Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214929.roa
File:                     AS214929.roa (raw, json)
Hash identifier:          NJPJChBVdyPzlQWxBUKFwwxZYtb/NOSxUoDKiuC4MKA=
Subject key identifier:   31:F3:F7:3E:5C:4A:48:03:1F:FB:02:7C:35:36:41:E2:1B:D5:BD:F3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       242A89B431EBD1FC849504A5B847EDAA0D71F145
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214929.roa
Signing time:             Fri 01 Aug 2025 13:28:42 +0000
ROA not before:           Fri 01 Aug 2025 13:23:42 +0000
ROA not after:            Fri 31 Jul 2026 13:28:42 +0000
asID:                     214929
IP address blocks:        2a13:9500:63::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 08:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:2a:89:b4:31:eb:d1:fc:84:95:04:a5:b8:47:ed:aa:0d:71:f1:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Aug  1 13:23:42 2025 GMT
            Not After : Jul 31 13:28:42 2026 GMT
        Subject: CN=31F3F73E5C4A48031FFB027C353641E21BD5BDF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ca:30:dc:38:0c:2d:51:de:e6:36:3a:d6:c1:
                    75:48:f8:ce:71:32:e8:fb:a5:bd:d4:54:88:89:f1:
                    8f:6b:94:54:cc:30:44:ec:c4:83:89:18:ba:21:9c:
                    04:6a:2e:a9:9c:38:89:cd:46:06:05:09:a4:d6:45:
                    c3:08:2d:0e:91:70:d6:8d:eb:5f:8f:8c:f0:17:2b:
                    26:02:ee:83:67:7e:00:d6:ca:56:07:35:e2:26:fc:
                    3e:ab:f0:b2:4a:c7:29:ca:d2:ff:7a:8b:8a:0e:ff:
                    43:89:8e:b8:fd:dc:45:f8:f2:9f:70:ee:f3:d1:5c:
                    e1:66:79:70:5a:6e:22:30:d4:f4:67:9c:25:5d:a4:
                    ec:bf:01:5c:72:ec:22:ec:07:ed:14:df:de:93:b5:
                    d7:e6:35:ec:80:56:95:4e:15:22:48:a0:f9:1b:9b:
                    1b:81:4e:1f:10:fb:1e:c9:69:b2:62:70:cf:c5:b5:
                    b4:c2:dd:80:1b:5b:ef:42:84:cd:d3:f5:13:93:25:
                    15:89:56:7b:cc:61:86:56:8b:40:bc:a1:aa:6a:e5:
                    14:95:80:bc:21:4f:87:d1:17:66:ad:6e:ec:04:c8:
                    a8:78:46:8b:05:d4:5c:6c:ba:6b:ee:5e:79:f9:f7:
                    18:a7:6c:58:3f:ba:6c:3d:e1:e7:39:69:23:9b:a8:
                    4f:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:F3:F7:3E:5C:4A:48:03:1F:FB:02:7C:35:36:41:E2:1B:D5:BD:F3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS214929.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:63::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:3a:0e:11:5b:7d:9c:32:ad:50:af:27:74:3a:ad:bc:0c:6c:
         9e:3a:55:06:48:a6:be:19:ed:fd:7b:80:9f:92:ca:38:6f:a1:
         cf:9a:31:be:38:85:b3:a4:97:7e:ba:5d:24:cc:15:a8:34:e9:
         bf:3b:1e:59:a9:b8:43:1b:39:45:4c:b1:11:c5:95:ab:75:fd:
         cd:f3:02:49:5e:71:07:98:a4:65:07:10:a3:b0:c9:a0:5e:48:
         d1:87:bb:15:06:1a:23:4e:49:51:12:d0:86:43:10:f0:ec:4e:
         35:c3:6c:57:a1:61:f1:4b:7b:45:02:6a:2b:67:42:46:45:33:
         d6:98:8e:bc:1b:72:c5:77:a1:97:10:84:a1:a1:2a:4f:f9:c5:
         56:58:10:a9:a2:e6:3c:b6:50:76:44:52:a8:c1:7b:ab:81:29:
         e5:c7:19:a8:7a:50:3c:81:69:0b:2e:63:e6:69:02:aa:39:0b:
         1f:4f:ee:47:5d:cd:a0:c3:a7:51:9a:85:90:c0:d1:b0:f4:67:
         cb:59:f5:b9:15:c7:42:58:81:3f:a0:6e:97:76:54:99:6e:d2:
         c0:79:a9:9c:04:c0:0f:09:da:2f:f0:b8:60:d6:ba:b4:5c:9f:
         b0:d0:78:3a:79:9d:5d:ae:92:db:5f:73:bd:55:e4:a6:bb:e3:
         5f:17:6b:03
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJCqJtDHr0fyElQSluEftqg1x8UUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA4MDExMzIzNDJaFw0yNjA3MzExMzI4NDJaMDMxMTAvBgNV
BAMTKDMxRjNGNzNFNUM0QTQ4MDMxRkZCMDI3QzM1MzY0MUUyMUJENUJERjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkyjDcOAwtUd7mNjrWwXVI+M5x
Muj7pb3UVIiJ8Y9rlFTMMETsxIOJGLohnARqLqmcOInNRgYFCaTWRcMILQ6RcNaN
61+PjPAXKyYC7oNnfgDWylYHNeIm/D6r8LJKxynK0v96i4oO/0OJjrj93EX48p9w
7vPRXOFmeXBabiIw1PRnnCVdpOy/AVxy7CLsB+0U396TtdfmNeyAVpVOFSJIoPkb
mxuBTh8Q+x7JabJicM/FtbTC3YAbW+9ChM3T9ROTJRWJVnvMYYZWi0C8oapq5RSV
gLwhT4fRF2atbuwEyKh4RosF1FxsumvuXnn59xinbFg/umw94ec5aSObqE8LAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMfP3PlxKSAMf+wJ8NTZB4hvVvfMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE0OTI5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABjMA0GCSqGSIb3DQEBCwUAA4IBAQAGOg4RW32cMq1Qryd0Oq28DGyeOlUGSKa+
Ge39e4Cfkso4b6HPmjG+OIWzpJd+ul0kzBWoNOm/Ox5ZqbhDGzlFTLERxZWrdf3N
8wJJXnEHmKRlBxCjsMmgXkjRh7sVBhojTklREtCGQxDw7E41w2xXoWHxS3tFAmor
Z0JGRTPWmI68G3LFd6GXEIShoSpP+cVWWBCpouY8tlB2RFKowXurgSnlxxmoelA8
gWkLLmPmaQKqOQsfT+5HXc2gw6dRmoWQwNGw9GfLWfW5FcdCWIE/oG6XdlSZbtLA
eamcBMAPCdov8Lhg1rq0XJ+w0Hg6eZ1drpLbX3O9VeSmu+NfF2sD
-----END CERTIFICATE-----