Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216075.roa
File:                     AS216075.roa (raw, json)
Hash identifier:          k93KlcR8p8gd4RjiTvZ/c/LQHvPBqjYfdEDacg5Bjl0=
Subject key identifier:   AB:45:A9:42:AB:CC:FD:B3:C3:B6:3C:E1:3B:17:79:57:ED:0B:66:B3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       29A5A18345BA02AC4DDDA2C43276733542A57077
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216075.roa
Signing time:             Tue 09 Jun 2026 06:47:31 +0000
ROA not before:           Tue 09 Jun 2026 06:42:31 +0000
ROA not after:            Tue 08 Jun 2027 06:47:31 +0000
asID:                     216075
IP address blocks:        2a13:9500:a9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a5:a1:83:45:ba:02:ac:4d:dd:a2:c4:32:76:73:35:42:a5:70:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  9 06:42:31 2026 GMT
            Not After : Jun  8 06:47:31 2027 GMT
        Subject: CN=AB45A942ABCCFDB3C3B63CE13B177957ED0B66B3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:b5:38:d0:1d:ba:8b:8d:7b:00:55:ff:fb:6a:
                    b0:7d:90:c2:07:5e:d2:ac:2b:96:05:dd:da:3d:90:
                    1f:f1:b5:71:86:6f:ae:4f:d8:7c:cf:0a:77:36:97:
                    d1:bd:4d:35:5c:66:fd:3c:f1:2f:d0:98:7c:95:6e:
                    4a:59:9a:cb:39:5d:84:89:84:87:e4:a7:b8:4f:b0:
                    fa:97:84:d1:8c:3d:67:8c:7d:1d:c7:4b:99:e5:85:
                    0b:37:ef:56:d6:61:75:e4:a8:5d:30:1c:a4:46:4e:
                    af:f1:ef:6a:cd:06:ca:be:5b:56:35:0a:90:a9:e6:
                    a0:d9:d4:61:54:6d:7c:e1:bd:a8:9b:c9:7d:85:f1:
                    91:1b:c4:6b:f8:d8:14:d8:85:8c:d3:52:80:c6:24:
                    fa:73:86:1e:c7:51:68:20:8d:fa:7b:a5:42:eb:a7:
                    58:bd:86:b8:03:77:83:a0:7f:37:f5:f6:62:08:e5:
                    53:00:4f:6e:15:64:c8:b2:2e:9f:8b:e3:b7:29:05:
                    69:36:75:64:e3:e6:7f:00:38:1e:1a:25:98:66:9d:
                    fc:e4:30:58:bb:b9:a0:48:76:de:9a:01:9a:da:e1:
                    63:da:da:9d:e9:d2:c6:6a:d3:93:01:a2:0f:2a:b2:
                    e5:26:3a:8e:6c:31:ff:ee:aa:77:97:7d:ff:c6:a2:
                    35:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:45:A9:42:AB:CC:FD:B3:C3:B6:3C:E1:3B:17:79:57:ED:0B:66:B3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS216075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a9::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:37:3c:4c:a1:bd:0e:86:3f:35:c5:9a:8b:bc:16:e7:87:00:
         48:04:76:09:a9:1b:c1:6f:41:43:f2:68:22:78:30:3c:e2:8c:
         fc:b2:af:f8:cd:98:0d:5d:b4:23:46:07:a5:cc:9b:2d:c3:a3:
         bc:ca:55:04:51:90:b0:ce:3d:5a:fc:b6:7b:d0:b0:5e:41:b9:
         3e:01:1e:e3:e3:30:dd:3b:f7:9f:07:92:a8:93:33:92:ca:0d:
         1e:d9:c1:10:27:ce:fb:cc:64:00:85:81:61:50:51:99:71:ff:
         30:51:c4:bc:f5:0d:16:ec:b3:87:30:df:c5:54:79:2e:2a:57:
         6b:8f:17:22:16:a2:28:94:94:79:b7:e0:9d:fb:86:b4:60:9b:
         63:3d:85:ec:80:fb:28:93:8b:ad:60:f9:34:42:c2:63:52:1e:
         7b:49:21:c1:86:e0:9c:6b:22:6b:89:d7:f2:66:1e:48:2a:ec:
         c8:a0:3a:c1:d1:9a:ef:65:23:0e:64:0f:61:56:3f:79:96:32:
         39:3f:67:7d:49:29:15:07:43:25:33:ff:c6:eb:4a:04:21:0e:
         62:8a:1a:b3:52:35:8d:e1:c0:c0:e4:99:88:d8:59:02:c0:ba:
         ab:a9:10:e1:23:ed:30:d7:6e:b5:24:94:f2:67:7f:ff:cc:df:
         dc:99:f3:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKaWhg0W6AqxN3aLEMnZzNUKlcHcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDkwNjQyMzFaFw0yNzA2MDgwNjQ3MzFaMDMxMTAvBgNV
BAMTKEFCNDVBOTQyQUJDQ0ZEQjNDM0I2M0NFMTNCMTc3OTU3RUQwQjY2QjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDetTjQHbqLjXsAVf/7arB9kMIH
XtKsK5YF3do9kB/xtXGGb65P2HzPCnc2l9G9TTVcZv088S/QmHyVbkpZmss5XYSJ
hIfkp7hPsPqXhNGMPWeMfR3HS5nlhQs371bWYXXkqF0wHKRGTq/x72rNBsq+W1Y1
CpCp5qDZ1GFUbXzhvaibyX2F8ZEbxGv42BTYhYzTUoDGJPpzhh7HUWggjfp7pULr
p1i9hrgDd4Ogfzf19mII5VMAT24VZMiyLp+L47cpBWk2dWTj5n8AOB4aJZhmnfzk
MFi7uaBIdt6aAZra4WPa2p3p0sZq05MBog8qsuUmOo5sMf/uqneXff/GojVBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUq0WpQqvM/bPDtjzhOxd5V+0LZrMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjE2MDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACpMA0GCSqGSIb3DQEBCwUAA4IBAQAyNzxMob0Ohj81xZqLvBbnhwBIBHYJqRvB
b0FD8mgieDA84oz8sq/4zZgNXbQjRgelzJstw6O8ylUEUZCwzj1a/LZ70LBeQbk+
AR7j4zDdO/efB5KokzOSyg0e2cEQJ877zGQAhYFhUFGZcf8wUcS89Q0W7LOHMN/F
VHkuKldrjxciFqIolJR5t+Cd+4a0YJtjPYXsgPsok4utYPk0QsJjUh57SSHBhuCc
ayJridfyZh5IKuzIoDrB0ZrvZSMOZA9hVj95ljI5P2d9SSkVB0MlM//G60oEIQ5i
ihqzUjWN4cDA5JmI2FkCwLqrqRDhI+0w1261JJTyZ3//zN/cmfPC
-----END CERTIFICATE-----