D:9D:BB:C9:84:85:3D:8A:2A:F1:22
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206971.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:d6::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:60:9d:f2:7b:0d:9a:ac:7e:55:26:7b:55:d5:99:d7:e4:c0:
         cd:97:45:7c:dc:08:22:80:94:83:a4:29:0d:59:66:28:af:ea:
         47:15:1d:9d:23:7a:be:9a:90:7c:11:28:30:8a:56:08:98:e8:
         00:d8:46:06:13:4b:ff:e9:59:f5:e9:82:8f:51:ee:8c:45:45:
         55:85:88:09:96:fe:3b:5b:31:df:d5:35:a9:4c:75:bd:44:63:
         7c:7f:70:e0:38:af:79:7f:9e:54:18:e8:d2:e2:b5:ec:a8:fa:
         ba:58:f7:4d:14:96:c1:b4:e1:0c:32:d5:11:56:8f:72:92:0a:
         f2:d1:0e:98:34:30:64:0f:f8:c9:2b:ff:30:c5:31:38:4c:5b:
         b5:64:5a:5c:24:ea:cd:9a:d1:41:bc:9c:e6:e1:da:f2:c6:7e:
         a4:0e:12:c1:0b:ed:4c:af:a7:d5:e0:c7:30:29:54:a5:67:b0:
         fd:2a:92:e6:52:7c:67:97:c5:27:41:82:61:57:eb:f0:b0:92:
         8c:c4:62:d8:77:49:eb:1d:71:82:11:b6:41:cd:e8:89:cf:1b:
         a7:9e:d2:49:47:49:98:f4:12:14:9a:d5:ff:e5:b5:f4:51:ab:
         36:b7:ec:50:de:10:aa:ea:c5:bf:c2:f9:48:e2:5a:8c:8c:87:
         18:4a:b8:94
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdLAqQq07sjiQZBMeu8OgjtBiMzQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAxMjUyMjIyNTRaFw0yNzAxMjQyMjI3NTRaMDMxMTAvBgNV
BAMTKEMxRUU4NDFDMDlGMjJFMEE1NzREOURCQkM5ODQ4NTNEOEEyQUYxMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEtTZeLvlWqMxPqwAJxQjoSSRd
TP5zPXf92bpKs7E30kW94lrxqS2ZRiczqPfn5nelA7fYauUbGFK3J3cDBQ+nZxXC
Aw/r7aXAnvMC0UIeDFAQadInZbzeP1KQi3jSnuITDq56bddm6HKiBaE7xVrNMDtx
pDylJ1QVZPLGOLJQb+6odTfh2Sxg12Z53cYkstDbH/5szFA8DM/uK9ROmjfa4IMt
IV0EDECPtpjldoE7YzXHBasJip0coDJxHzN44X8hVLb5Bqh7SbuVLeE69cuYruAx
qoZ0KTMhhVUD2vAev5a8YgXcXH6Lk6kKNHbK9OCl3v80yQxLMUTLAkHt7Fn1AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUwe6EHAnyLgpXTZ27yYSFPYoq8SIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2OTcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADWMA0GCSqGSIb3DQEBCwUAA4IBAQBSYJ3yew2arH5VJntV1ZnX5MDNl0V83Agi
gJSDpCkNWWYor+pHFR2dI3q+mpB8ESgwilYImOgA2EYGE0v/6Vn16YKPUe6MRUVV
hYgJlv47WzHf1TWpTHW9RGN8f3DgOK95f55UGOjS4rXsqPq6WPdNFJbBtOEMMtUR
Vo9ykgry0Q6YNDBkD/jJK/8wxTE4TFu1ZFpcJOrNmtFBvJzm4dryxn6kDhLBC+1M
r6fV4McwKVSlZ7D9KpLmUnxnl8UnQYJhV+vwsJKMxGLYd0nrHXGCEbZBzeiJzxun
ntJJR0mY9BIUmtX/5bX0Uas2t+xQ3hCq6sW/wvlI4lqMjIcYSriU
-----END CERTIFICATE-----