Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa
File:                     AS273408.roa (raw, json)
Hash identifier:          6jcUbSNbJXk4fPicYiKuTulFGXta6YCus6NsjASTENQ=
Subject key identifier:   35:2A:E6:76:C0:01:0E:83:87:C4:67:95:58:1C:0E:57:3A:BE:D3:9F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       05F5CACABC430F56C24943F3651B8A9A5F8333FF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa
Signing time:             Mon 13 Apr 2026 15:35:23 +0000
ROA not before:           Mon 13 Apr 2026 15:30:23 +0000
ROA not after:            Mon 12 Apr 2027 15:35:23 +0000
asID:                     273408
IP address blocks:        2a13:9500:112::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:f5:ca:ca:bc:43:0f:56:c2:49:43:f3:65:1b:8a:9a:5f:83:33:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 13 15:30:23 2026 GMT
            Not After : Apr 12 15:35:23 2027 GMT
        Subject: CN=352AE676C0010E8387C46795581C0E573ABED39F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:19:dd:ea:31:aa:8d:b3:8e:80:a1:5c:49:11:
                    71:89:96:ca:cc:03:c4:8d:c4:41:01:e4:9c:25:ac:
                    75:df:c4:af:c0:72:06:a7:5a:b1:2c:91:c8:6f:14:
                    58:e8:71:2e:50:5a:a0:b2:21:d7:38:90:cd:e8:57:
                    5f:9c:09:4f:8f:c2:d5:b8:3b:e0:07:e0:11:f1:44:
                    80:6a:ba:d2:26:b5:a2:e5:25:33:5c:9e:52:9e:63:
                    60:94:d2:72:87:dc:11:cf:6d:d2:70:2a:cb:93:d0:
                    2d:f9:c0:e2:6e:27:8d:d6:1d:56:82:32:40:17:08:
                    ee:44:1a:0c:96:08:74:5f:b8:20:4e:a6:23:4b:3f:
                    30:dc:83:ab:5b:de:93:bc:43:d3:ac:44:27:14:0f:
                    cb:7e:f4:5f:19:9c:f2:57:ae:ed:1e:c0:24:65:ad:
                    94:62:3b:f2:f2:bc:94:f6:e1:05:a0:76:c8:8a:2c:
                    4d:83:5a:2c:f0:5f:3d:ae:23:b9:f3:6d:81:d6:1a:
                    88:fc:cf:fa:a4:72:1a:ea:b1:7d:ea:32:37:15:12:
                    35:73:7e:00:d3:8f:e8:cb:4b:6c:0d:73:9d:54:e9:
                    c2:f1:98:57:3e:ad:9d:48:a8:7e:37:3b:ee:87:52:
                    af:f0:57:26:8d:83:a9:9b:d4:80:f1:dd:bf:fb:9b:
                    2d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2A:E6:76:C0:01:0E:83:87:C4:67:95:58:1C:0E:57:3A:BE:D3:9F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273408.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:112::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:51:62:4a:e0:90:ce:9d:31:59:3f:93:64:e2:53:78:bc:17:
         b0:89:6d:d1:25:30:07:eb:c5:5c:89:6c:32:3e:bf:eb:81:f0:
         ff:09:06:7c:c0:cc:ff:c8:da:54:f4:6d:a8:08:fb:00:07:be:
         57:4b:8f:00:f2:27:ba:c7:7d:66:55:97:76:1b:36:9f:9b:b3:
         91:e4:72:31:c8:c0:67:24:90:97:f8:1d:1b:2b:9d:ea:49:bf:
         6c:e0:44:83:e2:c4:f9:6a:f7:31:c9:23:93:5c:62:5b:aa:4c:
         e3:84:9d:2f:8e:44:20:c0:b8:e9:4c:ff:15:75:c6:c8:73:8e:
         d6:09:3f:48:cb:52:12:dc:2d:ce:97:82:21:87:e3:64:c0:24:
         ce:ab:67:d1:4e:48:1a:1a:84:ac:39:62:a7:6e:c4:32:3a:32:
         62:a7:9b:52:6c:ec:d0:f7:e6:4f:65:bc:48:5d:17:a4:fa:a4:
         a7:4a:85:fe:5d:a0:20:49:97:1d:26:14:8b:12:1b:ea:f9:2d:
         63:0c:51:21:92:71:59:c9:93:4c:b9:ca:4e:a5:63:f6:59:bb:
         b0:db:89:34:49:44:76:24:e5:ec:8d:1d:2a:a1:d2:2f:c0:71:
         ec:a7:bf:10:ae:83:4c:77:16:45:cc:68:fd:ae:82:50:cd:36:
         9c:24:79:29
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUBfXKyrxDD1bCSUPzZRuKml+DM/8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTMxNTMwMjNaFw0yNzA0MTIxNTM1MjNaMDMxMTAvBgNV
BAMTKDM1MkFFNjc2QzAwMTBFODM4N0M0Njc5NTU4MUMwRTU3M0FCRUQzOUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8Gd3qMaqNs46AoVxJEXGJlsrM
A8SNxEEB5JwlrHXfxK/AcganWrEskchvFFjocS5QWqCyIdc4kM3oV1+cCU+PwtW4
O+AH4BHxRIBqutImtaLlJTNcnlKeY2CU0nKH3BHPbdJwKsuT0C35wOJuJ43WHVaC
MkAXCO5EGgyWCHRfuCBOpiNLPzDcg6tb3pO8Q9OsRCcUD8t+9F8ZnPJXru0ewCRl
rZRiO/LyvJT24QWgdsiKLE2DWizwXz2uI7nzbYHWGoj8z/qkchrqsX3qMjcVEjVz
fgDTj+jLS2wNc51U6cLxmFc+rZ1IqH43O+6HUq/wVyaNg6mb1IDx3b/7my39AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUNSrmdsABDoOHxGeVWBwOVzq+058wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjczNDA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAESMA0GCSqGSIb3DQEBCwUAA4IBAQCSUWJK4JDOnTFZP5Nk4lN4vBewiW3RJTAH
68VciWwyPr/rgfD/CQZ8wMz/yNpU9G2oCPsAB75XS48A8ie6x31mVZd2Gzafm7OR
5HIxyMBnJJCX+B0bK53qSb9s4ESD4sT5avcxySOTXGJbqkzjhJ0vjkQgwLjpTP8V
dcbIc47WCT9Iy1IS3C3Ol4Ihh+NkwCTOq2fRTkgaGoSsOWKnbsQyOjJip5tSbOzQ
9+ZPZbxIXRek+qSnSoX+XaAgSZcdJhSLEhvq+S1jDFEhknFZyZNMucpOpWP2Wbuw
24k0SUR2JOXsjR0qodIvwHHsp78QroNMdxZFzGj9roJQzTacJHkp
-----END CERTIFICATE-----