Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa
File:                     AS47272.roa (raw, json)
Hash identifier:          KPIZETfvuxpltCe+sOmJ3CZcguEs15UG2FNeUH7qRuM=
Subject key identifier:   0A:E3:5C:E4:FE:31:4C:6B:47:AB:60:71:69:6B:B3:35:52:A0:0C:9D
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0FEB32B030C3617BB5D44F0CDDF745465141AFD0
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa
Signing time:             Wed 11 Jun 2025 14:44:42 +0000
ROA not before:           Wed 11 Jun 2025 14:39:42 +0000
ROA not after:            Wed 10 Jun 2026 14:44:42 +0000
asID:                     47272
IP address blocks:        2a13:9500:8e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:eb:32:b0:30:c3:61:7b:b5:d4:4f:0c:dd:f7:45:46:51:41:af:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 11 14:39:42 2025 GMT
            Not After : Jun 10 14:44:42 2026 GMT
        Subject: CN=0AE35CE4FE314C6B47AB6071696BB33552A00C9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f4:8c:ed:ed:dd:57:29:0c:e9:79:69:13:0c:
                    02:62:50:2a:23:aa:aa:4f:98:a5:0e:d9:96:d3:3c:
                    ae:00:2a:56:44:78:b5:bf:c4:ec:81:c8:7b:d8:8d:
                    7c:1b:c4:dd:62:8d:17:46:d2:84:1a:fd:fb:8a:a3:
                    37:2f:84:6f:9c:e5:8d:66:3a:79:e0:1c:b8:c5:74:
                    bb:55:9e:a2:21:c8:58:35:64:1d:4d:ac:d3:47:c5:
                    25:93:3d:ea:3a:96:7c:a8:cf:36:07:7c:f7:e6:7c:
                    17:42:6e:1f:e1:56:41:21:21:4a:d2:1e:32:47:0b:
                    28:0d:6f:85:cd:ef:06:26:34:16:f3:1d:60:f4:1f:
                    00:cd:35:6c:60:4a:ef:ba:e1:db:09:8e:88:cc:86:
                    01:aa:3b:8e:13:11:8d:bb:a8:65:7d:ed:4c:c7:22:
                    5a:78:55:5f:f0:de:9c:f1:72:26:e5:42:1f:13:16:
                    49:3d:22:c7:95:d4:db:99:3a:49:80:c4:5c:83:d0:
                    e8:f0:99:92:6f:1e:09:a8:dc:c4:07:0a:d1:45:11:
                    79:70:2d:84:00:49:ec:26:dc:9e:73:05:c8:aa:95:
                    9c:f6:29:8c:1f:5f:79:c0:b4:34:7f:98:aa:6c:a4:
                    89:5d:a4:85:07:2f:98:4e:1d:db:06:88:30:40:8b:
                    20:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E3:5C:E4:FE:31:4C:6B:47:AB:60:71:69:6B:B3:35:52:A0:0C:9D
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47272.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:8e::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:ca:45:67:6d:3d:0b:5c:6e:71:d3:68:38:55:93:3a:75:35:
         35:50:83:96:d7:7a:65:fc:f6:4b:8a:71:72:75:ff:c1:39:d7:
         cf:2a:bd:e9:3f:8d:af:61:c6:16:65:ef:f1:d0:16:84:b4:c7:
         95:93:ea:ff:5c:8c:3e:6e:58:b8:a5:1b:17:d7:04:20:2d:cd:
         67:5e:f9:86:c0:09:cb:9d:27:17:4d:26:49:b8:ad:56:76:e0:
         e4:ee:a7:75:2e:2e:8b:6d:66:67:68:92:d4:f5:9c:d5:94:69:
         33:ed:7c:31:9c:be:c4:95:61:dc:6b:11:39:f3:36:4c:17:0a:
         ac:99:84:ba:d9:c9:fd:a8:6a:41:9f:ef:42:db:74:f4:58:a1:
         6a:69:88:32:7f:0f:30:8e:7a:ee:e3:40:6e:09:b4:b4:57:36:
         74:38:2f:2f:75:5d:bf:e1:dc:ff:8e:60:f4:fc:52:80:cb:1c:
         e2:93:18:bd:41:31:8f:20:bb:76:7c:30:f6:9b:b4:f1:ee:96:
         7e:0c:f1:05:d5:f9:70:31:b4:8d:46:76:2e:c2:87:80:6f:79:
         5f:af:e8:88:3e:20:0a:c3:8e:89:e7:72:50:94:ee:2f:f4:77:
         1b:15:98:9b:87:e7:7c:05:e5:1f:9d:f8:21:c7:a2:6c:44:f8:
         6c:a3:31:f1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUD+sysDDDYXu11E8M3fdFRlFBr9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTExNDM5NDJaFw0yNjA2MTAxNDQ0NDJaMDMxMTAvBgNV
BAMTKDBBRTM1Q0U0RkUzMTRDNkI0N0FCNjA3MTY5NkJCMzM1NTJBMDBDOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCQ9Izt7d1XKQzpeWkTDAJiUCoj
qqpPmKUO2ZbTPK4AKlZEeLW/xOyByHvYjXwbxN1ijRdG0oQa/fuKozcvhG+c5Y1m
OnngHLjFdLtVnqIhyFg1ZB1NrNNHxSWTPeo6lnyozzYHfPfmfBdCbh/hVkEhIUrS
HjJHCygNb4XN7wYmNBbzHWD0HwDNNWxgSu+64dsJjojMhgGqO44TEY27qGV97UzH
Ilp4VV/w3pzxciblQh8TFkk9IseV1NuZOkmAxFyD0OjwmZJvHgmo3MQHCtFFEXlw
LYQASewm3J5zBciqlZz2KYwfX3nAtDR/mKpspIldpIUHL5hOHdsGiDBAiyCBAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUCuNc5P4xTGtHq2BxaWuzNVKgDJ0wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDcyNzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AI4wDQYJKoZIhvcNAQELBQADggEBAC7KRWdtPQtcbnHTaDhVkzp1NTVQg5bXemX8
9kuKcXJ1/8E5188qvek/ja9hxhZl7/HQFoS0x5WT6v9cjD5uWLilGxfXBCAtzWde
+YbACcudJxdNJkm4rVZ24OTup3UuLottZmdoktT1nNWUaTPtfDGcvsSVYdxrETnz
NkwXCqyZhLrZyf2oakGf70LbdPRYoWppiDJ/DzCOeu7jQG4JtLRXNnQ4Ly91Xb/h
3P+OYPT8UoDLHOKTGL1BMY8gu3Z8MPabtPHuln4M8QXV+XAxtI1Gdi7Ch4BveV+v
6Ig+IArDjonnclCU7i/0dxsVmJuH53wF5R+d+CHHomxE+GyjMfE=
-----END CERTIFICATE-----