Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
File:                     AS213730.roa (raw, json)
Hash identifier:          /p2MmDaA74UK8k3t1qltkn/QW03mlzX6L4b2zP0EzU0=
Subject key identifier:   44:1D:B0:EE:B6:C1:6C:BF:95:3D:DF:9A:24:91:37:D1:AE:49:AC:B8
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3B3E7D49CD11D0428DF313D1AD3D8D9FB50B35B5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
Signing time:             Fri 06 Jun 2025 09:08:53 +0000
ROA not before:           Fri 06 Jun 2025 09:03:53 +0000
ROA not after:            Fri 05 Jun 2026 09:08:53 +0000
asID:                     213730
IP address blocks:        46.203.248.0/24 maxlen: 24
                          95.134.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 18:29:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:3e:7d:49:cd:11:d0:42:8d:f3:13:d1:ad:3d:8d:9f:b5:0b:35:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  6 09:03:53 2025 GMT
            Not After : Jun  5 09:08:53 2026 GMT
        Subject: CN=441DB0EEB6C16CBF953DDF9A249137D1AE49ACB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f5:ed:0e:50:3b:8b:ae:4c:f7:8c:67:d7:50:
                    33:c1:89:c4:33:da:f3:f0:fe:64:70:1c:aa:94:4c:
                    26:43:63:46:05:64:4d:45:2a:2a:07:f2:0a:9e:1f:
                    e1:91:ca:22:10:33:53:cd:ff:b1:fd:61:e8:41:f9:
                    3c:21:91:7c:35:d0:b0:6b:a6:ea:ea:22:3e:44:77:
                    34:4a:83:fb:a4:96:a5:a1:34:96:6f:fb:d7:5f:90:
                    a1:8d:a5:71:09:6b:8e:83:8f:58:20:bf:a6:2a:20:
                    df:e7:50:8c:30:93:a6:0c:f6:a9:33:a4:32:d9:cf:
                    db:4d:2d:b1:36:b1:82:94:e3:5a:3c:0e:89:69:ae:
                    b4:54:45:7a:d0:b2:3b:f7:1b:e3:58:46:e0:68:6f:
                    88:db:77:c7:07:66:2b:9c:b2:04:54:53:ee:58:2a:
                    40:5f:d8:f0:04:9e:d8:d1:d8:cc:e3:6a:17:0f:04:
                    33:e1:f6:5b:bf:89:b6:f0:14:3e:65:bb:ca:6b:38:
                    9a:57:98:1b:fc:39:f9:20:52:f7:10:84:8d:85:b8:
                    55:1e:8a:38:38:06:3b:d8:2a:14:00:28:a2:6c:de:
                    b6:ed:d1:71:53:2d:7a:dd:91:2a:dd:ce:cd:e4:00:
                    2a:45:4b:1d:b4:ab:be:b1:95:2b:15:11:84:42:f0:
                    00:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:1D:B0:EE:B6:C1:6C:BF:95:3D:DF:9A:24:91:37:D1:AE:49:AC:B8
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.248.0/24
                  95.134.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c3:8c:df:18:b3:b4:90:2e:32:a2:4c:55:b7:b4:13:74:23:
         61:a9:0b:6a:a4:91:c4:01:86:82:0c:9b:12:8d:a3:6b:66:15:
         5a:c5:28:35:72:ba:ea:52:a5:91:cf:ae:99:7c:6f:f0:6b:e8:
         02:3d:b2:20:c5:9f:36:34:19:32:b1:74:7f:3d:4e:9f:d3:35:
         e4:db:de:57:40:f9:a1:74:83:97:dc:71:11:3c:69:34:17:c0:
         be:29:93:83:15:fe:01:00:12:99:56:c3:ad:28:9b:7e:f2:de:
         90:b5:02:1d:8b:cd:29:bd:5c:ad:e1:f7:0b:ac:29:4b:1a:42:
         25:8e:01:ab:16:dc:44:a2:2c:6c:ce:b5:d1:c9:36:75:59:ac:
         f7:00:b1:66:e3:d5:78:7a:24:bc:b9:4a:86:81:e3:63:96:7a:
         b0:48:59:b4:fa:2e:47:f2:be:3d:35:7c:52:64:56:45:b7:4d:
         10:ea:4a:15:e6:6d:b7:b8:17:61:c6:d9:41:c2:41:16:04:4e:
         97:e1:57:52:1c:2d:31:43:3c:c4:5c:76:62:40:ed:ea:af:e9:
         53:8d:77:5c:97:86:b6:22:25:73:cb:5c:98:1c:bd:be:8d:e9:
         db:6d:c5:0a:50:f7:ab:95:13:af:82:8b:e4:db:85:a6:f7:b8:
         66:e0:8b:03
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUOz59Sc0R0EKN8xPRrT2Nn7ULNbUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MDYwOTAzNTNaFw0yNjA2MDUwOTA4NTNaMDMxMTAvBgNV
BAMTKDQ0MURCMEVFQjZDMTZDQkY5NTNEREY5QTI0OTEzN0QxQUU0OUFDQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDl9e0OUDuLrkz3jGfXUDPBicQz
2vPw/mRwHKqUTCZDY0YFZE1FKioH8gqeH+GRyiIQM1PN/7H9YehB+TwhkXw10LBr
purqIj5EdzRKg/uklqWhNJZv+9dfkKGNpXEJa46Dj1ggv6YqIN/nUIwwk6YM9qkz
pDLZz9tNLbE2sYKU41o8DolprrRURXrQsjv3G+NYRuBob4jbd8cHZiucsgRUU+5Y
KkBf2PAEntjR2MzjahcPBDPh9lu/ibbwFD5lu8prOJpXmBv8OfkgUvcQhI2FuFUe
ijg4BjvYKhQAKKJs3rbt0XFTLXrdkSrdzs3kACpFSx20q76xlSsVEYRC8AB7AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQURB2w7rbBbL+VPd+aJJE30a5JrLgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsv4
AwQAX4YFMA0GCSqGSIb3DQEBCwUAA4IBAQCMw4zfGLO0kC4yokxVt7QTdCNhqQtq
pJHEAYaCDJsSjaNrZhVaxSg1crrqUqWRz66ZfG/wa+gCPbIgxZ82NBkysXR/PU6f
0zXk295XQPmhdIOX3HERPGk0F8C+KZODFf4BABKZVsOtKJt+8t6QtQIdi80pvVyt
4fcLrClLGkIljgGrFtxEoixszrXRyTZ1Waz3ALFm49V4eiS8uUqGgeNjlnqwSFm0
+i5H8r49NXxSZFZFt00Q6koV5m23uBdhxtlBwkEWBE6X4VdSHC0xQzzEXHZiQO3q
r+lTjXdcl4a2IiVzy1yYHL2+jenbbcUKUPerlROvgovk24Wm97hm4IsD
-----END CERTIFICATE-----