Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
File:                     AS213730.roa (raw, json)
Hash identifier:          xZX6tk3z5J2kNj6uhK+dx7AoRiH/8F/mgkVc5BvhYnk=
Subject key identifier:   14:7B:0D:C0:36:D8:E0:62:8D:49:FA:92:72:BF:F5:A0:55:51:BD:4C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       164E2DE2508A61BC7F8AF3D31FF1293A50F3D5F7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
Signing time:             Fri 01 Aug 2025 00:03:04 +0000
ROA not before:           Thu 31 Jul 2025 23:58:04 +0000
ROA not after:            Fri 31 Jul 2026 00:03:04 +0000
asID:                     213730
IP address blocks:        46.203.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 11:52:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:4e:2d:e2:50:8a:61:bc:7f:8a:f3:d3:1f:f1:29:3a:50:f3:d5:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 31 23:58:04 2025 GMT
            Not After : Jul 31 00:03:04 2026 GMT
        Subject: CN=147B0DC036D8E0628D49FA9272BFF5A05551BD4C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:81:18:71:5a:a8:43:c7:bd:0a:13:63:57:38:
                    08:21:af:c3:cd:bf:16:a3:c6:06:0c:27:10:53:02:
                    f4:37:47:72:d8:40:de:9c:da:34:20:ed:c7:b4:01:
                    73:96:b0:f0:0c:1d:87:c9:51:d3:24:e3:08:b4:c6:
                    72:76:ba:07:df:72:88:9e:5b:f4:30:b5:3a:27:a5:
                    e2:34:55:cb:6a:bd:f2:2e:b4:61:dd:ed:c2:b0:ae:
                    ed:75:96:01:98:c9:11:62:59:79:25:7f:80:72:38:
                    2e:37:c8:a7:bf:20:47:ad:b3:2e:fa:40:0a:cc:88:
                    4a:6d:c6:2b:f7:5f:f8:92:43:19:16:9c:07:ca:00:
                    f4:01:db:c3:57:48:89:4e:d8:9b:b1:e6:8f:6f:49:
                    59:7f:23:27:a3:77:49:96:ea:ca:9b:c2:47:a7:89:
                    e6:79:69:e6:44:46:34:a1:d2:cc:09:77:fd:57:92:
                    68:6a:ac:be:22:f3:35:8f:fd:8a:0c:9f:e9:af:21:
                    48:68:e3:1a:37:76:f8:9e:9a:3f:3e:57:76:a6:a7:
                    a9:ff:93:2a:1c:43:31:13:2d:39:0b:c0:d4:1c:61:
                    9c:8c:8c:38:37:aa:5f:9a:4e:ad:f4:9e:8a:3a:30:
                    09:d7:c8:90:d1:7f:af:7e:6c:57:94:06:66:e1:c4:
                    60:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7B:0D:C0:36:D8:E0:62:8D:49:FA:92:72:BF:F5:A0:55:51:BD:4C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:ac:8c:0d:b4:b7:28:cd:ea:57:78:f4:5e:a7:d1:49:6b:5c:
         bb:57:5a:b1:39:b0:7e:bf:18:e8:89:06:eb:e6:14:a8:1f:1c:
         59:5e:19:15:ea:1d:c7:37:c1:39:41:2c:02:d2:88:3f:a0:f1:
         75:af:62:8f:18:bf:dd:fc:7a:a7:91:d6:c9:61:10:6f:ee:be:
         53:3e:33:e2:54:c0:71:1d:19:31:49:71:ff:b7:69:e4:02:61:
         44:13:85:df:88:83:d3:22:e5:fd:fc:5a:ab:83:ec:93:45:75:
         b4:1b:29:4c:05:c9:f7:d6:8e:ad:2e:8c:0b:55:ca:a5:d8:e6:
         d2:fd:f5:06:58:1e:1a:03:d2:82:6f:2e:f0:51:a4:52:84:30:
         b3:2b:ce:c9:ab:9c:e3:82:2d:14:bb:5f:6c:cf:fb:bc:55:f4:
         03:28:45:35:5a:e5:90:98:96:6f:bd:d2:a7:e3:81:40:74:2b:
         89:c1:ad:24:67:60:6c:c6:7b:48:b4:74:e0:7e:f4:8e:83:81:
         0b:b9:af:a2:7e:c1:7b:3f:ef:81:33:4d:94:99:58:e5:b3:75:
         ba:f2:01:7f:c7:43:f2:b0:c3:72:c3:28:c5:62:70:f7:fd:1b:
         2b:43:b0:70:db:d3:7f:b7:e1:c3:e4:60:7f:25:57:f7:7c:69:
         4c:db:de:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFk4t4lCKYbx/ivPTH/EpOlDz1fcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MzEyMzU4MDRaFw0yNjA3MzEwMDAzMDRaMDMxMTAvBgNV
BAMTKDE0N0IwREMwMzZEOEUwNjI4RDQ5RkE5MjcyQkZGNUEwNTU1MUJENEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtgRhxWqhDx70KE2NXOAghr8PN
vxajxgYMJxBTAvQ3R3LYQN6c2jQg7ce0AXOWsPAMHYfJUdMk4wi0xnJ2ugffcoie
W/QwtTonpeI0VctqvfIutGHd7cKwru11lgGYyRFiWXklf4ByOC43yKe/IEetsy76
QArMiEptxiv3X/iSQxkWnAfKAPQB28NXSIlO2Jux5o9vSVl/Iyejd0mW6sqbwken
ieZ5aeZERjSh0swJd/1XkmhqrL4i8zWP/YoMn+mvIUho4xo3dviemj8+V3amp6n/
kyocQzETLTkLwNQcYZyMjDg3ql+aTq30noo6MAnXyJDRf69+bFeUBmbhxGATAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFHsNwDbY4GKNSfqScr/1oFVRvUwwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsv4
MA0GCSqGSIb3DQEBCwUAA4IBAQAarIwNtLcozepXePRep9FJa1y7V1qxObB+vxjo
iQbr5hSoHxxZXhkV6h3HN8E5QSwC0og/oPF1r2KPGL/d/HqnkdbJYRBv7r5TPjPi
VMBxHRkxSXH/t2nkAmFEE4XfiIPTIuX9/Fqrg+yTRXW0GylMBcn31o6tLowLVcql
2ObS/fUGWB4aA9KCby7wUaRShDCzK87Jq5zjgi0Uu19sz/u8VfQDKEU1WuWQmJZv
vdKn44FAdCuJwa0kZ2BsxntItHTgfvSOg4ELua+ifsF7P++BM02UmVjls3W68gF/
x0PysMNywyjFYnD3/RsrQ7Bw29N/t+HD5GB/JVf3fGlM2945
-----END CERTIFICATE-----