Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa
File:                     AS215144.roa (raw, json)
Hash identifier:          MWDt+CHM0KNNrRFReu2giKkNyChNbDqrnwusQ75Z1wo=
Subject key identifier:   D9:C2:E9:74:60:D6:41:CE:0A:56:32:5E:81:53:CB:82:B0:C8:AF:EB
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       105CB469D5CB4A5D67BD73746139C8116F079BF3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa
Signing time:             Fri 13 Jun 2025 11:20:13 +0000
ROA not before:           Fri 13 Jun 2025 11:15:13 +0000
ROA not after:            Fri 12 Jun 2026 11:20:13 +0000
asID:                     215144
IP address blocks:        2a13:9500:91::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:5c:b4:69:d5:cb:4a:5d:67:bd:73:74:61:39:c8:11:6f:07:9b:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 13 11:15:13 2025 GMT
            Not After : Jun 12 11:20:13 2026 GMT
        Subject: CN=D9C2E97460D641CE0A56325E8153CB82B0C8AFEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d3:be:9b:f0:85:4c:1f:5e:d8:72:50:ef:b9:
                    3c:8e:ee:23:56:30:0d:9a:1e:a0:1f:6d:c8:31:f7:
                    ed:a8:85:2e:b9:3a:ef:9f:13:f5:6b:96:33:69:a1:
                    97:b3:4b:b6:ed:84:b5:99:2b:fb:dc:78:73:20:14:
                    20:99:56:2a:97:aa:be:e9:a1:7a:6f:27:eb:05:2f:
                    b8:31:34:1d:4e:05:a8:a4:69:17:5d:5a:ec:16:8e:
                    8f:3e:eb:67:99:df:e0:58:65:ac:eb:2b:5a:22:15:
                    aa:db:28:a5:86:aa:c8:c3:89:8d:7d:94:5f:c5:85:
                    ac:27:f3:fb:ef:94:ee:ce:40:98:5a:4b:61:d8:b3:
                    ba:79:24:31:45:c1:41:b1:a9:ca:38:a5:b1:20:21:
                    c9:a1:13:81:46:b8:e8:41:12:ab:45:9c:77:16:76:
                    fa:7d:98:6c:12:b9:6c:10:33:28:4e:4b:da:4d:56:
                    42:45:39:28:f2:ec:d2:ff:49:58:68:a5:aa:a1:bf:
                    d4:ce:a3:29:e2:dd:9c:1a:f4:6f:8a:d1:b1:3e:bd:
                    6c:6f:26:09:d5:53:da:a4:b5:cc:a3:33:6d:0b:be:
                    28:d1:49:05:4f:8f:0c:7f:50:4b:0e:fc:15:05:33:
                    79:8c:41:c5:d8:7f:df:f4:d2:89:1b:7f:e0:41:31:
                    98:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:C2:E9:74:60:D6:41:CE:0A:56:32:5E:81:53:CB:82:B0:C8:AF:EB
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS215144.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:91::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:92:6c:27:96:33:30:8a:4c:15:26:81:9b:3e:0f:7f:ea:c0:
         02:a0:f6:1c:00:6a:a7:1e:87:2a:e9:5d:81:25:6a:fa:06:f5:
         11:b3:9f:10:0d:a0:1f:7a:75:9b:cf:a2:b0:f0:0f:36:f6:1d:
         b3:29:dd:19:07:65:d2:8e:22:32:e6:b9:74:34:f9:30:71:b6:
         57:3a:06:a5:d4:7a:f7:3e:8e:1b:a7:77:fa:2f:18:2e:55:00:
         fb:e2:76:48:28:49:b3:1d:4b:8c:ec:34:50:f5:d3:d6:d0:33:
         07:71:91:a0:e9:e4:53:34:22:09:77:61:d1:04:2c:b2:48:0c:
         78:d3:c7:56:39:50:b1:48:34:fa:28:03:79:bf:9f:37:05:ab:
         ac:27:b0:aa:e0:34:7b:85:76:5a:98:f1:af:c0:70:04:71:52:
         94:ed:1f:d0:27:01:17:6f:4d:69:1d:5c:ce:85:80:7d:89:e2:
         2f:16:a1:61:b8:f0:fa:5c:93:18:a6:a1:51:d1:9b:94:8c:fc:
         89:b7:ce:3c:35:31:31:74:00:4d:d6:5f:29:ee:61:21:19:cd:
         48:43:59:10:ca:59:8f:7e:66:a5:8c:b4:76:c9:39:20:bd:6a:
         5f:5b:19:e6:ef:6e:c8:92:86:b8:5d:1e:21:f5:3e:96:3a:48:
         b7:95:8d:ab
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEFy0adXLSl1nvXN0YTnIEW8Hm/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTMxMTE1MTNaFw0yNjA2MTIxMTIwMTNaMDMxMTAvBgNV
BAMTKEQ5QzJFOTc0NjBENjQxQ0UwQTU2MzI1RTgxNTNDQjgyQjBDOEFGRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn076b8IVMH17YclDvuTyO7iNW
MA2aHqAfbcgx9+2ohS65Ou+fE/VrljNpoZezS7bthLWZK/vceHMgFCCZViqXqr7p
oXpvJ+sFL7gxNB1OBaikaRddWuwWjo8+62eZ3+BYZazrK1oiFarbKKWGqsjDiY19
lF/Fhawn8/vvlO7OQJhaS2HYs7p5JDFFwUGxqco4pbEgIcmhE4FGuOhBEqtFnHcW
dvp9mGwSuWwQMyhOS9pNVkJFOSjy7NL/SVhopaqhv9TOoyni3Zwa9G+K0bE+vWxv
JgnVU9qktcyjM20LvijRSQVPjwx/UEsO/BUFM3mMQcXYf9/00okbf+BBMZhHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU2cLpdGDWQc4KVjJegVPLgrDIr+swHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE1MTQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACRMA0GCSqGSIb3DQEBCwUAA4IBAQAhkmwnljMwikwVJoGbPg9/6sACoPYcAGqn
Hocq6V2BJWr6BvURs58QDaAfenWbz6Kw8A829h2zKd0ZB2XSjiIy5rl0NPkwcbZX
Ogal1Hr3Po4bp3f6LxguVQD74nZIKEmzHUuM7DRQ9dPW0DMHcZGg6eRTNCIJd2HR
BCyySAx408dWOVCxSDT6KAN5v583BausJ7Cq4DR7hXZamPGvwHAEcVKU7R/QJwEX
b01pHVzOhYB9ieIvFqFhuPD6XJMYpqFR0ZuUjPyJt848NTExdABN1l8p7mEhGc1I
Q1kQylmPfmaljLR2yTkgvWpfWxnm727Ikoa4XR4h9T6WOki3lY2r
-----END CERTIFICATE-----