Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209552.roa
File:                     AS209552.roa (raw, json)
Hash identifier:          5NHz4fPCyM0zyj/JDlwrUsINsGFcKtbLMFJu8MzqmPc=
Subject key identifier:   CD:69:66:59:52:DB:82:4B:99:FE:B8:70:99:3C:8B:E6:40:4A:E6:41
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       223608E180DB1AFCC486A3741FB251B211B762D6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209552.roa
Signing time:             Fri 25 Jul 2025 13:42:11 +0000
ROA not before:           Fri 25 Jul 2025 13:37:11 +0000
ROA not after:            Fri 24 Jul 2026 13:42:11 +0000
asID:                     209552
IP address blocks:        2a13:9500:48::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:36:08:e1:80:db:1a:fc:c4:86:a3:74:1f:b2:51:b2:11:b7:62:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 25 13:37:11 2025 GMT
            Not After : Jul 24 13:42:11 2026 GMT
        Subject: CN=CD69665952DB824B99FEB870993C8BE6404AE641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:33:2d:fc:7d:86:b3:b4:b9:64:9e:0f:b8:9c:
                    be:cd:cb:62:f3:3b:36:d9:fc:97:5d:0a:14:ac:08:
                    f3:c2:35:91:f9:0b:21:31:35:77:7c:39:e5:2d:18:
                    c0:a3:8c:9c:f4:98:d2:51:70:68:98:66:be:16:cb:
                    43:85:58:78:4a:fa:cc:60:7f:5a:dc:be:bf:c8:14:
                    5e:6e:b7:9d:12:f7:8e:5b:f2:b7:32:b5:98:5d:c0:
                    58:ef:b9:e8:51:95:87:e4:b8:e2:17:36:cc:a0:39:
                    e2:66:db:c9:77:83:5d:5d:7b:39:e9:a4:5e:c3:64:
                    6e:be:bd:58:b9:ac:06:76:5e:d6:3e:bf:aa:ef:35:
                    00:1f:5a:dc:bd:ce:b2:99:0c:35:2a:17:15:25:39:
                    1b:fd:c8:6b:d3:77:11:22:eb:42:9c:c9:83:41:9f:
                    82:00:07:c2:a9:62:58:a3:3f:b7:12:77:bf:26:3f:
                    fd:a8:47:d5:6d:63:ce:a2:04:47:eb:8e:b7:a4:69:
                    4b:1d:c5:50:b6:ed:23:6d:13:83:ca:71:ea:05:1a:
                    c1:46:c8:dd:eb:ba:91:e0:2f:29:99:32:6e:3d:6a:
                    d7:e7:6c:79:90:56:1a:7e:5d:0f:ca:a5:dd:cb:e2:
                    c0:48:0d:40:1c:b8:e0:b5:37:40:65:ef:d3:56:75:
                    34:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:69:66:59:52:DB:82:4B:99:FE:B8:70:99:3C:8B:E6:40:4A:E6:41
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209552.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:48::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:ba:52:b9:89:a2:1f:cf:d8:8b:f5:78:3b:43:32:19:9c:c9:
         cf:c6:ee:d3:89:d2:b1:a7:a7:28:0e:3a:51:ad:6c:cf:f5:1b:
         7c:71:2d:df:d7:b4:86:82:31:a9:04:01:19:70:1d:44:4e:b4:
         99:e2:0a:25:9e:77:34:b9:5c:48:c5:21:3e:6f:b5:7f:29:ec:
         df:e6:c5:44:e3:8a:d2:d2:78:ff:18:9b:a9:b7:d6:a0:ee:88:
         34:ea:eb:f2:a4:bc:9e:4d:7c:89:2e:cc:83:6e:87:45:63:78:
         f0:1d:de:ee:7b:d9:f7:c1:b2:fc:69:e2:fc:c0:10:fd:b3:db:
         c3:30:0c:c6:c2:10:49:40:ff:4f:3c:04:43:d7:02:c8:91:54:
         b4:28:b9:61:1e:cd:36:aa:d3:60:18:e4:f0:2f:e6:b7:e9:89:
         6d:3c:e7:fe:12:40:64:54:e6:df:c4:97:ea:ec:5f:14:97:51:
         d4:72:e8:b0:b0:5e:cd:5c:bb:cb:f8:73:e3:39:de:60:4f:1f:
         96:cb:b5:b8:54:7f:a1:24:e4:04:fb:11:64:53:4d:cb:eb:9e:
         26:e0:6f:b3:0d:57:fa:0d:fe:30:00:ad:d5:f4:1b:70:aa:c2:
         d0:c3:08:e7:73:5c:8b:78:2a:e3:6e:d9:83:f0:e4:d2:f9:bb:
         29:b5:f1:e8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIjYI4YDbGvzEhqN0H7JRshG3YtYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjUxMzM3MTFaFw0yNjA3MjQxMzQyMTFaMDMxMTAvBgNV
BAMTKENENjk2NjU5NTJEQjgyNEI5OUZFQjg3MDk5M0M4QkU2NDA0QUU2NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGMy38fYaztLlkng+4nL7Ny2Lz
OzbZ/JddChSsCPPCNZH5CyExNXd8OeUtGMCjjJz0mNJRcGiYZr4Wy0OFWHhK+sxg
f1rcvr/IFF5ut50S945b8rcytZhdwFjvuehRlYfkuOIXNsygOeJm28l3g11deznp
pF7DZG6+vVi5rAZ2XtY+v6rvNQAfWty9zrKZDDUqFxUlORv9yGvTdxEi60KcyYNB
n4IAB8KpYlijP7cSd78mP/2oR9VtY86iBEfrjrekaUsdxVC27SNtE4PKceoFGsFG
yN3rupHgLymZMm49atfnbHmQVhp+XQ/Kpd3L4sBIDUAcuOC1N0Bl79NWdTTjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUzWlmWVLbgkuZ/rhwmTyL5kBK5kEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5NTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABIMA0GCSqGSIb3DQEBCwUAA4IBAQA5ulK5iaIfz9iL9Xg7QzIZnMnPxu7TidKx
p6coDjpRrWzP9Rt8cS3f17SGgjGpBAEZcB1ETrSZ4golnnc0uVxIxSE+b7V/Kezf
5sVE44rS0nj/GJupt9ag7og06uvypLyeTXyJLsyDbodFY3jwHd7ue9n3wbL8aeL8
wBD9s9vDMAzGwhBJQP9PPARD1wLIkVS0KLlhHs02qtNgGOTwL+a36YltPOf+EkBk
VObfxJfq7F8Ul1HUcuiwsF7NXLvL+HPjOd5gTx+Wy7W4VH+hJOQE+xFkU03L654m
4G+zDVf6Df4wAK3V9BtwqsLQwwjnc1yLeCrjbtmD8OTS+bsptfHo
-----END CERTIFICATE-----