Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206675.roa
File:                     AS206675.roa (raw, json)
Hash identifier:          aIE0niN4FVwjD4U9+kl1AJXkxHHTiv6yoO8djBk419g=
Subject key identifier:   66:42:12:C6:AD:44:90:33:9E:13:18:47:79:A6:1F:19:B4:CE:9E:9B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       066A6F21CCCBB6881DCEEB4314AE9CDCBC86BBDC
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206675.roa
Signing time:             Thu 19 Mar 2026 11:33:53 +0000
ROA not before:           Thu 19 Mar 2026 11:28:53 +0000
ROA not after:            Thu 18 Mar 2027 11:33:53 +0000
asID:                     206675
IP address blocks:        82.38.46.0/23 maxlen: 24
                          82.38.80.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:6a:6f:21:cc:cb:b6:88:1d:ce:eb:43:14:ae:9c:dc:bc:86:bb:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 19 11:28:53 2026 GMT
            Not After : Mar 18 11:33:53 2027 GMT
        Subject: CN=664212C6AD4490339E13184779A61F19B4CE9E9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f1:7d:fa:dd:78:36:e7:27:41:73:30:f7:f4:
                    e0:f7:33:de:f6:31:40:6a:c5:97:e6:57:37:c0:b3:
                    e6:d6:21:2d:f4:84:e7:5a:22:11:e6:bd:ad:a9:a0:
                    d0:8a:38:e8:d0:fc:74:c8:2c:6c:3b:37:ae:18:61:
                    0c:35:79:d9:57:3d:a6:3c:00:57:74:e4:ea:f0:4b:
                    87:0c:23:20:d1:78:c5:24:8e:42:32:20:99:87:7f:
                    4f:c2:a8:54:06:59:58:84:a0:88:4b:c5:2c:12:13:
                    cc:c3:6d:06:07:90:96:12:07:16:29:55:6f:7b:a4:
                    ad:29:ab:2f:84:5d:df:e2:b5:8c:39:22:eb:c0:21:
                    79:5a:10:1c:7b:42:a2:af:4b:9f:1c:fc:78:4a:4f:
                    62:f4:f6:12:cc:fc:53:04:1b:4d:35:85:57:a3:79:
                    cb:50:5a:a6:a5:cc:0b:8b:37:86:b7:df:2d:1f:08:
                    a3:05:ae:e4:c4:d5:a0:b7:0a:d8:d6:21:52:e7:cd:
                    a3:ed:7a:5f:35:37:7d:1f:0d:78:58:c3:19:47:63:
                    08:0c:b2:5e:37:64:cd:e2:39:c8:a2:82:88:97:88:
                    7f:9d:be:2f:e9:b9:53:a6:da:ce:9b:ab:c5:53:e5:
                    eb:e6:4d:51:39:c2:46:86:e3:20:1a:43:01:ce:23:
                    b6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:42:12:C6:AD:44:90:33:9E:13:18:47:79:A6:1F:19:B4:CE:9E:9B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.38.46.0/23
                  82.38.80.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:a7:29:35:6d:4e:0b:8b:b1:54:7d:00:38:8d:2e:b0:e7:c4:
         92:47:02:d2:b5:0c:85:64:9b:f6:b8:f2:b6:04:39:a4:f5:b8:
         8c:19:1c:9c:62:65:6b:02:73:f3:e7:d4:d5:da:57:24:b8:7b:
         e7:96:f7:18:fa:0d:ae:c0:9d:eb:71:5f:02:d9:09:eb:5f:a4:
         aa:74:1e:fe:b9:6b:4e:a8:36:8f:5d:f6:5d:82:9b:3f:2f:df:
         3b:7b:cd:07:65:87:2b:bd:f8:21:ff:1a:38:73:68:da:7f:81:
         28:ed:00:d4:19:fe:3b:a0:5f:0b:f4:ff:36:2e:76:bd:72:c1:
         85:57:05:e2:ee:17:2a:96:ab:bb:a3:bd:ea:d1:02:7e:9d:1c:
         54:1e:4d:18:44:40:e7:48:2a:b4:e7:98:49:e6:5e:ec:fb:a5:
         b9:84:9a:ed:ae:6c:ae:54:00:47:6d:33:10:9d:98:2c:57:81:
         78:fe:53:05:f8:23:4d:2d:fb:ff:0d:c1:ce:bc:2c:d2:51:c0:
         6e:6b:a5:64:73:08:0a:81:08:f4:f8:8e:c7:34:2c:93:fc:42:
         49:a0:1c:60:b3:45:9d:76:bc:b0:53:19:c5:e6:bc:6c:25:38:
         3b:2a:5b:4a:0f:89:b8:1d:09:bc:95:1d:d1:27:26:bf:59:f1:
         90:85:52:f6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBmpvIczLtogdzutDFK6c3LyGu9wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMTkxMTI4NTNaFw0yNzAzMTgxMTMzNTNaMDMxMTAvBgNV
BAMTKDY2NDIxMkM2QUQ0NDkwMzM5RTEzMTg0Nzc5QTYxRjE5QjRDRTlFOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC18X363Xg25ydBczD39OD3M972
MUBqxZfmVzfAs+bWIS30hOdaIhHmva2poNCKOOjQ/HTILGw7N64YYQw1edlXPaY8
AFd05OrwS4cMIyDReMUkjkIyIJmHf0/CqFQGWViEoIhLxSwSE8zDbQYHkJYSBxYp
VW97pK0pqy+EXd/itYw5IuvAIXlaEBx7QqKvS58c/HhKT2L09hLM/FMEG001hVej
ectQWqalzAuLN4a33y0fCKMFruTE1aC3CtjWIVLnzaPtel81N30fDXhYwxlHYwgM
sl43ZM3iOciigoiXiH+dvi/puVOm2s6bq8VT5evmTVE5wkaG4yAaQwHOI7bbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUZkISxq1EkDOeExhHeaYfGbTOnpswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2Njc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUiYu
AwQBUiZQMA0GCSqGSIb3DQEBCwUAA4IBAQB6pyk1bU4Li7FUfQA4jS6w58SSRwLS
tQyFZJv2uPK2BDmk9biMGRycYmVrAnPz59TV2lckuHvnlvcY+g2uwJ3rcV8C2Qnr
X6SqdB7+uWtOqDaPXfZdgps/L987e80HZYcrvfgh/xo4c2jaf4Eo7QDUGf47oF8L
9P82Lna9csGFVwXi7hcqlqu7o73q0QJ+nRxUHk0YREDnSCq055hJ5l7s+6W5hJrt
rmyuVABHbTMQnZgsV4F4/lMF+CNNLfv/DcHOvCzSUcBua6VkcwgKgQj0+I7HNCyT
/EJJoBxgs0WddrywUxnF5rxsJTg7KltKD4m4HQm8lR3RJya/WfGQhVL2
-----END CERTIFICATE-----