Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396350.roa
File:                     AS396350.roa (raw, json)
Hash identifier:          QAzi1bxpuOnQYiM8jsEMPoN9NsKrWRtdvvddMJntOKs=
Subject key identifier:   52:C7:24:01:3E:83:D3:03:46:82:8F:CF:AE:E5:3B:27:6A:49:72:6E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2A5CDD3FBE88E7EF2040142AD711F776817D5051
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396350.roa
Signing time:             Tue 16 Jun 2026 08:07:21 +0000
ROA not before:           Tue 16 Jun 2026 08:02:21 +0000
ROA not after:            Tue 15 Jun 2027 08:07:21 +0000
asID:                     396350
IP address blocks:        2a13:9500:193::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:5c:dd:3f:be:88:e7:ef:20:40:14:2a:d7:11:f7:76:81:7d:50:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 16 08:02:21 2026 GMT
            Not After : Jun 15 08:07:21 2027 GMT
        Subject: CN=52C724013E83D30346828FCFAEE53B276A49726E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:29:ed:15:cd:4e:8d:de:a3:1a:9d:b6:16:22:
                    e9:d0:ec:b0:5c:e7:f4:c3:2c:66:76:65:48:41:ca:
                    7c:50:df:5f:95:48:84:57:33:fd:1a:a3:5d:58:64:
                    c5:dc:ec:06:4f:66:18:4b:5d:5a:cc:69:af:94:94:
                    8d:00:43:fa:37:9b:43:e7:26:84:a7:31:60:bb:c6:
                    08:2e:bc:54:71:62:4e:48:74:ad:54:59:e6:c5:ee:
                    0c:be:68:b3:b5:33:76:d3:05:1f:c0:52:10:3e:64:
                    d9:19:15:e9:e6:fd:58:73:88:b6:9a:d5:e0:ef:33:
                    65:23:cf:55:55:c2:46:48:05:e7:f9:4a:38:5d:fa:
                    0c:fe:e6:1e:1a:47:8c:f2:f4:f9:64:fa:5b:34:a1:
                    58:6c:b2:92:4f:72:ac:b6:ce:58:e3:72:fc:2f:9b:
                    76:e4:e6:8f:6a:54:0a:7f:cd:06:da:75:9b:f7:a0:
                    48:44:18:a8:ad:d3:72:36:7c:a7:2d:3b:b3:b6:96:
                    6c:cb:9b:ef:6a:93:18:ac:a0:85:ef:6d:81:78:7c:
                    2a:5e:b7:80:be:80:49:1c:7d:8c:ba:68:46:ce:55:
                    9a:c7:38:10:e3:0f:7d:5a:ab:7f:d9:8c:39:f0:80:
                    be:be:18:cf:43:2c:c9:45:fb:44:8c:00:0d:f3:f1:
                    f0:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:C7:24:01:3E:83:D3:03:46:82:8F:CF:AE:E5:3B:27:6A:49:72:6E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396350.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:193::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:ae:c2:31:ca:3f:d9:e7:38:a4:15:cd:77:47:00:8c:ff:1a:
         54:ae:1d:97:9a:e0:8b:78:3f:22:39:b6:8b:2c:22:f2:c3:02:
         6c:a0:67:e1:91:48:f3:37:9e:7a:a8:d5:b0:91:72:8f:b6:fa:
         27:78:2b:68:b2:00:57:62:e1:af:88:70:18:ed:2b:bb:ca:55:
         45:7a:27:56:52:6a:24:c4:0b:44:d1:a8:24:21:82:a4:84:7f:
         35:5b:b0:f5:69:26:c2:7c:91:8b:09:78:f8:70:a9:cd:7b:ea:
         ab:4a:5f:8d:23:cf:6a:4c:53:90:fc:96:58:fb:79:48:d4:bf:
         66:4a:eb:28:ce:82:1e:54:d3:ca:f2:43:9a:2b:31:db:c8:99:
         dd:cb:52:45:6b:62:0d:a3:ad:8b:cf:cc:01:57:bc:cf:30:b2:
         f0:80:23:76:ae:02:f0:7f:cc:19:8f:d3:27:20:8a:1e:2b:fd:
         30:5e:84:62:78:d9:ce:90:84:9b:d5:87:52:5c:60:9d:14:46:
         f6:99:ee:86:b2:bf:92:b8:d8:5d:78:88:1e:86:7e:7d:84:55:
         ce:22:c1:40:f1:a4:41:e2:67:6e:76:08:1b:86:a3:50:99:7a:
         b2:b0:7b:2a:cf:40:23:69:f5:27:1c:7d:dd:0b:03:81:c5:95:
         82:72:10:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKlzdP76I5+8gQBQq1xH3doF9UFEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MTYwODAyMjFaFw0yNzA2MTUwODA3MjFaMDMxMTAvBgNV
BAMTKDUyQzcyNDAxM0U4M0QzMDM0NjgyOEZDRkFFRTUzQjI3NkE0OTcyNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDiKe0VzU6N3qManbYWIunQ7LBc
5/TDLGZ2ZUhBynxQ31+VSIRXM/0ao11YZMXc7AZPZhhLXVrMaa+UlI0AQ/o3m0Pn
JoSnMWC7xgguvFRxYk5IdK1UWebF7gy+aLO1M3bTBR/AUhA+ZNkZFenm/VhziLaa
1eDvM2Ujz1VVwkZIBef5Sjhd+gz+5h4aR4zy9Plk+ls0oVhsspJPcqy2zljjcvwv
m3bk5o9qVAp/zQbadZv3oEhEGKit03I2fKctO7O2lmzLm+9qkxisoIXvbYF4fCpe
t4C+gEkcfYy6aEbOVZrHOBDjD31aq3/ZjDnwgL6+GM9DLMlF+0SMAA3z8fCFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUUsckAT6D0wNGgo/PruU7J2pJcm4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk2MzUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAGTMA0GCSqGSIb3DQEBCwUAA4IBAQCersIxyj/Z5zikFc13RwCM/xpUrh2XmuCL
eD8iObaLLCLywwJsoGfhkUjzN556qNWwkXKPtvoneCtosgBXYuGviHAY7Su7ylVF
eidWUmokxAtE0agkIYKkhH81W7D1aSbCfJGLCXj4cKnNe+qrSl+NI89qTFOQ/JZY
+3lI1L9mSusozoIeVNPK8kOaKzHbyJndy1JFa2INo62Lz8wBV7zPMLLwgCN2rgLw
f8wZj9MnIIoeK/0wXoRieNnOkISb1YdSXGCdFEb2me6Gsr+SuNhdeIgehn59hFXO
IsFA8aRB4mdudggbhqNQmXqysHsqz0AjafUnHH3dCwOBxZWCchCk
-----END CERTIFICATE-----