Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213568.roa
File:                     AS213568.roa (raw, json)
Hash identifier:          YCpMr3I9asDZ0o+o539vJq8SHl8UikNlf6AUDiyKbzo=
Subject key identifier:   B3:2F:83:EC:4A:C8:F5:B9:B5:7B:0A:D4:3A:2C:9C:53:A8:3A:39:9A
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       4BC9C2AA1D1B1F729FB7D81A963F4A888105F8AC
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213568.roa
Signing time:             Tue 05 Aug 2025 07:12:27 +0000
ROA not before:           Tue 05 Aug 2025 07:07:27 +0000
ROA not after:            Tue 04 Aug 2026 07:12:27 +0000
asID:                     213568
IP address blocks:        92.249.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:c9:c2:aa:1d:1b:1f:72:9f:b7:d8:1a:96:3f:4a:88:81:05:f8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Aug  5 07:07:27 2025 GMT
            Not After : Aug  4 07:12:27 2026 GMT
        Subject: CN=B32F83EC4AC8F5B9B57B0AD43A2C9C53A83A399A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0c:40:c3:cd:f1:05:8b:c2:f4:71:82:22:16:
                    eb:18:ba:24:76:3b:ba:05:75:44:4d:57:7c:1f:f1:
                    43:bd:0c:10:c3:74:42:29:30:bf:e8:56:6a:ac:d4:
                    78:4e:86:7a:b8:07:c6:e3:72:70:70:57:fe:40:d6:
                    27:e2:a4:b7:14:13:23:91:da:86:bf:c9:6c:a0:ff:
                    76:c9:c2:3a:62:5a:eb:57:fc:21:91:e7:7a:0d:d8:
                    21:ca:a2:6e:e9:99:a2:5e:06:37:6c:84:d3:5a:8c:
                    46:b4:09:f9:29:6e:32:0f:07:24:25:65:4c:d4:91:
                    88:fa:42:1d:1c:3b:58:e4:c6:cf:5e:d0:60:05:ed:
                    97:a3:9f:05:a6:3f:41:40:68:f8:17:7f:46:f2:fd:
                    88:81:b2:25:8f:e9:6f:b1:c2:7b:fa:f0:e9:db:c8:
                    64:b6:42:8f:1a:d6:6a:19:97:8c:88:5d:35:63:27:
                    fd:10:d9:fa:2d:da:55:79:e2:94:50:68:7e:20:3d:
                    2f:84:d4:98:3d:38:6e:87:e9:bb:a2:7c:3c:76:d6:
                    a9:8a:4e:00:ff:a5:f5:7a:fb:ce:01:bf:fc:6b:ce:
                    77:c3:d0:f0:bf:7b:a2:02:ac:ae:2f:cd:f4:da:1a:
                    f8:0e:b1:41:ec:af:f8:8d:db:7e:c1:dd:e5:cb:d6:
                    a5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:2F:83:EC:4A:C8:F5:B9:B5:7B:0A:D4:3A:2C:9C:53:A8:3A:39:9A
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213568.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:b9:b2:1b:6e:48:47:93:84:e3:33:30:1b:ed:2b:cb:f2:80:
         1d:42:8f:84:47:25:99:6e:f4:e5:5a:f9:6a:6f:04:3e:fe:8e:
         a5:ec:04:67:0f:19:b2:dc:98:58:c0:20:56:b2:6e:33:68:26:
         34:eb:c3:5c:f2:3d:d7:24:57:4c:0e:a9:00:7f:66:20:4f:56:
         cf:13:73:a6:2b:a2:f2:bd:c0:cb:ca:3d:1b:56:e8:47:6e:37:
         5c:14:16:05:3a:a0:ca:62:93:91:3f:af:6f:0c:e5:0e:a9:d1:
         c9:b1:59:cc:ec:8b:44:97:9c:8c:e9:2a:77:68:ec:f8:fb:5f:
         d1:55:cf:9e:f2:b9:78:ce:dc:f0:26:ae:a3:3b:64:dd:46:47:
         e5:a9:5f:1b:be:0a:5b:ca:41:85:bb:77:b6:86:17:44:f3:eb:
         24:80:75:cd:f2:60:66:98:87:99:63:09:c7:aa:38:66:94:eb:
         9d:5b:08:a3:42:0d:80:81:ed:a2:98:02:6e:b3:19:9e:a1:28:
         2c:35:8b:0b:07:c3:61:1a:e4:1d:b5:7a:c5:9c:2c:89:9a:83:
         19:54:fd:b8:91:c9:f2:a2:ba:c8:85:2c:9e:a1:1f:54:f6:b8:
         a2:7f:d3:94:fc:d3:14:f5:f3:36:9e:81:f3:3a:96:05:85:ae:
         54:7f:6e:b5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS8nCqh0bH3Kft9galj9KiIEF+KwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA4MDUwNzA3MjdaFw0yNjA4MDQwNzEyMjdaMDMxMTAvBgNV
BAMTKEIzMkY4M0VDNEFDOEY1QjlCNTdCMEFENDNBMkM5QzUzQTgzQTM5OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DEDDzfEFi8L0cYIiFusYuiR2
O7oFdURNV3wf8UO9DBDDdEIpML/oVmqs1HhOhnq4B8bjcnBwV/5A1ifipLcUEyOR
2oa/yWyg/3bJwjpiWutX/CGR53oN2CHKom7pmaJeBjdshNNajEa0CfkpbjIPByQl
ZUzUkYj6Qh0cO1jkxs9e0GAF7ZejnwWmP0FAaPgXf0by/YiBsiWP6W+xwnv68Onb
yGS2Qo8a1moZl4yIXTVjJ/0Q2fot2lV54pRQaH4gPS+E1Jg9OG6H6buifDx21qmK
TgD/pfV6+84Bv/xrznfD0PC/e6ICrK4vzfTaGvgOsUHsr/iN237B3eXL1qU3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUsy+D7ErI9bm1ewrUOiycU6g6OZowHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzNTY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPk+
MA0GCSqGSIb3DQEBCwUAA4IBAQC3ubIbbkhHk4TjMzAb7SvL8oAdQo+ERyWZbvTl
WvlqbwQ+/o6l7ARnDxmy3JhYwCBWsm4zaCY068Nc8j3XJFdMDqkAf2YgT1bPE3Om
K6LyvcDLyj0bVuhHbjdcFBYFOqDKYpORP69vDOUOqdHJsVnM7ItEl5yM6Sp3aOz4
+1/RVc+e8rl4ztzwJq6jO2TdRkflqV8bvgpbykGFu3e2hhdE8+skgHXN8mBmmIeZ
YwnHqjhmlOudWwijQg2Age2imAJusxmeoSgsNYsLB8NhGuQdtXrFnCyJmoMZVP24
kcnyorrIhSyeoR9U9riif9OU/NMU9fM2noHzOpYFha5Uf261
-----END CERTIFICATE-----