Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa
File:                     AS209951.roa (raw, json)
Hash identifier:          Rad07JtSqzdFs4WkL71HkdEWoZcjbfZfoZ6DPSdyZpk=
Subject key identifier:   4F:FC:00:E5:B2:AD:33:4A:4C:4A:F4:CA:F9:A2:21:D7:A9:AE:ED:68
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       70F9A020288C8CAF6B4C91524BBC965C10AEC2C3
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa
Signing time:             Sun 06 Jul 2025 09:14:09 +0000
ROA not before:           Sun 06 Jul 2025 09:09:09 +0000
ROA not after:            Sun 05 Jul 2026 09:14:09 +0000
asID:                     209951
IP address blocks:        2a13:9500:a7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 11:01:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:f9:a0:20:28:8c:8c:af:6b:4c:91:52:4b:bc:96:5c:10:ae:c2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul  6 09:09:09 2025 GMT
            Not After : Jul  5 09:14:09 2026 GMT
        Subject: CN=4FFC00E5B2AD334A4C4AF4CAF9A221D7A9AEED68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d8:79:b7:18:4b:38:ad:b6:6b:77:ca:18:a9:
                    fc:2f:a1:be:92:12:c5:04:31:e2:69:a8:10:70:d4:
                    b0:61:b7:23:39:6f:52:35:92:67:53:c6:d5:53:42:
                    cc:29:98:11:3b:61:c6:d4:e2:68:98:77:46:48:9d:
                    b4:6d:81:c9:1c:21:c9:54:89:49:f9:92:d3:e2:68:
                    a2:bb:44:6a:12:f4:7d:a2:84:48:de:5d:81:6e:7e:
                    8b:27:ea:6d:09:c1:5f:9b:c0:84:97:0f:b2:7b:85:
                    ba:97:a6:94:07:8d:4e:f3:bd:d2:ae:b5:e8:38:9f:
                    73:f7:47:3c:3f:bd:9d:40:8a:cb:b8:35:3a:13:b5:
                    13:50:7a:69:d9:34:e0:81:91:66:eb:a1:97:c1:92:
                    d0:58:5e:dc:77:c8:62:e8:45:77:b7:7d:15:92:47:
                    3c:b7:bf:cf:14:80:23:6f:f6:60:fc:e4:e5:3e:18:
                    49:20:15:3c:8e:1e:57:85:8e:d4:78:27:c3:59:5f:
                    d9:6c:8a:4e:4f:97:83:a4:07:1e:59:51:d0:ec:e3:
                    5a:c9:ad:7e:cd:e9:f1:99:8e:52:72:44:04:ca:b0:
                    7f:b2:14:f8:a9:b5:60:ea:54:31:61:e8:b7:0f:77:
                    cd:21:4e:d2:c2:10:36:52:a4:2e:b3:3a:b5:02:b8:
                    65:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FC:00:E5:B2:AD:33:4A:4C:4A:F4:CA:F9:A2:21:D7:A9:AE:ED:68
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:a7::/48

    Signature Algorithm: sha256WithRSAEncryption
         98:0c:e5:31:f7:79:f2:3e:27:da:e9:e8:ed:8c:65:1d:1c:18:
         df:94:fe:70:26:d4:50:76:b6:e8:41:53:7a:3a:57:06:9d:81:
         88:85:c6:d8:83:5a:43:cf:95:00:2d:14:6c:77:13:42:f5:22:
         09:44:d2:b7:2e:a3:ee:25:80:09:c2:83:bc:c6:d9:3f:3a:6a:
         4a:cd:41:8c:17:59:ce:48:10:36:fd:02:b8:c9:f3:63:8b:e8:
         fe:6a:d9:ea:59:8a:fa:bb:4e:7b:3f:53:3c:7a:6e:2b:7d:5c:
         e2:79:9b:f4:07:3a:32:03:59:db:e7:8e:70:63:31:0e:73:8a:
         d1:3c:3b:4d:e9:28:ea:a4:f3:36:5e:ef:78:93:6d:84:94:23:
         8d:0f:30:d1:bf:75:2c:06:ec:fb:fc:1e:1f:8e:3f:6e:ac:0e:
         75:d1:a8:a0:cd:69:8e:c2:e5:e0:4d:e6:ec:f8:10:a8:ec:c4:
         71:c4:2e:13:47:ca:b9:b8:34:a7:eb:ad:1b:bd:81:98:a9:ef:
         1a:e1:bc:0d:f1:83:d5:c3:24:4e:c8:a6:b3:99:2b:e1:7d:41:
         40:1e:b5:87:02:51:72:1f:92:e0:30:a3:50:91:55:75:57:91:
         c9:f8:24:fc:48:e9:75:c6:2e:c7:19:7b:e4:d4:fd:e4:9d:73:
         ab:99:22:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcPmgICiMjK9rTJFSS7yWXBCuwsMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MDYwOTA5MDlaFw0yNjA3MDUwOTE0MDlaMDMxMTAvBgNV
BAMTKDRGRkMwMEU1QjJBRDMzNEE0QzRBRjRDQUY5QTIyMUQ3QTlBRUVENjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf2Hm3GEs4rbZrd8oYqfwvob6S
EsUEMeJpqBBw1LBhtyM5b1I1kmdTxtVTQswpmBE7YcbU4miYd0ZInbRtgckcIclU
iUn5ktPiaKK7RGoS9H2ihEjeXYFufosn6m0JwV+bwISXD7J7hbqXppQHjU7zvdKu
teg4n3P3Rzw/vZ1Aisu4NToTtRNQemnZNOCBkWbroZfBktBYXtx3yGLoRXe3fRWS
Rzy3v88UgCNv9mD85OU+GEkgFTyOHleFjtR4J8NZX9lsik5Pl4OkBx5ZUdDs41rJ
rX7N6fGZjlJyRATKsH+yFPiptWDqVDFh6LcPd80hTtLCEDZSpC6zOrUCuGW7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUT/wA5bKtM0pMSvTK+aIh16mu7WgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5OTUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AACnMA0GCSqGSIb3DQEBCwUAA4IBAQCYDOUx93nyPifa6ejtjGUdHBjflP5wJtRQ
drboQVN6OlcGnYGIhcbYg1pDz5UALRRsdxNC9SIJRNK3LqPuJYAJwoO8xtk/OmpK
zUGMF1nOSBA2/QK4yfNji+j+atnqWYr6u057P1M8em4rfVzieZv0BzoyA1nb545w
YzEOc4rRPDtN6SjqpPM2Xu94k22ElCONDzDRv3UsBuz7/B4fjj9urA510aigzWmO
wuXgTebs+BCo7MRxxC4TR8q5uDSn660bvYGYqe8a4bwN8YPVwyROyKazmSvhfUFA
HrWHAlFyH5LgMKNQkVV1V5HJ+CT8SOl1xi7HGXvk1P3knXOrmSIk
-----END CERTIFICATE-----