Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS6698.roa
File:                     AS6698.roa (raw, json)
Hash identifier:          FcQ6TLWxosNGKvxG1iBJIl+osK7COtvyiuYQSkCcuk4=
Subject key identifier:   6A:17:3F:90:62:6B:2B:43:0B:A3:47:2D:D0:01:11:70:E3:05:63:54
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4CE031A95C68CE2216792A17D17705D056C5855F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS6698.roa
Signing time:             Mon 11 May 2026 17:51:10 +0000
ROA not before:           Mon 11 May 2026 17:46:10 +0000
ROA not after:            Mon 10 May 2027 17:51:10 +0000
asID:                     6698
IP address blocks:        178.83.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:e0:31:a9:5c:68:ce:22:16:79:2a:17:d1:77:05:d0:56:c5:85:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 11 17:46:10 2026 GMT
            Not After : May 10 17:51:10 2027 GMT
        Subject: CN=6A173F90626B2B430BA3472DD0011170E3056354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:84:96:5c:55:f4:87:ef:1b:51:e0:fa:dc:1e:
                    e1:9f:14:dc:57:21:9e:f8:bd:0f:c9:43:fd:4a:ef:
                    44:7b:b1:13:5c:66:7a:5f:2b:40:bb:c6:39:c2:96:
                    ff:8e:f3:f6:8c:74:90:23:3a:cd:ca:39:9f:0f:4b:
                    61:7e:cd:f8:63:ec:9f:31:c2:a2:04:80:f4:fe:b4:
                    40:67:c3:43:3c:c1:17:a1:2d:d1:41:50:56:14:d0:
                    95:94:bb:1b:1f:72:fe:0b:60:d0:c3:fe:24:4f:89:
                    fb:b6:0a:e7:43:5c:d8:f5:d3:c8:5d:b4:64:a9:24:
                    71:71:72:57:a6:31:2e:97:94:a7:0e:03:57:46:5b:
                    0f:7a:dc:0e:7f:72:ac:24:d5:c0:65:92:20:d6:d3:
                    fd:af:7b:71:8e:25:9f:af:cd:3d:6f:9c:71:1c:1c:
                    d4:16:3b:f4:2e:e3:54:68:df:5c:99:a4:d5:fc:ff:
                    6a:1e:bb:d5:54:3c:61:86:f7:09:fd:7b:60:aa:0d:
                    fb:72:90:aa:39:59:d6:57:ab:b5:03:14:c6:63:14:
                    9f:08:b3:6d:89:9c:53:64:46:fc:be:e1:26:6f:8b:
                    3b:64:3c:bb:e0:5f:32:7f:94:72:31:2c:4e:ec:49:
                    24:d7:19:00:10:c8:22:71:23:5c:f3:b4:55:1d:d4:
                    35:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:17:3F:90:62:6B:2B:43:0B:A3:47:2D:D0:01:11:70:E3:05:63:54
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS6698.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:96:81:cc:05:b9:37:d1:c3:b7:78:c6:06:b3:91:5c:35:4c:
         96:f3:ad:67:24:f7:cf:eb:24:16:aa:7a:cb:c8:4a:d5:6a:4d:
         13:e6:df:24:bb:8e:89:2f:13:00:f6:56:a0:a6:59:06:c6:36:
         84:37:45:1b:b0:0b:49:80:8c:7d:43:71:f6:33:fd:2e:65:ec:
         05:ad:5c:e3:33:50:f6:52:c0:9e:f4:ad:8e:91:4d:39:6b:6b:
         9d:a8:66:7e:61:b3:aa:d8:44:8d:e1:99:94:e0:17:e2:7d:33:
         cf:b0:ad:e0:9f:8b:9c:da:c5:5f:fb:71:88:ab:70:b9:1f:65:
         6e:fc:6e:e8:59:1f:cf:e4:a4:af:19:c6:c3:8e:66:2d:38:12:
         dc:f1:fe:23:8d:72:3b:25:69:86:51:0f:a8:e2:d9:f9:30:9e:
         92:da:9d:70:53:16:95:0f:a7:d0:bf:f1:7c:65:b1:0c:b0:b2:
         18:de:8c:65:20:51:06:0a:b3:e8:6d:5c:a2:b7:4a:3a:43:fa:
         33:ca:91:5e:09:1c:23:86:e6:a3:04:15:4e:e4:69:bc:fe:3a:
         58:cd:e2:05:00:68:bc:df:eb:e9:75:98:be:09:2c:36:6e:cd:
         61:a2:0f:31:04:d2:5f:6c:57:48:e8:07:56:a3:a0:35:35:88:
         24:3e:1b:01
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUTOAxqVxoziIWeSoX0XcF0FbFhV8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTExNzQ2MTBaFw0yNzA1MTAxNzUxMTBaMDMxMTAvBgNV
BAMTKDZBMTczRjkwNjI2QjJCNDMwQkEzNDcyREQwMDExMTcwRTMwNTYzNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCahJZcVfSH7xtR4PrcHuGfFNxX
IZ74vQ/JQ/1K70R7sRNcZnpfK0C7xjnClv+O8/aMdJAjOs3KOZ8PS2F+zfhj7J8x
wqIEgPT+tEBnw0M8wRehLdFBUFYU0JWUuxsfcv4LYNDD/iRPifu2CudDXNj108hd
tGSpJHFxclemMS6XlKcOA1dGWw963A5/cqwk1cBlkiDW0/2ve3GOJZ+vzT1vnHEc
HNQWO/Qu41Ro31yZpNX8/2oeu9VUPGGG9wn9e2CqDftykKo5WdZXq7UDFMZjFJ8I
s22JnFNkRvy+4SZviztkPLvgXzJ/lHIxLE7sSSTXGQAQyCJxI1zztFUd1DWbAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUahc/kGJrK0MLo0ct0AERcOMFY1QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNjY5OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALJTBTAN
BgkqhkiG9w0BAQsFAAOCAQEAlZaBzAW5N9HDt3jGBrORXDVMlvOtZyT3z+skFqp6
y8hK1WpNE+bfJLuOiS8TAPZWoKZZBsY2hDdFG7ALSYCMfUNx9jP9LmXsBa1c4zNQ
9lLAnvStjpFNOWtrnahmfmGzqthEjeGZlOAX4n0zz7Ct4J+LnNrFX/txiKtwuR9l
bvxu6Fkfz+SkrxnGw45mLTgS3PH+I41yOyVphlEPqOLZ+TCektqdcFMWlQ+n0L/x
fGWxDLCyGN6MZSBRBgqz6G1cordKOkP6M8qRXgkcI4bmowQVTuRpvP46WM3iBQBo
vN/r6XWYvgksNm7NYaIPMQTSX2xXSOgHVqOgNTWIJD4bAQ==
-----END CERTIFICATE-----