Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211358.roa
File:                     AS211358.roa (raw, json)
Hash identifier:          DElKukJj5NRbRw1u0Yunmr6FOOppNASGqZn0rqHg5yU=
Subject key identifier:   0F:9C:E5:7D:CB:A0:CE:A5:2D:EE:DF:D0:F0:51:80:0D:25:11:E9:EE
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3F6E4EE2C9C41208C38DA5AAE13A33D0FB8F7F28
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211358.roa
Signing time:             Sat 26 Jul 2025 10:56:19 +0000
ROA not before:           Sat 26 Jul 2025 10:51:19 +0000
ROA not after:            Sat 25 Jul 2026 10:56:19 +0000
asID:                     211358
IP address blocks:        2a13:9500:49::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:6e:4e:e2:c9:c4:12:08:c3:8d:a5:aa:e1:3a:33:d0:fb:8f:7f:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 26 10:51:19 2025 GMT
            Not After : Jul 25 10:56:19 2026 GMT
        Subject: CN=0F9CE57DCBA0CEA52DEEDFD0F051800D2511E9EE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:35:15:88:c0:be:1d:fd:9e:24:33:ea:8c:84:
                    cf:6b:95:8e:36:35:bb:be:f5:a2:b8:53:bb:fb:da:
                    09:76:5d:7e:b3:8e:5f:e4:85:b3:0e:03:af:48:f7:
                    53:18:f0:4a:af:df:7a:2a:12:f7:c7:ee:42:0d:26:
                    b5:04:c9:fd:ac:9b:c8:6d:3f:ec:96:61:e2:2a:6c:
                    bd:f6:78:72:c3:95:37:65:25:9d:c2:3e:bd:13:e9:
                    12:b0:43:79:7e:bb:55:a9:14:8d:05:0e:71:43:b7:
                    a2:ec:c2:8d:ed:af:cf:ad:11:bc:ac:2f:d2:f7:95:
                    b5:ed:0a:43:a0:63:90:62:e8:49:fe:44:45:5e:b3:
                    4d:34:35:7f:39:77:b6:4b:70:27:22:53:25:43:1a:
                    31:00:a2:ef:31:d0:06:a8:c1:7b:c1:1c:d0:21:e5:
                    01:0c:6d:df:c4:ef:3a:91:7b:ed:33:14:e0:cb:7e:
                    6f:9b:8d:e8:bf:76:9c:22:24:44:c7:6b:09:7b:4f:
                    eb:ca:a9:dc:5a:60:da:d2:9b:fd:2c:c2:80:67:15:
                    97:a5:e2:55:7a:61:fe:5d:89:7c:ff:6e:fc:50:fa:
                    46:f3:a9:58:bb:95:d3:81:26:f6:db:bc:2a:3f:03:
                    e7:66:29:4e:3e:b1:25:63:34:a8:f5:ae:af:4e:dc:
                    46:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:9C:E5:7D:CB:A0:CE:A5:2D:EE:DF:D0:F0:51:80:0D:25:11:E9:EE
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211358.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:49::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:d4:44:d5:bb:ae:86:65:94:b5:e2:5e:70:c8:69:3a:73:73:
         ca:ae:75:59:d9:6b:a9:61:c9:53:30:5c:01:23:3f:28:82:1b:
         04:8e:45:a6:17:5e:72:1c:e4:27:1c:f6:eb:3e:9a:f4:3b:f6:
         37:ce:3d:8e:10:93:75:cc:ce:6a:77:79:7a:42:b8:f8:29:63:
         45:6b:ad:95:a3:af:31:20:6a:5f:16:b7:e5:40:5b:16:bb:ba:
         c1:88:e4:80:cd:f4:b9:55:27:cf:d2:b1:cb:a7:fe:a7:b2:b4:
         a0:1b:14:a0:d4:00:fd:0e:32:4b:45:97:f4:ce:c7:7e:4d:ad:
         63:3f:d7:d9:40:85:0c:51:0b:43:ad:d3:02:d2:bf:a9:66:0e:
         02:e7:bb:a0:75:7a:05:8a:24:c3:e6:6a:bd:42:cb:3d:a8:96:
         6e:a6:60:90:47:5c:40:df:5d:56:bc:30:a3:e2:bb:95:e3:7e:
         bf:44:6d:a9:f5:85:ed:e2:52:5b:d7:f7:f3:8c:b9:05:62:6b:
         40:9f:c8:cc:2b:45:0c:85:44:fa:7e:62:9f:c7:2e:c9:6c:13:
         ab:42:f2:c6:d6:91:f4:d6:e0:d7:8a:11:7b:41:ea:a6:aa:46:
         c0:44:5a:ca:7c:dd:6b:84:e2:3f:55:86:eb:7f:c3:08:06:29:
         64:fb:33:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUP25O4snEEgjDjaWq4Toz0PuPfygwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjYxMDUxMTlaFw0yNjA3MjUxMDU2MTlaMDMxMTAvBgNV
BAMTKDBGOUNFNTdEQ0JBMENFQTUyREVFREZEMEYwNTE4MDBEMjUxMUU5RUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkNRWIwL4d/Z4kM+qMhM9rlY42
Nbu+9aK4U7v72gl2XX6zjl/khbMOA69I91MY8Eqv33oqEvfH7kINJrUEyf2sm8ht
P+yWYeIqbL32eHLDlTdlJZ3CPr0T6RKwQ3l+u1WpFI0FDnFDt6Lswo3tr8+tEbys
L9L3lbXtCkOgY5Bi6En+REVes000NX85d7ZLcCciUyVDGjEAou8x0AaowXvBHNAh
5QEMbd/E7zqRe+0zFODLfm+bjei/dpwiJETHawl7T+vKqdxaYNrSm/0swoBnFZel
4lV6Yf5diXz/bvxQ+kbzqVi7ldOBJvbbvCo/A+dmKU4+sSVjNKj1rq9O3EZBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUD5zlfcugzqUt7t/Q8FGADSUR6e4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExMzU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABJMA0GCSqGSIb3DQEBCwUAA4IBAQAD1ETVu66GZZS14l5wyGk6c3PKrnVZ2Wup
YclTMFwBIz8oghsEjkWmF15yHOQnHPbrPpr0O/Y3zj2OEJN1zM5qd3l6Qrj4KWNF
a62Vo68xIGpfFrflQFsWu7rBiOSAzfS5VSfP0rHLp/6nsrSgGxSg1AD9DjJLRZf0
zsd+Ta1jP9fZQIUMUQtDrdMC0r+pZg4C57ugdXoFiiTD5mq9Qss9qJZupmCQR1xA
311WvDCj4ruV436/RG2p9YXt4lJb1/fzjLkFYmtAn8jMK0UMhUT6fmKfxy7JbBOr
QvLG1pH01uDXihF7QeqmqkbARFrKfN1rhOI/VYbrf8MIBilk+zPy
-----END CERTIFICATE-----