Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213607.roa
File:                     AS213607.roa (raw, json)
Hash identifier:          fEuUQ/pI2I7d5SHOqSkPJgGArc4ct9a8rglOaapXgf8=
Subject key identifier:   0E:EB:5F:CC:4C:F3:6E:E9:AD:62:73:FE:8D:CB:09:14:12:6B:C4:E1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0ED818561DA770505A0C8247451483B84BAB1E7F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213607.roa
Signing time:             Fri 10 Apr 2026 08:54:27 +0000
ROA not before:           Fri 10 Apr 2026 08:49:27 +0000
ROA not after:            Fri 09 Apr 2027 08:54:27 +0000
asID:                     213607
IP address blocks:        2a13:9500:161::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:d8:18:56:1d:a7:70:50:5a:0c:82:47:45:14:83:b8:4b:ab:1e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 10 08:49:27 2026 GMT
            Not After : Apr  9 08:54:27 2027 GMT
        Subject: CN=0EEB5FCC4CF36EE9AD6273FE8DCB0914126BC4E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:4c:12:9d:51:e7:b7:82:77:63:d6:09:b6:f9:
                    33:fe:4d:51:c1:98:99:c2:25:56:d0:81:89:38:72:
                    5d:a5:24:f7:4c:10:15:7d:2c:0c:3b:77:c7:ae:eb:
                    da:03:d5:77:45:da:62:8a:b7:86:62:da:f8:61:a2:
                    b0:f5:88:0d:84:41:6e:12:52:01:ee:a8:f7:c2:51:
                    1d:a6:f0:ad:70:71:dd:0d:e0:49:c3:b2:0a:f9:dd:
                    c5:77:80:ab:8a:be:66:cd:2e:14:56:f1:96:55:65:
                    a7:05:12:d4:b3:aa:8d:e1:ea:64:a5:21:7b:c6:dc:
                    d7:ef:bc:93:53:7e:bd:0b:58:de:5e:8d:05:85:d4:
                    34:a0:50:fc:03:2d:e5:be:05:f3:cb:94:b1:63:0b:
                    29:e4:80:2b:cd:0a:fd:84:a4:fc:2c:9f:ea:1d:2a:
                    00:a1:d9:51:54:c1:0e:0a:18:c0:04:56:19:fb:e1:
                    48:b0:f9:02:6f:b6:91:73:c6:1b:46:90:1e:18:72:
                    6f:52:b1:18:46:1c:b6:63:f8:d8:cb:28:1c:c6:eb:
                    14:0d:26:40:04:15:dd:47:78:c7:4c:a8:3d:0d:c9:
                    21:92:59:34:09:d0:d6:05:e1:07:17:de:fa:a3:11:
                    c8:dd:ad:b9:9f:88:b6:aa:fc:16:e4:87:0b:74:79:
                    53:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:EB:5F:CC:4C:F3:6E:E9:AD:62:73:FE:8D:CB:09:14:12:6B:C4:E1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS213607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:161::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:fb:88:4f:f5:08:44:df:5f:a4:eb:0b:5b:d2:3b:da:c2:d1:
         c4:a8:a0:6a:c5:d1:c0:bc:00:dc:c6:16:37:42:df:81:cb:ee:
         9a:50:06:da:11:21:0c:2c:8b:b0:fb:c2:41:04:3d:32:4f:c2:
         b6:f4:65:4d:bb:7a:0b:de:e4:13:a5:ba:24:97:61:17:48:43:
         1e:df:80:d1:c5:37:df:e3:d7:bc:0d:cb:18:33:d9:c9:04:d7:
         f8:da:a0:0b:ce:00:2f:74:06:20:76:9c:bf:f2:f0:15:15:b0:
         18:71:fe:47:6d:06:ce:42:db:19:8d:2e:6e:ae:e4:d9:4b:c0:
         71:c5:31:73:6f:21:33:36:ab:08:89:73:36:af:ed:31:eb:0c:
         45:9c:d6:a8:38:3e:97:b0:15:85:9f:1b:88:7a:d9:d1:98:18:
         2f:17:ad:c7:c7:38:6a:16:f7:b6:99:b6:8b:5a:fd:3d:69:c2:
         7e:d7:d0:27:67:81:91:52:34:d0:0e:05:d8:bf:aa:d1:bb:f5:
         be:68:67:7b:07:d4:42:31:6f:02:46:eb:9a:21:57:cc:86:2a:
         83:88:b2:34:83:f1:d3:52:d3:fd:b7:45:15:e4:21:10:8b:9b:
         18:31:53:73:3a:56:b8:8d:95:cd:92:88:20:90:a9:bb:ce:fa:
         6b:e9:67:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDtgYVh2ncFBaDIJHRRSDuEurHn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTAwODQ5MjdaFw0yNzA0MDkwODU0MjdaMDMxMTAvBgNV
BAMTKDBFRUI1RkNDNENGMzZFRTlBRDYyNzNGRThEQ0IwOTE0MTI2QkM0RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYTBKdUee3gndj1gm2+TP+TVHB
mJnCJVbQgYk4cl2lJPdMEBV9LAw7d8eu69oD1XdF2mKKt4Zi2vhhorD1iA2EQW4S
UgHuqPfCUR2m8K1wcd0N4EnDsgr53cV3gKuKvmbNLhRW8ZZVZacFEtSzqo3h6mSl
IXvG3NfvvJNTfr0LWN5ejQWF1DSgUPwDLeW+BfPLlLFjCynkgCvNCv2EpPwsn+od
KgCh2VFUwQ4KGMAEVhn74Uiw+QJvtpFzxhtGkB4Ycm9SsRhGHLZj+NjLKBzG6xQN
JkAEFd1HeMdMqD0NySGSWTQJ0NYF4QcX3vqjEcjdrbmfiLaq/Bbkhwt0eVPlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDutfzEzzbumtYnP+jcsJFBJrxOEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjEzNjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFhMA0GCSqGSIb3DQEBCwUAA4IBAQBX+4hP9QhE31+k6wtb0jvawtHEqKBqxdHA
vADcxhY3Qt+By+6aUAbaESEMLIuw+8JBBD0yT8K29GVNu3oL3uQTpbokl2EXSEMe
34DRxTff49e8DcsYM9nJBNf42qALzgAvdAYgdpy/8vAVFbAYcf5HbQbOQtsZjS5u
ruTZS8BxxTFzbyEzNqsIiXM2r+0x6wxFnNaoOD6XsBWFnxuIetnRmBgvF63Hxzhq
Fve2mbaLWv09acJ+19AnZ4GRUjTQDgXYv6rRu/W+aGd7B9RCMW8CRuuaIVfMhiqD
iLI0g/HTUtP9t0UV5CEQi5sYMVNzOla4jZXNkoggkKm7zvpr6We8
-----END CERTIFICATE-----