Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208483.roa
File:                     AS208483.roa (raw, json)
Hash identifier:          tS6fRKCpOGhKZCSbeLPJArOS05wAGFNzdRT1TkdmkjU=
Subject key identifier:   5A:A2:1F:BF:86:29:9F:E4:03:59:E3:12:11:59:4B:CA:BB:F9:A7:0A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2478111E5CD766F0A38937BBD193D8BDF576E3A9
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208483.roa
Signing time:             Sat 21 Jun 2025 16:34:05 +0000
ROA not before:           Sat 21 Jun 2025 16:29:05 +0000
ROA not after:            Sat 20 Jun 2026 16:34:05 +0000
asID:                     208483
IP address blocks:        2a13:9500:99::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 11:27:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:78:11:1e:5c:d7:66:f0:a3:89:37:bb:d1:93:d8:bd:f5:76:e3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 21 16:29:05 2025 GMT
            Not After : Jun 20 16:34:05 2026 GMT
        Subject: CN=5AA21FBF86299FE40359E31211594BCABBF9A70A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:cf:d8:87:47:79:9f:7f:6b:74:9c:b7:99:25:
                    bc:a5:af:dc:5b:c8:43:96:da:0c:2b:f2:e1:7d:0e:
                    18:3e:e2:da:20:50:34:63:ff:3a:96:c9:66:2f:92:
                    a0:e2:08:4a:a2:f4:35:19:56:03:bd:d5:ec:5b:17:
                    94:fd:4b:61:cb:61:6d:2f:3f:9d:12:4e:cc:26:ae:
                    e1:48:a3:b7:9e:06:ee:0b:0c:6f:94:28:dd:3d:ab:
                    0c:d1:9d:44:3a:d9:81:e0:90:27:00:fc:2a:83:d2:
                    21:50:de:6b:37:54:53:cf:aa:33:4c:dc:ea:1f:78:
                    67:80:d6:52:35:21:db:2d:94:04:ee:72:70:9f:f6:
                    ac:0f:8b:1e:ae:36:94:06:97:30:d7:4b:8f:e2:2f:
                    c3:3c:91:7a:40:02:39:3d:ba:a6:4b:e8:76:98:b9:
                    26:dd:65:d4:44:06:ec:8f:b8:32:67:80:ad:0f:bd:
                    68:df:2a:70:b9:49:ff:dd:ef:79:db:9f:c7:9c:20:
                    ff:64:a9:17:59:90:01:52:6f:66:c2:7d:a7:04:d1:
                    19:6a:f2:f4:89:31:60:51:85:e2:81:00:22:85:8f:
                    60:0c:88:26:65:11:b5:30:ad:49:cd:9a:3d:35:14:
                    94:a0:ce:dd:d3:11:23:ed:e5:81:1c:17:40:1d:36:
                    0d:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:A2:1F:BF:86:29:9F:E4:03:59:E3:12:11:59:4B:CA:BB:F9:A7:0A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:99::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:fb:47:50:38:da:3c:0c:34:b0:3b:d7:67:9b:8a:b6:72:cf:
         3b:07:0a:4e:0d:c0:4f:3d:5b:cb:f9:57:47:a7:1a:62:e4:c2:
         64:2f:b5:b1:68:7d:dc:30:ab:97:98:55:31:9e:f5:2e:1b:a3:
         4a:14:8a:54:c6:03:d1:48:f8:23:b0:8f:24:5a:f4:e7:09:f8:
         67:ec:96:d7:e8:27:91:e9:d8:60:aa:b1:5c:c4:fb:07:46:2f:
         96:cb:90:bd:67:ec:27:cf:8c:9e:99:a2:5c:7c:4c:b8:b8:8c:
         93:4b:5e:2f:ce:e6:bc:b8:7b:92:b0:05:ca:49:ad:dc:87:50:
         51:09:07:ff:f5:3a:f7:8b:5e:9f:3b:24:da:7d:f1:3d:e2:65:
         4c:7e:b9:cc:25:10:c9:fc:61:fc:4a:96:a6:e6:21:bf:ca:5c:
         66:dd:e8:6c:a3:70:5e:5e:5c:06:6d:69:79:bd:20:a3:05:01:
         32:09:97:b1:ed:ec:32:ee:2d:fe:78:70:8d:88:ec:03:eb:02:
         78:64:40:bf:2f:51:05:da:5c:5d:99:fc:31:0f:94:9c:73:3f:
         13:81:ba:18:51:2a:f8:42:24:77:a9:39:6e:3a:db:78:3e:9e:
         e2:72:aa:1b:e3:77:19:1d:c9:01:bb:9c:37:fa:53:28:26:5a:
         74:47:a3:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUJHgRHlzXZvCjiTe70ZPYvfV246kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MjExNjI5MDVaFw0yNjA2MjAxNjM0MDVaMDMxMTAvBgNV
BAMTKDVBQTIxRkJGODYyOTlGRTQwMzU5RTMxMjExNTk0QkNBQkJGOUE3MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZz9iHR3mff2t0nLeZJbylr9xb
yEOW2gwr8uF9Dhg+4togUDRj/zqWyWYvkqDiCEqi9DUZVgO91exbF5T9S2HLYW0v
P50STswmruFIo7eeBu4LDG+UKN09qwzRnUQ62YHgkCcA/CqD0iFQ3ms3VFPPqjNM
3OofeGeA1lI1IdstlATucnCf9qwPix6uNpQGlzDXS4/iL8M8kXpAAjk9uqZL6HaY
uSbdZdREBuyPuDJngK0PvWjfKnC5Sf/d73nbn8ecIP9kqRdZkAFSb2bCfacE0Rlq
8vSJMWBRheKBACKFj2AMiCZlEbUwrUnNmj01FJSgzt3TESPt5YEcF0AdNg1rAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUWqIfv4Ypn+QDWeMSEVlLyrv5pwowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACZMA0GCSqGSIb3DQEBCwUAA4IBAQA4+0dQONo8DDSwO9dnm4q2cs87BwpODcBP
PVvL+VdHpxpi5MJkL7WxaH3cMKuXmFUxnvUuG6NKFIpUxgPRSPgjsI8kWvTnCfhn
7JbX6CeR6dhgqrFcxPsHRi+Wy5C9Z+wnz4yemaJcfEy4uIyTS14vzua8uHuSsAXK
Sa3ch1BRCQf/9Tr3i16fOyTaffE94mVMfrnMJRDJ/GH8Spam5iG/ylxm3ehso3Be
XlwGbWl5vSCjBQEyCZex7ewy7i3+eHCNiOwD6wJ4ZEC/L1EF2lxdmfwxD5Sccz8T
gboYUSr4QiR3qTluOtt4Pp7icqob43cZHckBu5w3+lMoJlp0R6P4
-----END CERTIFICATE-----