Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401615.roa
File:                     AS401615.roa (raw, json)
Hash identifier:          8avoX5LMx3jLWTgy4it7waz9K3voXB6XqCviudInVCE=
Subject key identifier:   CE:2A:54:13:4F:5E:24:35:94:DF:5A:82:8E:FF:8B:33:94:73:23:C6
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2AC9DD0F90C3CDF9F21D2EBD9B92D10C87109D00
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401615.roa
Signing time:             Fri 03 Apr 2026 10:33:17 +0000
ROA not before:           Fri 03 Apr 2026 10:28:17 +0000
ROA not after:            Fri 02 Apr 2027 10:33:17 +0000
asID:                     401615
IP address blocks:        2a13:9500:15c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:c9:dd:0f:90:c3:cd:f9:f2:1d:2e:bd:9b:92:d1:0c:87:10:9d:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  3 10:28:17 2026 GMT
            Not After : Apr  2 10:33:17 2027 GMT
        Subject: CN=CE2A54134F5E243594DF5A828EFF8B33947323C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:74:5a:78:b7:b1:09:c4:05:07:51:86:4f:
                    25:a0:1f:17:5c:2e:2f:bd:0a:c4:95:fa:7f:7a:42:
                    14:83:11:d3:e0:4a:be:4b:ed:bc:c5:ab:4c:79:f9:
                    ae:0e:29:2a:a5:17:1c:a5:a3:e6:57:89:9c:6d:18:
                    05:07:ec:dd:fa:98:69:c3:99:01:ce:39:d4:4e:a1:
                    da:6c:ea:fb:64:57:03:6e:48:5e:bb:2e:58:d4:1d:
                    d1:37:2b:1a:39:59:9a:b8:b1:64:88:7e:bf:4c:c3:
                    e3:9b:eb:c6:e5:65:3b:a5:89:d5:83:3b:b5:43:ae:
                    da:87:c3:98:14:cc:93:1a:3a:dc:9f:63:ee:d2:ad:
                    a8:c2:8c:3d:90:96:75:4f:7d:55:86:97:e4:1f:89:
                    5f:ea:11:81:1c:aa:10:ab:b3:60:08:e5:5b:ef:56:
                    e1:1e:8e:dc:42:f2:e9:21:37:84:ad:57:da:06:d6:
                    5d:49:b6:7e:ac:e2:23:e0:cb:99:85:ec:2b:d8:45:
                    6d:de:1b:51:17:2d:f9:22:57:e4:29:96:12:42:bf:
                    7e:da:77:c0:77:68:91:31:38:b3:9e:e5:b6:40:a7:
                    a5:0e:f0:7e:9b:86:43:cf:8a:27:d7:98:78:0f:dc:
                    8f:85:a3:41:ce:53:b9:1c:8a:96:9f:b8:06:d7:28:
                    09:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:2A:54:13:4F:5E:24:35:94:DF:5A:82:8E:FF:8B:33:94:73:23:C6
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS401615.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:15c::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:57:55:ca:ff:86:9e:72:39:47:b0:11:c2:e7:d0:e0:9f:31:
         e7:7b:99:01:a8:7b:07:73:16:a3:82:76:75:89:15:7e:e4:b0:
         9a:7c:32:a3:45:55:0f:ff:29:a4:3c:ee:85:85:4c:dd:fc:9e:
         28:fd:a5:30:3e:b8:98:30:c7:52:22:bd:8f:18:71:23:d5:02:
         4a:cd:2a:b1:d8:02:ac:72:0a:ca:67:a4:91:f7:30:52:61:fa:
         f0:64:57:91:94:44:2e:d0:18:02:96:eb:99:65:ab:0c:91:27:
         ec:4d:1c:8f:af:e1:f5:42:44:5d:74:b5:c6:5e:3e:2b:7a:ee:
         a3:4c:90:96:b5:89:09:86:8b:c4:d2:11:d8:cf:66:2b:a0:9f:
         06:88:18:f7:e9:f9:a0:2c:d1:b8:32:09:87:3c:ad:7d:74:a1:
         20:f7:d4:43:b2:29:c6:16:5a:26:05:d2:39:13:9b:04:a4:3b:
         52:87:2d:2b:a7:3f:96:79:97:7f:5c:76:5d:64:5d:5d:89:89:
         7f:1e:f3:99:5f:7d:93:64:a3:cf:0f:cd:eb:1d:73:a0:1b:56:
         b8:90:87:13:3e:11:85:56:03:56:5c:f9:4b:86:ea:ec:a0:ad:
         b8:f8:fc:f8:58:dd:dc:31:53:0a:8c:ba:e7:4d:a1:ce:7b:16:
         76:ba:ab:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUKsndD5DDzfnyHS69m5LRDIcQnQAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDMxMDI4MTdaFw0yNzA0MDIxMDMzMTdaMDMxMTAvBgNV
BAMTKENFMkE1NDEzNEY1RTI0MzU5NERGNUE4MjhFRkY4QjMzOTQ3MzIzQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgaHRaeLexCcQFB1GGTyWgHxdc
Li+9CsSV+n96QhSDEdPgSr5L7bzFq0x5+a4OKSqlFxylo+ZXiZxtGAUH7N36mGnD
mQHOOdROodps6vtkVwNuSF67LljUHdE3Kxo5WZq4sWSIfr9Mw+Ob68blZTulidWD
O7VDrtqHw5gUzJMaOtyfY+7SrajCjD2QlnVPfVWGl+QfiV/qEYEcqhCrs2AI5Vvv
VuEejtxC8ukhN4StV9oG1l1Jtn6s4iPgy5mF7CvYRW3eG1EXLfkiV+QplhJCv37a
d8B3aJExOLOe5bZAp6UO8H6bhkPPiifXmHgP3I+Fo0HOU7kcipafuAbXKAlTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUzipUE09eJDWU31qCjv+LM5RzI8YwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAxNjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFcMA0GCSqGSIb3DQEBCwUAA4IBAQCeV1XK/4aecjlHsBHC59DgnzHne5kBqHsH
cxajgnZ1iRV+5LCafDKjRVUP/ymkPO6FhUzd/J4o/aUwPriYMMdSIr2PGHEj1QJK
zSqx2AKscgrKZ6SR9zBSYfrwZFeRlEQu0BgCluuZZasMkSfsTRyPr+H1QkRddLXG
Xj4reu6jTJCWtYkJhovE0hHYz2YroJ8GiBj36fmgLNG4MgmHPK19dKEg99RDsinG
FlomBdI5E5sEpDtShy0rpz+WeZd/XHZdZF1diYl/HvOZX32TZKPPD83rHXOgG1a4
kIcTPhGFVgNWXPlLhursoK24+Pz4WN3cMVMKjLrnTaHOexZ2uqv2
-----END CERTIFICATE-----