Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211780.roa
File:                     AS211780.roa (raw, json)
Hash identifier:          NMwK2+qWVtgbqPB3Kb9jiEdyE/hF9hFjV72lW2BDlsU=
Subject key identifier:   4C:FE:17:0E:E5:26:3D:AB:89:90:7D:52:36:03:F0:52:35:C0:8B:6C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0345395DA36E6F6F48A0E0531397A016A921E3DC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211780.roa
Signing time:             Sun 03 Aug 2025 13:17:26 +0000
ROA not before:           Sun 03 Aug 2025 13:12:26 +0000
ROA not after:            Sun 02 Aug 2026 13:17:26 +0000
asID:                     211780
IP address blocks:        2a13:9500:bb::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:45:39:5d:a3:6e:6f:6f:48:a0:e0:53:13:97:a0:16:a9:21:e3:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  3 13:12:26 2025 GMT
            Not After : Aug  2 13:17:26 2026 GMT
        Subject: CN=4CFE170EE5263DAB89907D523603F05235C08B6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:90:cb:bb:49:7f:11:86:da:d0:dd:e2:71:5d:
                    4c:22:a1:66:87:d5:dc:e9:ee:3b:d6:51:e8:68:fa:
                    85:89:05:90:68:11:14:01:88:3f:e0:48:4f:1e:4b:
                    dd:95:fa:60:cf:c5:f7:4e:d5:22:07:73:44:26:1a:
                    ee:f8:da:0f:8f:c4:dd:51:21:10:9c:26:82:00:65:
                    a0:00:85:49:e9:72:72:f0:12:e6:11:f9:f3:21:bd:
                    18:53:47:2d:a2:9c:22:0e:80:8b:fc:6b:88:7e:da:
                    79:bd:f0:d7:c7:e2:ca:68:ee:de:10:3c:bf:e7:ea:
                    7c:3e:8e:66:73:b9:a6:11:7c:fc:12:5b:cf:49:c2:
                    5e:f7:90:39:be:49:c3:d5:d5:4e:95:dc:d3:51:a1:
                    35:b1:3f:37:d7:12:b9:4d:33:89:e2:2d:d5:68:c7:
                    97:75:d7:87:b0:26:af:f7:da:00:f8:d0:aa:ac:05:
                    98:40:ec:59:2a:5b:97:92:e2:31:67:2d:23:3a:c2:
                    5c:8a:ba:14:4d:75:98:06:bb:a8:04:66:26:4e:3e:
                    1c:2e:30:2c:d5:0f:e1:62:8c:db:86:51:f3:ae:b1:
                    59:a3:b7:79:9c:98:fa:48:c9:88:74:25:1c:9c:a4:
                    fc:e6:6a:b9:16:0f:be:37:86:eb:a9:f1:ca:b1:6e:
                    5c:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:FE:17:0E:E5:26:3D:AB:89:90:7D:52:36:03:F0:52:35:C0:8B:6C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS211780.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:bb::/48

    Signature Algorithm: sha256WithRSAEncryption
         72:ec:79:d4:77:28:10:bb:a0:33:b9:ea:a0:04:c6:62:06:e0:
         8d:76:6e:7d:68:7e:cb:e2:5a:07:af:9b:b9:ca:80:15:a7:4f:
         f1:d8:4a:6c:c4:49:3c:bd:56:75:28:a6:71:56:36:26:4c:94:
         19:b0:19:07:db:96:d9:10:4a:26:ff:20:eb:2c:e9:18:3b:09:
         ec:14:46:e2:ec:e3:af:90:25:9a:e2:71:8b:72:6a:7f:f0:76:
         d5:e7:0b:b0:d7:24:da:1d:34:55:9e:6e:00:46:71:e7:0c:d3:
         60:fe:68:2c:7a:fb:fd:d5:8e:8b:35:2e:53:10:11:78:0a:bb:
         59:61:c5:4a:24:09:9e:4c:2a:7d:9e:3e:66:1a:88:c6:20:1b:
         c2:e7:37:6f:24:57:16:ba:34:de:4a:a5:87:56:b4:db:0b:96:
         2c:d0:23:57:58:79:73:d3:78:a4:a6:12:3a:bd:a7:5f:d7:e9:
         31:cd:73:78:83:e1:b1:27:a4:c9:c7:a3:1f:bf:9d:2d:5c:7b:
         26:bb:d3:e0:f0:f4:59:ef:71:ed:74:d1:f9:b5:09:7e:70:aa:
         34:35:f3:42:d5:7a:cd:60:db:33:62:8c:c9:d2:e7:9a:aa:6b:
         b2:1a:1a:18:7d:5f:2e:66:63:b1:23:7f:2d:e3:14:a7:42:28:
         a6:b1:51:a6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUA0U5XaNub29IoOBTE5egFqkh49wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDMxMzEyMjZaFw0yNjA4MDIxMzE3MjZaMDMxMTAvBgNV
BAMTKDRDRkUxNzBFRTUyNjNEQUI4OTkwN0Q1MjM2MDNGMDUyMzVDMDhCNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXkMu7SX8RhtrQ3eJxXUwioWaH
1dzp7jvWUeho+oWJBZBoERQBiD/gSE8eS92V+mDPxfdO1SIHc0QmGu742g+PxN1R
IRCcJoIAZaAAhUnpcnLwEuYR+fMhvRhTRy2inCIOgIv8a4h+2nm98NfH4spo7t4Q
PL/n6nw+jmZzuaYRfPwSW89Jwl73kDm+ScPV1U6V3NNRoTWxPzfXErlNM4niLdVo
x5d114ewJq/32gD40KqsBZhA7FkqW5eS4jFnLSM6wlyKuhRNdZgGu6gEZiZOPhwu
MCzVD+FijNuGUfOusVmjt3mcmPpIyYh0JRycpPzmarkWD743huup8cqxbly9AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUTP4XDuUmPauJkH1SNgPwUjXAi2wwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjExNzgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAC7MA0GCSqGSIb3DQEBCwUAA4IBAQBy7HnUdygQu6AzueqgBMZiBuCNdm59aH7L
4loHr5u5yoAVp0/x2EpsxEk8vVZ1KKZxVjYmTJQZsBkH25bZEEom/yDrLOkYOwns
FEbi7OOvkCWa4nGLcmp/8HbV5wuw1yTaHTRVnm4ARnHnDNNg/mgsevv91Y6LNS5T
EBF4CrtZYcVKJAmeTCp9nj5mGojGIBvC5zdvJFcWujTeSqWHVrTbC5Ys0CNXWHlz
03ikphI6vadf1+kxzXN4g+GxJ6TJx6Mfv50tXHsmu9Pg8PRZ73HtdNH5tQl+cKo0
NfNC1XrNYNszYozJ0ueaqmuyGhoYfV8uZmOxI38t4xSnQiimsVGm
-----END CERTIFICATE-----