Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
File:                     AS213650.roa (raw, json)
Hash identifier:          CkRMLxpx+0jhiO3UD8bXUYhj1+vKkTUVxZ85/W3Slj8=
Subject key identifier:   63:8C:04:D6:F9:9B:96:C7:96:D4:53:7D:57:80:35:62:C1:EB:BC:2E
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       55739560A9A5CE6CED12DD4CE6DDFC82D62428D1
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa
Signing time:             Wed 27 May 2026 07:00:05 +0000
ROA not before:           Wed 27 May 2026 06:55:05 +0000
ROA not after:            Wed 26 May 2027 07:00:05 +0000
asID:                     213650
IP address blocks:        2a14:7581:3200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:73:95:60:a9:a5:ce:6c:ed:12:dd:4c:e6:dd:fc:82:d6:24:28:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 27 06:55:05 2026 GMT
            Not After : May 26 07:00:05 2027 GMT
        Subject: CN=638C04D6F99B96C796D4537D57803562C1EBBC2E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:da:c5:b4:3b:a4:86:b5:92:fc:7f:6c:ce:be:
                    39:ca:9a:0d:9a:2d:98:e7:8d:09:2a:af:03:3b:09:
                    23:08:31:e0:86:61:86:ec:11:6d:75:89:d7:12:1f:
                    cb:6e:51:0a:02:34:35:a4:66:92:7b:17:19:8c:d6:
                    91:a6:f7:04:b6:fc:02:b2:50:2d:94:d9:4e:f8:d6:
                    dd:c1:c4:f4:9e:7a:df:98:60:9c:cb:72:74:c2:66:
                    5c:9d:a3:1c:d1:c5:7a:49:d0:43:e4:04:3e:42:b7:
                    70:41:8e:1a:e4:19:87:a1:6c:f5:24:74:d7:c0:43:
                    a1:14:63:bb:01:88:a6:67:50:a3:7d:fe:b7:3e:ab:
                    de:ae:de:6d:f2:c4:4f:e0:33:1b:23:05:c8:d2:81:
                    ea:8d:fd:ea:a2:2a:ef:11:a8:ff:82:94:ac:83:8a:
                    95:20:b9:8b:e8:78:a1:f8:e4:ca:9b:25:41:5d:53:
                    cc:9c:11:d9:11:80:eb:92:91:01:47:06:a5:a7:a3:
                    11:b0:b6:2e:1e:90:05:47:d0:85:c9:cb:9d:73:d0:
                    c5:38:3a:15:8b:23:ba:41:14:8b:70:79:0c:a0:86:
                    ec:7a:b7:d0:f7:cf:90:e5:7a:fa:54:28:53:45:03:
                    e5:e2:22:d2:7f:9a:36:c6:55:0a:fa:31:7d:43:f3:
                    49:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:8C:04:D6:F9:9B:96:C7:96:D4:53:7D:57:80:35:62:C1:EB:BC:2E
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS213650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3200::/40

    Signature Algorithm: sha256WithRSAEncryption
         5d:97:bd:ec:87:49:4f:bf:bc:b7:98:f9:d9:20:0d:a4:a2:02:
         d7:1a:6a:d4:06:69:1f:60:66:f5:b5:81:89:f1:2f:33:bf:49:
         34:ff:f9:15:7b:72:fa:7a:53:93:88:16:db:16:d3:e1:59:7b:
         f7:49:a3:1a:95:9b:73:05:40:d3:22:f6:36:7a:44:27:02:98:
         61:67:5a:ad:58:98:7f:10:4b:15:a7:60:7b:9a:b3:33:1f:82:
         3b:a8:5b:36:33:4e:f5:37:2e:6e:d8:d2:db:37:9f:ba:2d:45:
         46:3a:35:58:fd:7e:f8:a5:96:c3:6d:d2:4d:48:28:74:6d:50:
         ef:50:c2:89:98:f0:61:02:35:c4:a8:4c:09:1e:95:99:2f:5c:
         61:4a:cd:f0:30:4b:64:d1:72:96:c5:aa:40:a9:d8:ef:ca:c4:
         e4:73:dd:8e:2e:ef:c7:7e:0e:f7:b5:bf:2e:0d:4e:ca:ec:d5:
         ad:0a:53:92:4e:3a:20:8d:5e:66:75:4a:a9:d0:04:03:95:31:
         fe:50:0a:b0:fc:69:5d:ca:75:12:f2:52:0d:16:d9:4e:5d:a1:
         ea:11:82:c3:53:65:cc:1b:f3:56:da:d5:42:b1:ef:d9:f1:68:
         a5:98:44:48:7f:36:76:24:fd:36:ca:55:42:d3:71:8c:77:cf:
         b2:66:92:4e
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUVXOVYKmlzmztEt1M5t38gtYkKNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjcwNjU1MDVaFw0yNzA1MjYwNzAwMDVaMDMxMTAvBgNV
BAMTKDYzOEMwNEQ2Rjk5Qjk2Qzc5NkQ0NTM3RDU3ODAzNTYyQzFFQkJDMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC12sW0O6SGtZL8f2zOvjnKmg2a
LZjnjQkqrwM7CSMIMeCGYYbsEW11idcSH8tuUQoCNDWkZpJ7FxmM1pGm9wS2/AKy
UC2U2U741t3BxPSeet+YYJzLcnTCZlydoxzRxXpJ0EPkBD5Ct3BBjhrkGYehbPUk
dNfAQ6EUY7sBiKZnUKN9/rc+q96u3m3yxE/gMxsjBcjSgeqN/eqiKu8RqP+ClKyD
ipUguYvoeKH45MqbJUFdU8ycEdkRgOuSkQFHBqWnoxGwti4ekAVH0IXJy51z0MU4
OhWLI7pBFItweQyghux6t9D3z5DlevpUKFNFA+XiItJ/mjbGVQr6MX1D80n3AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUY4wE1vmblseW1FN9V4A1YsHrvC4wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjEzNjUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTIwDQYJKoZIhvcNAQELBQADggEBAF2XveyHSU+/vLeY+dkgDaSiAtcaatQGaR9g
ZvW1gYnxLzO/STT/+RV7cvp6U5OIFtsW0+FZe/dJoxqVm3MFQNMi9jZ6RCcCmGFn
Wq1YmH8QSxWnYHuaszMfgjuoWzYzTvU3Lm7Y0ts3n7otRUY6NVj9fvillsNt0k1I
KHRtUO9QwomY8GECNcSoTAkelZkvXGFKzfAwS2TRcpbFqkCp2O/KxORz3Y4u78d+
Dve1vy4NTsrs1a0KU5JOOiCNXmZ1SqnQBAOVMf5QCrD8aV3KdRLyUg0W2U5doeoR
gsNTZcwb81ba1UKx79nxaKWYREh/NnYk/TbKVULTcYx3z7Jmkk4=
-----END CERTIFICATE-----