Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214913.roa
File:                     AS214913.roa (raw, json)
Hash identifier:          7eogzCoc0HJyM6OrPthgQDYyOp5pmoE5hE9GWXpEHjA=
Subject key identifier:   21:A1:17:12:52:36:A8:8F:59:92:70:A1:FF:AD:7C:AA:05:E6:FC:D8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       13CA68A1B42C49341CD8AE0FE67E953DD7CC09D1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214913.roa
Signing time:             Fri 08 Aug 2025 07:43:05 +0000
ROA not before:           Fri 08 Aug 2025 07:38:05 +0000
ROA not after:            Fri 07 Aug 2026 07:43:05 +0000
asID:                     214913
IP address blocks:        2a13:9500:c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Aug 2025 13:24:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:ca:68:a1:b4:2c:49:34:1c:d8:ae:0f:e6:7e:95:3d:d7:cc:09:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  8 07:38:05 2025 GMT
            Not After : Aug  7 07:43:05 2026 GMT
        Subject: CN=21A117125236A88F599270A1FFAD7CAA05E6FCD8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:ea:9c:b8:d5:b6:0b:77:1e:67:bb:7d:d7:24:
                    7b:b5:b3:54:02:72:80:55:30:be:e1:99:55:34:b5:
                    b4:0d:7d:6a:46:0b:cb:f8:0b:96:ba:9c:ae:ca:14:
                    1f:f5:fb:52:7f:ef:b7:51:63:0a:2f:27:0f:9e:40:
                    6b:a5:65:84:5d:f4:99:84:b9:28:64:4b:b8:b3:28:
                    1e:3e:86:1a:70:aa:23:11:93:5e:d8:07:9a:b9:e5:
                    b9:81:f9:48:c9:6d:55:88:ef:65:4d:7f:08:95:6f:
                    71:ce:b6:2e:4f:62:77:82:60:81:b3:ed:0a:ce:13:
                    bd:5a:45:82:b4:fc:a3:2e:08:0f:29:ce:47:a7:48:
                    76:72:bd:c4:82:f3:89:94:c0:1a:ec:0b:ea:a1:1c:
                    6b:50:4a:8f:ba:d7:c2:ba:04:69:85:13:95:5a:68:
                    b6:a4:5a:d6:d2:1d:02:43:5f:37:e0:54:7e:1f:f3:
                    89:20:c1:18:45:e5:3a:cb:87:b3:ac:89:26:f2:b6:
                    aa:74:8c:55:90:c3:17:ae:14:6c:65:a4:85:46:4e:
                    d9:1c:4d:14:47:64:4b:78:a4:04:d1:59:47:15:67:
                    f5:e5:95:52:fa:2e:8a:5f:d8:cd:1c:1e:7f:22:f3:
                    60:9f:2a:d1:be:43:b3:b0:e6:3e:0b:4e:0c:82:d5:
                    92:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:A1:17:12:52:36:A8:8F:59:92:70:A1:FF:AD:7C:AA:05:E6:FC:D8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:44:43:52:2f:a2:8f:21:5f:5f:f2:d1:8f:fb:83:84:c7:3b:
         a6:77:ae:7c:be:d9:3f:d3:b2:78:17:b3:30:f7:54:0f:3c:c7:
         c8:16:b1:f4:28:92:78:a7:52:fb:55:bf:92:1b:0a:41:d1:25:
         47:a8:25:db:d8:16:b8:90:4d:22:de:16:55:41:6e:dc:31:72:
         6e:9c:f8:e9:c0:50:c9:4e:23:6e:f0:e2:9e:aa:60:7b:f5:b7:
         05:d3:16:f5:d1:d1:b3:25:07:75:ba:b1:92:70:de:47:77:2b:
         63:14:5f:59:ec:69:96:4d:35:d5:18:cd:06:53:24:8a:a0:b1:
         c2:dc:86:06:dd:d3:07:af:0c:20:65:37:e9:eb:44:ba:2b:dd:
         cb:2b:21:a0:94:e0:9b:dc:5c:f8:27:8a:53:1a:ae:01:ee:e3:
         c5:55:88:a1:2d:f5:7e:4c:91:89:b4:bc:1c:a4:3e:4f:83:f4:
         13:2c:05:d1:90:e8:3c:64:4a:b0:67:c4:2d:43:97:f6:6c:d2:
         6d:e3:2c:71:41:68:ef:df:9d:97:32:37:45:f5:5f:0f:ff:6f:
         fd:87:3a:d0:a5:5d:42:6c:7f:71:f2:ca:ea:63:a8:71:e4:af:
         81:bb:e9:6f:16:7b:c9:19:c0:06:c8:38:3d:4a:7b:fd:25:71:
         c3:4e:b6:87
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE8poobQsSTQc2K4P5n6VPdfMCdEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDgwNzM4MDVaFw0yNjA4MDcwNzQzMDVaMDMxMTAvBgNV
BAMTKDIxQTExNzEyNTIzNkE4OEY1OTkyNzBBMUZGQUQ3Q0FBMDVFNkZDRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDB6py41bYLdx5nu33XJHu1s1QC
coBVML7hmVU0tbQNfWpGC8v4C5a6nK7KFB/1+1J/77dRYwovJw+eQGulZYRd9JmE
uShkS7izKB4+hhpwqiMRk17YB5q55bmB+UjJbVWI72VNfwiVb3HOti5PYneCYIGz
7QrOE71aRYK0/KMuCA8pzkenSHZyvcSC84mUwBrsC+qhHGtQSo+618K6BGmFE5Va
aLakWtbSHQJDXzfgVH4f84kgwRhF5TrLh7OsiSbytqp0jFWQwxeuFGxlpIVGTtkc
TRRHZEt4pATRWUcVZ/XllVL6Lopf2M0cHn8i82CfKtG+Q7Ow5j4LTgyC1ZIzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUIaEXElI2qI9ZknCh/618qgXm/NgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTEzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADBMA0GCSqGSIb3DQEBCwUAA4IBAQAuRENSL6KPIV9f8tGP+4OExzumd658vtk/
07J4F7Mw91QPPMfIFrH0KJJ4p1L7Vb+SGwpB0SVHqCXb2Ba4kE0i3hZVQW7cMXJu
nPjpwFDJTiNu8OKeqmB79bcF0xb10dGzJQd1urGScN5HdytjFF9Z7GmWTTXVGM0G
UySKoLHC3IYG3dMHrwwgZTfp60S6K93LKyGglOCb3Fz4J4pTGq4B7uPFVYihLfV+
TJGJtLwcpD5Pg/QTLAXRkOg8ZEqwZ8QtQ5f2bNJt4yxxQWjv352XMjdF9V8P/2/9
hzrQpV1CbH9x8srqY6hx5K+Bu+lvFnvJGcAGyDg9Snv9JXHDTraH
-----END CERTIFICATE-----