Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213549.roa
File:                     AS213549.roa (raw, json)
Hash identifier:          hBjXX9Rm6zs7ff4OWP6Qfc61MvmJmp1gnEevtnk8EXI=
Subject key identifier:   77:61:84:E2:A3:7E:6D:78:74:62:BB:DA:01:78:47:33:5D:25:85:2B
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       77685E9E89EB68A29F6E0833236536689E4AD9A0
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213549.roa
Signing time:             Sat 18 Apr 2026 21:08:45 +0000
ROA not before:           Sat 18 Apr 2026 21:03:45 +0000
ROA not after:            Sat 17 Apr 2027 21:08:45 +0000
asID:                     213549
IP address blocks:        2a14:7581:fe9::/48 maxlen: 48
                          2a14:7581:9f40::/44 maxlen: 48
                          2a14:7581:9f44::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 04:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:68:5e:9e:89:eb:68:a2:9f:6e:08:33:23:65:36:68:9e:4a:d9:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 18 21:03:45 2026 GMT
            Not After : Apr 17 21:08:45 2027 GMT
        Subject: CN=776184E2A37E6D787462BBDA017847335D25852B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:10:83:bd:6d:72:ad:bf:d9:04:6e:b5:b1:24:
                    a9:54:ab:5f:97:fb:13:f6:d5:55:13:f5:e0:82:5b:
                    7c:f8:ac:3d:80:8c:f9:6b:88:a0:2c:71:16:54:60:
                    c8:9d:7c:44:46:6f:c1:64:9c:cc:38:2b:57:0c:23:
                    cc:c4:b0:bb:a8:45:4d:f1:d8:ff:00:f1:b5:81:b6:
                    de:39:97:2e:a0:d1:74:1a:f0:32:51:98:64:3a:fd:
                    aa:76:92:2c:b9:36:ba:fe:32:1e:b0:7f:5b:29:2e:
                    94:9c:fd:ee:d8:bb:90:5b:f0:55:4a:06:b9:54:82:
                    5d:38:cc:0f:90:d0:68:19:20:89:cf:9e:ed:d3:22:
                    05:cd:25:e8:9a:42:98:0b:08:37:23:86:9c:54:e5:
                    f3:ae:06:ea:54:84:c3:33:df:80:10:3e:b4:26:43:
                    e0:01:07:b6:ee:aa:86:40:50:9e:5d:74:1e:1d:1d:
                    cd:ba:e2:c8:5c:ef:19:b5:83:13:50:79:14:78:c1:
                    12:43:8d:75:ec:50:34:72:cd:38:16:40:84:1c:58:
                    bf:52:db:62:2b:01:bd:4a:7b:07:cf:4c:9e:eb:9f:
                    e7:46:77:5b:2d:18:60:17:82:d4:d8:44:19:d5:07:
                    4f:48:9a:ea:9a:6b:9f:a8:81:0a:bd:ee:f5:60:12:
                    78:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:61:84:E2:A3:7E:6D:78:74:62:BB:DA:01:78:47:33:5D:25:85:2B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213549.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:fe9::/48
                  2a14:7581:9f40::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:f1:14:36:27:72:06:98:87:40:e9:34:7a:cc:04:13:71:de:
         69:9f:d9:65:6c:08:22:23:93:d7:24:18:49:3d:11:20:10:f3:
         e7:46:74:b7:0e:01:3d:2f:2a:2c:6b:7c:74:a8:51:33:1c:1d:
         fc:f9:f1:ee:bd:e2:4c:3a:af:c4:b2:d2:14:52:23:13:95:9b:
         0c:49:4a:64:3a:54:18:e6:99:92:9e:34:99:bf:84:55:5c:69:
         47:eb:54:96:bb:8b:64:3b:e4:0d:c5:d4:52:a6:8c:f5:b9:23:
         fb:54:2b:85:16:f0:c8:d8:31:11:a6:97:20:5f:56:6e:39:f6:
         e2:a3:be:2a:e8:03:89:ef:0b:1c:d3:d6:2d:4b:6a:7c:e8:4d:
         36:a1:14:a2:9f:2f:ff:53:b0:7b:27:74:81:49:6b:8c:ca:1b:
         74:2b:4b:fc:30:c0:cb:64:64:fd:ee:d4:12:7d:fb:c2:ec:2e:
         11:8c:80:55:1c:a8:b2:b5:d6:8f:98:26:f9:0b:86:8c:59:0e:
         2a:72:d1:17:9f:62:49:c0:35:f9:d8:44:06:3b:aa:25:87:f2:
         84:5d:92:1e:27:54:6a:a9:83:cd:b0:7e:1e:c2:c1:86:e7:a6:
         be:67:0c:b0:5c:2b:16:5f:ca:0d:19:44:d0:22:5f:37:20:de:
         b5:15:ff:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUd2henonraKKfbggzI2U2aJ5K2aAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MTgyMTAzNDVaFw0yNzA0MTcyMTA4NDVaMDMxMTAvBgNV
BAMTKDc3NjE4NEUyQTM3RTZENzg3NDYyQkJEQTAxNzg0NzMzNUQyNTg1MkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgEIO9bXKtv9kEbrWxJKlUq1+X
+xP21VUT9eCCW3z4rD2AjPlriKAscRZUYMidfERGb8FknMw4K1cMI8zEsLuoRU3x
2P8A8bWBtt45ly6g0XQa8DJRmGQ6/ap2kiy5Nrr+Mh6wf1spLpSc/e7Yu5Bb8FVK
BrlUgl04zA+Q0GgZIInPnu3TIgXNJeiaQpgLCDcjhpxU5fOuBupUhMMz34AQPrQm
Q+ABB7buqoZAUJ5ddB4dHc264shc7xm1gxNQeRR4wRJDjXXsUDRyzTgWQIQcWL9S
22IrAb1KewfPTJ7rn+dGd1stGGAXgtTYRBnVB09Imuqaa5+ogQq97vVgEngjAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUd2GE4qN+bXh0YrvaAXhHM10lhSswHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNTQ5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhR1
gQ/pAwcEKhR1gZ9AMA0GCSqGSIb3DQEBCwUAA4IBAQBO8RQ2J3IGmIdA6TR6zAQT
cd5pn9llbAgiI5PXJBhJPREgEPPnRnS3DgE9Lyosa3x0qFEzHB38+fHuveJMOq/E
stIUUiMTlZsMSUpkOlQY5pmSnjSZv4RVXGlH61SWu4tkO+QNxdRSpoz1uSP7VCuF
FvDI2DERppcgX1ZuOfbio74q6AOJ7wsc09YtS2p86E02oRSiny//U7B7J3SBSWuM
yht0K0v8MMDLZGT97tQSffvC7C4RjIBVHKiytdaPmCb5C4aMWQ4qctEXn2JJwDX5
2EQGO6olh/KEXZIeJ1RqqYPNsH4ewsGG56a+ZwywXCsWX8oNGUTQIl83IN61Ff+7
-----END CERTIFICATE-----