Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa
File:                     AS56913.roa (raw, json)
Hash identifier:          TH7OmWxVKRecPoXmkU2MEKPqUFeee6bkXN+8jrJCzQY=
Subject key identifier:   8D:BA:28:A7:47:AF:AF:9B:39:91:60:AF:34:F1:28:0B:25:39:46:9E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       45796441ED90A72791BFC81ABD32CF89D2D2CFE6
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa
Signing time:             Fri 25 Jul 2025 11:22:54 +0000
ROA not before:           Fri 25 Jul 2025 11:17:54 +0000
ROA not after:            Fri 24 Jul 2026 11:22:54 +0000
asID:                     56913
IP address blocks:        2a13:9500:4d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:79:64:41:ed:90:a7:27:91:bf:c8:1a:bd:32:cf:89:d2:d2:cf:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 25 11:17:54 2025 GMT
            Not After : Jul 24 11:22:54 2026 GMT
        Subject: CN=8DBA28A747AFAF9B399160AF34F1280B2539469E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:fc:24:6c:31:0b:f1:f3:57:bc:4a:58:69:4e:
                    f0:96:c1:6a:7b:e6:8b:d2:b7:e3:ee:64:c7:a1:5d:
                    e9:e0:27:bd:0c:dd:cd:8c:ef:d0:47:40:99:bb:f2:
                    0f:4d:8b:b3:50:b5:e4:92:28:ee:1b:d3:8a:ad:f0:
                    86:57:90:4e:9a:fd:6b:60:b8:1d:13:0a:83:02:a1:
                    0e:62:76:cc:50:f5:a7:3f:df:a4:e6:36:50:e9:bf:
                    0c:43:1f:55:ee:be:a3:c9:4c:9d:31:1d:88:ee:f1:
                    31:44:87:7c:3f:5f:7f:37:81:12:54:a1:40:64:80:
                    98:fc:8c:df:99:ed:b5:63:de:30:ee:99:13:b9:9b:
                    62:56:14:02:b3:ce:48:47:68:f0:ec:2a:60:50:d9:
                    c1:46:14:d2:5e:a6:32:28:15:e7:b3:57:3d:bb:e1:
                    c3:8c:bf:68:85:96:9e:44:1b:b5:d2:3d:a2:bd:44:
                    ed:de:13:02:86:05:e6:95:bf:57:74:d6:16:ee:a9:
                    36:31:32:2b:d4:72:e6:1b:55:bc:74:88:26:a1:3a:
                    ed:ab:34:a1:71:64:99:86:db:eb:39:5d:37:0c:18:
                    7c:f1:7e:b4:be:e0:d1:16:5b:3d:2f:8d:18:e8:05:
                    7e:4b:d4:b5:20:99:50:3b:6a:5c:44:e5:e8:bc:a2:
                    57:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:BA:28:A7:47:AF:AF:9B:39:91:60:AF:34:F1:28:0B:25:39:46:9E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS56913.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:4d::/48

    Signature Algorithm: sha256WithRSAEncryption
         86:1b:aa:f7:41:b8:a2:3c:42:40:b1:4c:f2:09:80:f2:2e:04:
         5e:14:05:a1:63:2c:64:54:d8:41:13:a6:ea:0e:1e:45:6e:45:
         fc:2f:8c:16:28:f6:7a:47:c3:50:fd:41:a6:d4:b8:79:d5:3e:
         e5:c9:2f:81:8e:a3:b7:88:28:5b:c4:25:5b:4d:45:6f:f9:6d:
         9a:3c:e7:f2:0e:c7:c3:40:2f:b7:f4:d6:c2:30:a4:e7:c7:77:
         6f:ce:4c:33:18:d5:c1:8f:59:ae:8e:09:11:10:4f:97:b3:c2:
         23:d3:a7:ad:df:de:5c:2f:00:d3:ce:0f:14:98:fd:a2:25:f3:
         a5:0a:78:24:18:a0:91:eb:f7:c3:96:6c:3f:72:18:b1:15:72:
         e1:d4:21:9c:2e:8f:94:e5:03:fa:b1:de:c5:12:a0:14:c9:78:
         91:31:29:5b:b7:0e:13:d7:d0:f0:8a:2e:4c:18:f7:77:1c:47:
         a7:0c:cb:18:92:aa:54:97:59:3f:63:1c:97:8c:7c:eb:2a:56:
         2a:58:02:45:6b:02:97:65:65:83:33:9f:79:66:12:0c:e7:14:
         52:0e:77:3e:86:ac:25:f1:f7:49:e8:84:ec:7b:fd:6d:aa:3a:
         84:85:96:94:00:43:94:ef:e4:16:e5:99:4f:2e:7f:36:ef:ad:
         a8:c2:44:3c
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIURXlkQe2QpyeRv8gavTLPidLSz+YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjUxMTE3NTRaFw0yNjA3MjQxMTIyNTRaMDMxMTAvBgNV
BAMTKDhEQkEyOEE3NDdBRkFGOUIzOTkxNjBBRjM0RjEyODBCMjUzOTQ2OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw/CRsMQvx81e8SlhpTvCWwWp7
5ovSt+PuZMehXengJ70M3c2M79BHQJm78g9Ni7NQteSSKO4b04qt8IZXkE6a/Wtg
uB0TCoMCoQ5idsxQ9ac/36TmNlDpvwxDH1XuvqPJTJ0xHYju8TFEh3w/X383gRJU
oUBkgJj8jN+Z7bVj3jDumRO5m2JWFAKzzkhHaPDsKmBQ2cFGFNJepjIoFeezVz27
4cOMv2iFlp5EG7XSPaK9RO3eEwKGBeaVv1d01hbuqTYxMivUcuYbVbx0iCahOu2r
NKFxZJmG2+s5XTcMGHzxfrS+4NEWWz0vjRjoBX5L1LUgmVA7alxE5ei8olcZAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUjboop0evr5s5kWCvNPEoCyU5Rp4wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTY5MTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AE0wDQYJKoZIhvcNAQELBQADggEBAIYbqvdBuKI8QkCxTPIJgPIuBF4UBaFjLGRU
2EETpuoOHkVuRfwvjBYo9npHw1D9QabUuHnVPuXJL4GOo7eIKFvEJVtNRW/5bZo8
5/IOx8NAL7f01sIwpOfHd2/OTDMY1cGPWa6OCREQT5ezwiPTp63f3lwvANPODxSY
/aIl86UKeCQYoJHr98OWbD9yGLEVcuHUIZwuj5TlA/qx3sUSoBTJeJExKVu3DhPX
0PCKLkwY93ccR6cMyxiSqlSXWT9jHJeMfOsqVipYAkVrApdlZYMzn3lmEgznFFIO
dz6GrCXx90nohOx7/W2qOoSFlpQAQ5Tv5BblmU8ufzbvrajCRDw=
-----END CERTIFICATE-----