Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa
File:                     AS214083.roa (raw, json)
Hash identifier:          7JBA+80kn05jUwTWlL4fbOQ8Rjq7qbX3SpBGutJaTOI=
Subject key identifier:   D3:C7:83:82:05:90:E1:19:66:54:94:A0:8B:89:4E:8C:35:D2:A9:EF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       09F87377C021D223AF39B82BBB504CB33B16650C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa
Signing time:             Thu 16 Apr 2026 18:47:05 +0000
ROA not before:           Thu 16 Apr 2026 18:42:05 +0000
ROA not after:            Thu 15 Apr 2027 18:47:05 +0000
asID:                     214083
IP address blocks:        2a13:9500:42::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:f8:73:77:c0:21:d2:23:af:39:b8:2b:bb:50:4c:b3:3b:16:65:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 16 18:42:05 2026 GMT
            Not After : Apr 15 18:47:05 2027 GMT
        Subject: CN=D3C783820590E119665494A08B894E8C35D2A9EF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6c:e9:a8:c1:da:be:0f:ad:6b:7f:20:41:10:
                    90:63:a6:0a:9d:eb:44:7b:40:0b:96:3d:ec:ea:47:
                    95:fe:7d:3d:9d:13:60:cc:a2:23:3b:91:9d:3e:a4:
                    a9:2e:ff:a0:7f:98:8c:07:51:99:d0:e1:01:21:98:
                    a9:06:f4:35:32:6f:51:df:2f:f1:37:c2:44:73:8f:
                    75:5d:23:25:d8:7d:23:12:f4:ab:5d:61:37:35:ea:
                    c3:f9:55:1d:48:dc:f8:51:3e:13:92:af:65:dd:f5:
                    11:b9:7e:b3:1a:32:ba:08:e4:9d:6b:44:f9:06:1a:
                    08:d2:c0:fd:1f:b4:0e:41:ad:f7:90:36:95:0e:28:
                    30:3e:a6:55:51:d9:37:46:1b:19:0b:18:21:d8:f7:
                    f9:e3:d7:69:84:88:6a:84:4e:18:10:f8:63:11:c9:
                    b1:e4:ee:89:fa:1c:06:84:07:f3:ba:bd:4d:57:f5:
                    c9:10:f3:7d:29:c3:a7:7d:e0:69:cc:08:f4:cc:6f:
                    2f:36:2e:91:26:2c:2d:99:68:46:bf:e5:b0:00:f8:
                    b5:00:76:e3:3e:ca:44:2f:9a:97:b8:03:af:78:db:
                    7e:f9:0a:2d:b9:e0:d4:42:bd:e5:31:cb:4a:5e:3d:
                    5e:eb:c0:bb:c5:68:a6:4c:c7:e1:46:7a:35:9a:a9:
                    97:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:C7:83:82:05:90:E1:19:66:54:94:A0:8B:89:4E:8C:35:D2:A9:EF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214083.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:42::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:41:2c:1c:11:67:6b:71:c1:d1:49:31:d8:45:10:73:de:c9:
         cc:12:be:b1:c4:81:7b:c8:08:f4:80:63:88:c3:66:20:4b:ad:
         22:30:5a:84:68:71:e7:00:6e:01:e8:80:03:2d:38:bd:d2:eb:
         f7:61:7c:d3:3d:40:45:83:a8:83:0f:ed:08:5b:f3:04:59:0c:
         a3:4f:cc:e9:1b:c3:ec:13:57:4c:1e:65:0e:18:45:84:53:40:
         a7:fc:b3:b0:d2:26:b0:ad:bf:5a:24:0b:35:a6:b9:a0:e7:25:
         2c:7f:c8:3b:e2:d5:d0:a5:c0:75:92:78:fe:02:a2:62:cc:c3:
         c2:89:93:a4:8c:ad:32:ed:9d:2f:d9:95:7e:15:78:10:96:4b:
         00:7e:24:70:d8:9c:51:9d:e5:84:5e:45:d5:8c:03:1b:f2:c1:
         7d:98:5e:22:f2:6b:cb:5f:26:13:8e:df:fa:03:c2:a0:b2:78:
         5b:1c:ae:00:9b:d6:86:55:69:cb:aa:c2:fc:95:6c:45:f8:97:
         d0:2a:d1:40:77:f6:20:c5:1a:67:10:75:38:3c:ce:c4:8c:f6:
         a3:d7:4b:7e:f9:63:fe:ec:a8:d3:e0:27:a4:55:b4:33:31:62:
         25:62:83:f5:ee:5f:5f:c6:3a:5a:1d:80:2b:ce:2d:ef:f7:16:
         6d:73:00:cb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCfhzd8Ah0iOvObgru1BMszsWZQwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTYxODQyMDVaFw0yNzA0MTUxODQ3MDVaMDMxMTAvBgNV
BAMTKEQzQzc4MzgyMDU5MEUxMTk2NjU0OTRBMDhCODk0RThDMzVEMkE5RUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDObOmowdq+D61rfyBBEJBjpgqd
60R7QAuWPezqR5X+fT2dE2DMoiM7kZ0+pKku/6B/mIwHUZnQ4QEhmKkG9DUyb1Hf
L/E3wkRzj3VdIyXYfSMS9KtdYTc16sP5VR1I3PhRPhOSr2Xd9RG5frMaMroI5J1r
RPkGGgjSwP0ftA5BrfeQNpUOKDA+plVR2TdGGxkLGCHY9/nj12mEiGqEThgQ+GMR
ybHk7on6HAaEB/O6vU1X9ckQ830pw6d94GnMCPTMby82LpEmLC2ZaEa/5bAA+LUA
duM+ykQvmpe4A6942375Ci254NRCveUxy0pePV7rwLvFaKZMx+FGejWaqZdpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU08eDggWQ4RlmVJSgi4lOjDXSqe8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0MDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABCMA0GCSqGSIb3DQEBCwUAA4IBAQCMQSwcEWdrccHRSTHYRRBz3snMEr6xxIF7
yAj0gGOIw2YgS60iMFqEaHHnAG4B6IADLTi90uv3YXzTPUBFg6iDD+0IW/MEWQyj
T8zpG8PsE1dMHmUOGEWEU0Cn/LOw0iawrb9aJAs1prmg5yUsf8g74tXQpcB1knj+
AqJizMPCiZOkjK0y7Z0v2ZV+FXgQlksAfiRw2JxRneWEXkXVjAMb8sF9mF4i8mvL
XyYTjt/6A8KgsnhbHK4Am9aGVWnLqsL8lWxF+JfQKtFAd/YgxRpnEHU4PM7EjPaj
10t++WP+7KjT4CekVbQzMWIlYoP17l9fxjpaHYArzi3v9xZtcwDL
-----END CERTIFICATE-----