Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212429.roa
File:                     AS212429.roa (raw, json)
Hash identifier:          KWvXQIOEuJixkRstH0FmIhWFm5+eX7qsmVv+j+egJLw=
Subject key identifier:   D4:25:58:44:AB:AC:55:1C:54:14:E4:06:99:15:55:1B:09:80:E5:27
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AD45CF6833599910CF4BEA5EA5439A3566EBB6C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212429.roa
Signing time:             Thu 26 Feb 2026 07:58:24 +0000
ROA not before:           Thu 26 Feb 2026 07:53:24 +0000
ROA not after:            Thu 25 Feb 2027 07:58:24 +0000
asID:                     212429
IP address blocks:        2a13:9500:142::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:d4:5c:f6:83:35:99:91:0c:f4:be:a5:ea:54:39:a3:56:6e:bb:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 26 07:53:24 2026 GMT
            Not After : Feb 25 07:58:24 2027 GMT
        Subject: CN=D4255844ABAC551C5414E4069915551B0980E527
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8b:65:bf:66:8d:42:58:a4:68:0d:40:b2:b0:
                    1b:8c:d8:7f:ac:c3:87:e4:69:26:f2:48:90:df:f8:
                    02:ec:56:ed:b8:cb:92:ce:47:0f:ed:ca:64:d0:0c:
                    86:c2:79:de:ce:0a:bd:40:9e:53:96:02:e3:d2:f6:
                    9f:2c:2e:45:5b:38:af:79:e1:86:f4:f9:9b:43:9e:
                    46:3e:a6:c4:44:90:9d:ec:f1:50:4b:61:35:99:16:
                    38:e6:1f:f6:15:db:3c:28:04:a0:e4:4c:75:75:6c:
                    77:14:3d:62:f6:83:eb:e4:02:37:1a:9d:37:2f:40:
                    4b:4d:ca:c1:7b:6b:c6:d1:4f:35:50:c6:d1:3d:26:
                    f5:ec:96:35:fc:ac:1c:d2:ff:a6:7a:c4:b7:8c:69:
                    7d:d4:52:5b:c0:4a:7f:1f:60:4a:8b:bf:c3:cf:6c:
                    bd:45:69:dd:2d:35:28:f2:91:f9:06:14:48:19:7a:
                    21:f5:41:bc:07:1a:95:e6:b4:0c:45:9c:75:83:c2:
                    fc:86:25:39:92:34:ef:15:d7:b3:b4:1c:09:94:af:
                    3e:2c:28:cc:9f:1e:43:31:ba:e3:5a:fb:20:36:8f:
                    8b:0d:af:ea:f4:86:57:b7:af:77:0e:e6:5d:cc:4c:
                    37:7e:6c:5c:57:70:c4:64:24:58:6a:b0:ac:79:a7:
                    06:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:25:58:44:AB:AC:55:1C:54:14:E4:06:99:15:55:1B:09:80:E5:27
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS212429.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:142::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:ac:ab:89:aa:6b:55:29:28:aa:93:f7:98:e5:0a:b5:d4:d6:
         2e:6a:ec:fe:75:8a:36:e3:55:0b:a9:e8:20:d5:c0:5e:73:95:
         00:8d:5d:41:c1:35:91:f6:dd:55:36:62:bc:60:0f:c9:4d:35:
         c4:8d:ae:38:bb:7f:6c:6c:d8:34:55:be:f0:61:4b:71:22:66:
         51:5a:5a:cf:dc:c5:af:e9:68:9a:dc:4c:c2:77:f4:9c:f4:2a:
         57:f5:8e:38:a1:47:47:90:35:5c:b5:82:1d:eb:e8:a7:0f:1a:
         69:0b:0f:9c:ca:1c:c3:d3:ac:6e:de:9a:2a:e0:d1:52:69:0a:
         5b:b0:07:82:4d:da:dd:09:cd:63:40:c5:fd:9e:c2:f5:74:e5:
         8d:6a:71:72:73:ff:b1:5a:1a:ff:ce:46:8b:94:27:de:e2:49:
         ee:e3:5f:2e:0e:70:0b:b2:40:4e:d4:4f:19:cb:78:56:a1:9e:
         f3:c8:da:22:20:b9:f7:fa:62:14:af:01:52:be:61:c4:c9:dd:
         35:c8:1c:c7:45:08:9f:6e:4e:21:06:48:9f:b7:6c:13:b3:9d:
         64:1a:f1:16:e9:0e:9e:77:67:c6:9d:9e:85:66:e2:41:a1:eb:
         36:bc:5a:3e:e5:09:b0:6f:7f:17:dd:d7:83:86:32:e6:f1:f9:
         53:dc:e1:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKtRc9oM1mZEM9L6l6lQ5o1Zuu2wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjYwNzUzMjRaFw0yNzAyMjUwNzU4MjRaMDMxMTAvBgNV
BAMTKEQ0MjU1ODQ0QUJBQzU1MUM1NDE0RTQwNjk5MTU1NTFCMDk4MEU1MjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoi2W/Zo1CWKRoDUCysBuM2H+s
w4fkaSbySJDf+ALsVu24y5LORw/tymTQDIbCed7OCr1AnlOWAuPS9p8sLkVbOK95
4Yb0+ZtDnkY+psREkJ3s8VBLYTWZFjjmH/YV2zwoBKDkTHV1bHcUPWL2g+vkAjca
nTcvQEtNysF7a8bRTzVQxtE9JvXsljX8rBzS/6Z6xLeMaX3UUlvASn8fYEqLv8PP
bL1Fad0tNSjykfkGFEgZeiH1QbwHGpXmtAxFnHWDwvyGJTmSNO8V17O0HAmUrz4s
KMyfHkMxuuNa+yA2j4sNr+r0hle3r3cO5l3MTDd+bFxXcMRkJFhqsKx5pwZ3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU1CVYRKusVRxUFOQGmRVVGwmA5ScwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEyNDI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFCMA0GCSqGSIb3DQEBCwUAA4IBAQA5rKuJqmtVKSiqk/eY5Qq11NYuauz+dYo2
41ULqegg1cBec5UAjV1BwTWR9t1VNmK8YA/JTTXEja44u39sbNg0Vb7wYUtxImZR
WlrP3MWv6Wia3EzCd/Sc9CpX9Y44oUdHkDVctYId6+inDxppCw+cyhzD06xu3poq
4NFSaQpbsAeCTdrdCc1jQMX9nsL1dOWNanFyc/+xWhr/zkaLlCfe4knu418uDnAL
skBO1E8Zy3hWoZ7zyNoiILn3+mIUrwFSvmHEyd01yBzHRQifbk4hBkift2wTs51k
GvEW6Q6ed2fGnZ6FZuJBoes2vFo+5Qmwb38X3deDhjLm8flT3OH5
-----END CERTIFICATE-----