Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59993.roa
File:                     AS59993.roa (raw, json)
Hash identifier:          3DoBpQti3hHLNhgxBmk8EWWP2x1jy8rsdxdIJ6SxiuI=
Subject key identifier:   7B:3F:67:22:D5:BD:81:D8:A1:99:3C:BB:40:34:64:A7:48:2D:24:CF
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       44481E7FEFF48634BA03A8E6ACBA7137E4A7AA7A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59993.roa
Signing time:             Fri 17 Apr 2026 10:47:05 +0000
ROA not before:           Fri 17 Apr 2026 10:42:05 +0000
ROA not after:            Fri 16 Apr 2027 10:47:05 +0000
asID:                     59993
IP address blocks:        2a13:9500:47::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:48:1e:7f:ef:f4:86:34:ba:03:a8:e6:ac:ba:71:37:e4:a7:aa:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 17 10:42:05 2026 GMT
            Not After : Apr 16 10:47:05 2027 GMT
        Subject: CN=7B3F6722D5BD81D8A1993CBB403464A7482D24CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:55:5d:46:38:25:0c:f0:6b:23:92:cb:56:c4:
                    42:e0:bf:3f:e7:d2:47:9c:07:1f:82:21:d3:25:ff:
                    fd:86:37:1d:f7:f5:c6:a0:09:f6:fa:c6:80:3e:1b:
                    a4:75:0b:34:ff:5d:e0:bb:9b:d8:78:c3:d7:8b:ec:
                    91:07:34:58:cd:99:f4:19:90:fd:fd:ee:c2:34:87:
                    41:39:6b:31:6f:ae:52:f4:d9:55:c2:61:4b:3c:88:
                    5d:f7:8b:bc:d9:ca:7b:e7:13:49:d8:17:e6:64:65:
                    1b:b2:bd:95:fb:5f:a6:70:72:bb:7d:a0:4e:8e:3b:
                    d0:33:9a:03:ca:96:e3:86:2b:26:82:e5:8b:04:6a:
                    05:33:27:c0:27:27:27:d0:bb:51:e0:2c:ea:cd:88:
                    d8:a4:09:81:3f:31:9a:6a:5b:3e:18:70:72:12:bb:
                    81:5c:d1:c1:3c:37:27:46:d0:e7:0d:52:e1:c8:26:
                    cb:44:36:b6:8c:d3:03:7b:32:a8:af:e5:a6:c9:eb:
                    e3:1e:8e:9c:bb:77:49:df:f1:dc:7a:7b:91:65:1c:
                    8f:e8:3e:23:76:4e:80:3e:3d:21:9a:80:86:af:af:
                    f1:29:3e:57:e3:64:9a:f3:e6:70:84:f3:a8:3d:d7:
                    c3:83:a5:24:33:98:28:60:67:8c:bc:16:42:49:86:
                    0f:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3F:67:22:D5:BD:81:D8:A1:99:3C:BB:40:34:64:A7:48:2D:24:CF
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS59993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:47::/48

    Signature Algorithm: sha256WithRSAEncryption
         74:19:e2:e4:6b:f3:82:03:13:cb:40:ec:49:12:13:99:00:3b:
         d6:4a:31:c3:2e:ac:5f:09:c5:f9:db:8d:02:6a:f3:12:4c:4f:
         fb:07:03:d1:20:29:fd:49:13:f8:e4:d4:a8:db:f2:99:44:ae:
         7d:5a:63:d6:df:e4:dd:4e:68:b1:e5:1d:c6:81:0c:01:7f:f6:
         9a:3d:c7:30:cd:48:e1:f6:0d:25:ef:16:fe:10:c8:05:4e:58:
         22:ff:0c:ea:a7:d3:cf:97:9c:e1:43:40:25:37:14:13:e5:b4:
         9f:dd:eb:bb:7c:83:39:ef:ab:bc:ce:35:83:bc:d7:94:8b:43:
         8f:36:c9:db:9a:9f:06:f7:cc:8c:b2:bb:11:ed:e0:43:b4:46:
         9c:f1:6b:55:b7:8a:14:8f:bd:d2:03:4a:36:cd:e3:73:be:b6:
         48:f6:d4:c4:9f:83:69:24:5e:73:b3:cd:f9:be:13:a8:79:fe:
         14:21:29:35:d2:0d:69:00:5e:e8:0e:f1:35:88:94:39:b6:17:
         17:80:6e:e7:aa:30:0b:0b:a5:ce:58:51:05:4d:c8:31:f1:e6:
         cb:7a:a9:c9:4d:a4:46:32:42:c5:78:f1:a8:9f:23:14:bb:c5:
         47:a3:3f:c5:78:bc:d2:44:cf:73:83:7b:b3:09:10:16:dc:0f:
         8c:71:60:e7
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUREgef+/0hjS6A6jmrLpxN+SnqnowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTcxMDQyMDVaFw0yNzA0MTYxMDQ3MDVaMDMxMTAvBgNV
BAMTKDdCM0Y2NzIyRDVCRDgxRDhBMTk5M0NCQjQwMzQ2NEE3NDgyRDI0Q0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9VV1GOCUM8GsjkstWxELgvz/n
0kecBx+CIdMl//2GNx339cagCfb6xoA+G6R1CzT/XeC7m9h4w9eL7JEHNFjNmfQZ
kP397sI0h0E5azFvrlL02VXCYUs8iF33i7zZynvnE0nYF+ZkZRuyvZX7X6Zwcrt9
oE6OO9AzmgPKluOGKyaC5YsEagUzJ8AnJyfQu1HgLOrNiNikCYE/MZpqWz4YcHIS
u4Fc0cE8NydG0OcNUuHIJstENraM0wN7Mqiv5abJ6+Mejpy7d0nf8dx6e5FlHI/o
PiN2ToA+PSGagIavr/EpPlfjZJrz5nCE86g918ODpSQzmChgZ4y8FkJJhg/pAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUez9nItW9gdihmTy7QDRkp0gtJM8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTk5OTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AEcwDQYJKoZIhvcNAQELBQADggEBAHQZ4uRr84IDE8tA7EkSE5kAO9ZKMcMurF8J
xfnbjQJq8xJMT/sHA9EgKf1JE/jk1Kjb8plErn1aY9bf5N1OaLHlHcaBDAF/9po9
xzDNSOH2DSXvFv4QyAVOWCL/DOqn08+XnOFDQCU3FBPltJ/d67t8gznvq7zONYO8
15SLQ482yduanwb3zIyyuxHt4EO0Rpzxa1W3ihSPvdIDSjbN43O+tkj21MSfg2kk
XnOzzfm+E6h5/hQhKTXSDWkAXugO8TWIlDm2FxeAbueqMAsLpc5YUQVNyDHx5st6
qclNpEYyQsV48aifIxS7xUejP8V4vNJEz3ODe7MJEBbcD4xxYOc=
-----END CERTIFICATE-----