Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213607.roa
File:                     AS213607.roa (raw, json)
Hash identifier:          1bKmjr5DFKyDkKHwjE+DORvHOmZBMKyePPnn5xV9Lpk=
Subject key identifier:   6A:97:55:9B:BD:A4:88:B6:EB:A8:51:F9:8C:A3:5A:4F:71:79:C0:2E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       18A0184D0D0A2045D8D7E1484BE07C0A836DCCE7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213607.roa
Signing time:             Fri 12 Jun 2026 07:48:29 +0000
ROA not before:           Fri 12 Jun 2026 07:43:29 +0000
ROA not after:            Fri 11 Jun 2027 07:48:29 +0000
asID:                     213607
IP address blocks:        178.95.159.0/24 maxlen: 24
                          178.95.200.0/24 maxlen: 24
                          178.95.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a0:18:4d:0d:0a:20:45:d8:d7:e1:48:4b:e0:7c:0a:83:6d:cc:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 12 07:43:29 2026 GMT
            Not After : Jun 11 07:48:29 2027 GMT
        Subject: CN=6A97559BBDA488B6EBA851F98CA35A4F7179C02E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0c:e4:24:da:a0:50:ed:21:44:e4:6e:58:5c:
                    4f:6b:b0:b6:30:89:14:dd:a5:dc:bb:d7:83:db:96:
                    7f:8b:b9:c7:80:59:67:e8:b2:2b:e6:bf:15:39:7b:
                    a2:9e:0e:eb:8e:3c:49:b3:ae:1b:6c:77:7c:de:f1:
                    9c:9a:2b:39:4b:02:38:f2:87:cf:c9:4e:2d:ef:c4:
                    3b:2c:31:65:6f:7b:fb:57:5d:f4:d9:3e:74:55:92:
                    d0:08:08:7f:46:6c:e0:20:4d:06:c8:7f:1d:ec:75:
                    b4:6b:19:98:8e:e8:45:8e:7d:1b:9b:f8:1d:49:97:
                    2c:c2:16:9f:9b:b8:7a:2a:3a:65:8d:b9:c5:f5:d4:
                    a1:ab:0b:59:79:fd:8a:d8:37:a4:94:76:b2:c4:57:
                    da:76:e8:4e:7c:ce:b5:49:89:64:1b:2b:f5:9f:0e:
                    11:90:81:e9:ef:21:70:00:9d:cd:a3:dd:26:7b:2f:
                    b6:8e:34:8c:eb:fa:dc:ad:ce:44:45:17:d2:57:ed:
                    8c:a2:dc:cb:57:bb:5c:a3:81:fd:78:6c:c7:bb:e9:
                    c6:56:1b:38:e1:fe:17:ca:4a:64:92:b6:1e:ee:3b:
                    7a:a3:b7:93:d6:a6:1d:8f:b7:72:d7:91:71:38:64:
                    e9:9a:ae:d3:4b:5e:b2:61:97:7a:9a:e8:04:91:c4:
                    4a:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:97:55:9B:BD:A4:88:B6:EB:A8:51:F9:8C:A3:5A:4F:71:79:C0:2E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213607.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.95.159.0/24
                  178.95.200.0/24
                  178.95.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:80:a0:a3:31:ef:c8:ac:de:81:0b:65:05:ff:ee:50:c5:6d:
         0f:22:58:dd:74:de:90:31:c6:62:ac:d9:a0:69:0f:ed:f2:cf:
         c8:9d:80:3f:05:4e:b0:46:ec:dc:3c:80:85:93:15:db:e4:b7:
         b8:13:f7:94:f5:c8:b3:0f:4c:d9:ba:7d:e2:21:d2:81:91:46:
         a1:30:d0:98:7a:0d:e5:23:18:38:89:9c:da:ab:ee:ac:7a:87:
         9d:98:5f:14:12:27:cc:d3:c7:44:4a:83:6f:1e:7e:b8:ac:b2:
         7d:52:2d:72:1a:3b:76:e1:66:d3:0a:07:26:80:3a:dd:de:1b:
         e4:29:02:a8:fc:3b:6f:dc:f5:b2:05:98:3b:be:5c:a9:17:fb:
         b0:eb:6e:2e:b9:bf:af:ce:09:79:e9:72:6c:90:e6:a9:83:72:
         f5:9a:91:72:e0:db:33:a2:12:b4:f0:38:58:59:00:d8:5a:86:
         d4:46:6e:1f:8e:49:a7:aa:86:d9:0d:dd:a6:93:67:e4:33:1f:
         05:a8:65:8d:6c:82:43:cd:f8:5d:82:99:53:92:ba:22:20:5b:
         64:e1:76:5d:81:4d:f1:d8:03:e9:11:2c:9d:4f:a1:96:f4:e3:
         99:0c:e2:2d:ae:ae:94:c9:a7:b3:fd:c0:fa:16:2c:cc:8a:a8:
         71:59:67:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUGKAYTQ0KIEXY1+FIS+B8CoNtzOcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MTIwNzQzMjlaFw0yNzA2MTEwNzQ4MjlaMDMxMTAvBgNV
BAMTKDZBOTc1NTlCQkRBNDg4QjZFQkE4NTFGOThDQTM1QTRGNzE3OUMwMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiDOQk2qBQ7SFE5G5YXE9rsLYw
iRTdpdy714Pbln+LuceAWWfosivmvxU5e6KeDuuOPEmzrhtsd3ze8ZyaKzlLAjjy
h8/JTi3vxDssMWVve/tXXfTZPnRVktAICH9GbOAgTQbIfx3sdbRrGZiO6EWOfRub
+B1JlyzCFp+buHoqOmWNucX11KGrC1l5/YrYN6SUdrLEV9p26E58zrVJiWQbK/Wf
DhGQgenvIXAAnc2j3SZ7L7aONIzr+tytzkRFF9JX7Yyi3MtXu1yjgf14bMe76cZW
Gzjh/hfKSmSSth7uO3qjt5PWph2Pt3LXkXE4ZOmartNLXrJhl3qa6ASRxEr5AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUapdVm72kiLbrqFH5jKNaT3F5wC4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsl+f
AwQAsl/IAwQAsl/tMA0GCSqGSIb3DQEBCwUAA4IBAQA8gKCjMe/IrN6BC2UF/+5Q
xW0PIljddN6QMcZirNmgaQ/t8s/InYA/BU6wRuzcPICFkxXb5Le4E/eU9cizD0zZ
un3iIdKBkUahMNCYeg3lIxg4iZzaq+6seoedmF8UEifM08dESoNvHn64rLJ9Ui1y
Gjt24WbTCgcmgDrd3hvkKQKo/Dtv3PWyBZg7vlypF/uw624uub+vzgl56XJskOap
g3L1mpFy4NszohK08DhYWQDYWobURm4fjkmnqobZDd2mk2fkMx8FqGWNbIJDzfhd
gplTkroiIFtk4XZdgU3x2APpESydT6GW9OOZDOItrq6Uyaez/cD6FizMiqhxWWfo
-----END CERTIFICATE-----