Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44324.roa
File:                     AS44324.roa (raw, json)
Hash identifier:          zYt7jGdimPhVUr1Fu4koQ38/hsbDtepL5pQi3mELm9k=
Subject key identifier:   47:2C:FB:D3:53:F0:97:59:7F:3B:A0:90:40:C8:18:F5:DE:26:2A:F3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       1F282825D88AABC8336EF2B86012DC2C05FA9044
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44324.roa
Signing time:             Tue 21 Oct 2025 17:25:14 +0000
ROA not before:           Tue 21 Oct 2025 17:20:14 +0000
ROA not after:            Tue 20 Oct 2026 17:25:14 +0000
asID:                     44324
IP address blocks:        2a13:9500:fc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:28:28:25:d8:8a:ab:c8:33:6e:f2:b8:60:12:dc:2c:05:fa:90:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 21 17:20:14 2025 GMT
            Not After : Oct 20 17:25:14 2026 GMT
        Subject: CN=472CFBD353F097597F3BA09040C818F5DE262AF3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:1b:f6:3b:51:5e:34:ad:8f:ac:f2:e7:8c:d7:
                    2a:fc:a7:26:89:c1:13:b5:4a:ef:4d:f2:5b:e9:ef:
                    74:b5:48:ac:d5:04:3a:56:4d:0d:b1:e2:a0:d3:c0:
                    13:91:87:3d:cd:d5:22:fc:c6:30:e6:d3:c6:b8:b6:
                    66:d5:4b:f4:a0:6b:73:75:e7:b6:41:f8:82:4d:fb:
                    75:76:2f:5e:fc:18:9e:6a:f0:e6:d4:b5:81:5b:f9:
                    f5:71:a5:bb:15:4f:bf:60:ab:b7:e0:30:44:6d:fb:
                    97:ad:f7:01:70:23:13:ce:57:3a:d4:e2:a4:12:fa:
                    30:15:d3:ff:82:0e:8e:82:6d:ae:e2:be:b3:d7:e6:
                    f7:31:6e:1e:e1:5b:62:50:98:80:55:99:db:d2:30:
                    4e:d8:dc:1f:98:9c:a8:da:43:b9:07:df:18:ab:cd:
                    09:96:47:69:9b:b6:a8:40:42:f1:2a:30:8e:86:2f:
                    32:45:24:67:8f:13:06:d4:9d:c7:32:25:fe:0f:b6:
                    54:d5:8b:b8:e8:0f:de:6b:f5:61:51:78:a5:f5:c9:
                    b5:24:71:5b:3a:c1:96:b0:0f:25:f6:c4:85:7f:14:
                    fe:4f:31:c6:9b:92:06:4e:0a:b2:bd:0c:ee:a9:92:
                    90:7c:d6:43:e4:09:fa:9c:bf:19:00:b4:f7:a9:f2:
                    27:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:2C:FB:D3:53:F0:97:59:7F:3B:A0:90:40:C8:18:F5:DE:26:2A:F3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS44324.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:fc::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:75:62:ee:35:dd:1b:df:61:05:d3:3c:b9:ca:b5:f5:a9:9f:
         8d:cf:df:72:9f:d1:95:59:b6:79:36:a2:45:a9:9f:58:53:38:
         74:f9:89:b5:23:84:58:33:61:13:9d:61:6f:4a:b5:26:42:d3:
         93:ac:03:94:06:15:5e:5d:de:b9:1c:9e:77:25:ce:df:39:53:
         5c:16:23:20:7d:40:3d:3b:ef:c5:ea:ad:06:d1:77:7e:01:45:
         ed:e5:79:5f:8b:ae:b4:55:14:18:da:83:65:13:f0:0c:78:07:
         ed:57:35:4b:64:26:47:8c:bb:62:fa:45:e3:34:6d:e0:64:b8:
         07:ff:37:8c:e2:79:1c:d7:c1:b7:6c:10:66:be:81:e2:2b:65:
         b9:86:c5:69:e2:5d:bc:35:0b:08:22:b9:da:03:13:d0:11:38:
         19:a2:4a:f3:c7:54:ec:76:fe:54:cc:84:6f:11:77:66:1d:65:
         64:36:33:ac:49:40:5d:b7:5f:e9:12:a2:65:c2:d2:f9:f2:0b:
         61:5c:05:78:3b:ae:3e:47:16:f9:5e:68:76:ec:a9:09:e9:3a:
         86:ad:3a:a8:73:81:f9:28:d1:20:ef:00:88:5f:93:69:40:3c:
         02:d6:80:5f:91:64:a7:8b:e0:ea:47:92:49:9b:49:01:99:34:
         8c:d8:f9:4b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUHygoJdiKq8gzbvK4YBLcLAX6kEQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjExNzIwMTRaFw0yNjEwMjAxNzI1MTRaMDMxMTAvBgNV
BAMTKDQ3MkNGQkQzNTNGMDk3NTk3RjNCQTA5MDQwQzgxOEY1REUyNjJBRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFG/Y7UV40rY+s8ueM1yr8pyaJ
wRO1Su9N8lvp73S1SKzVBDpWTQ2x4qDTwBORhz3N1SL8xjDm08a4tmbVS/Sga3N1
57ZB+IJN+3V2L178GJ5q8ObUtYFb+fVxpbsVT79gq7fgMERt+5et9wFwIxPOVzrU
4qQS+jAV0/+CDo6Cba7ivrPX5vcxbh7hW2JQmIBVmdvSME7Y3B+YnKjaQ7kH3xir
zQmWR2mbtqhAQvEqMI6GLzJFJGePEwbUnccyJf4PtlTVi7joD95r9WFReKX1ybUk
cVs6wZawDyX2xIV/FP5PMcabkgZOCrK9DO6pkpB81kPkCfqcvxkAtPep8ieJAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQURyz701Pwl1l/O6CQQMgY9d4mKvMwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDQzMjQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
APwwDQYJKoZIhvcNAQELBQADggEBAGJ1Yu413RvfYQXTPLnKtfWpn43P33Kf0ZVZ
tnk2okWpn1hTOHT5ibUjhFgzYROdYW9KtSZC05OsA5QGFV5d3rkcnnclzt85U1wW
IyB9QD0778XqrQbRd34BRe3leV+LrrRVFBjag2UT8Ax4B+1XNUtkJkeMu2L6ReM0
beBkuAf/N4zieRzXwbdsEGa+geIrZbmGxWniXbw1CwgiudoDE9AROBmiSvPHVOx2
/lTMhG8Rd2YdZWQ2M6xJQF23X+kSomXC0vnyC2FcBXg7rj5HFvleaHbsqQnpOoat
Oqhzgfko0SDvAIhfk2lAPALWgF+RZKeL4OpHkkmbSQGZNIzY+Us=
-----END CERTIFICATE-----