Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa
File:                     AS208483.roa (raw, json)
Hash identifier:          yCK+1SR0G9MnLMoIdlsA4lO9kIIhDBcgv0F5Am4KE9U=
Subject key identifier:   EA:16:C2:FF:4D:4E:4A:B4:E0:52:3E:3A:6A:E6:EB:A2:BE:27:13:82
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       66C94EE0FFA67BE2A439105D8D253ADE4A245D36
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa
Signing time:             Mon 30 Jun 2025 13:05:04 +0000
ROA not before:           Mon 30 Jun 2025 13:00:04 +0000
ROA not after:            Mon 29 Jun 2026 13:05:04 +0000
asID:                     208483
IP address blocks:        91.198.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:c9:4e:e0:ff:a6:7b:e2:a4:39:10:5d:8d:25:3a:de:4a:24:5d:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 30 13:00:04 2025 GMT
            Not After : Jun 29 13:05:04 2026 GMT
        Subject: CN=EA16C2FF4D4E4AB4E0523E3A6AE6EBA2BE271382
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:73:34:b2:13:0d:3a:f2:2c:5c:8c:0d:4f:71:
                    17:01:c9:7a:90:f5:8e:43:c7:eb:0b:43:b8:cb:df:
                    12:d6:aa:45:25:f1:5e:d5:1a:02:bd:fe:91:79:e8:
                    0d:6a:b9:0d:46:2e:17:df:ac:8c:1a:e1:54:4b:33:
                    63:50:65:f0:52:55:c7:06:ce:81:df:9b:a5:a3:b3:
                    bc:05:77:c4:26:86:6b:ca:7f:e3:92:ac:dd:d6:44:
                    67:90:03:da:cc:18:8f:a4:43:31:89:62:d9:07:21:
                    30:da:37:f4:13:6f:bc:87:dc:b3:1c:2b:63:13:47:
                    e4:fa:f5:dc:ef:8f:bb:65:a4:95:13:00:64:7d:9f:
                    e1:6c:21:ad:36:b3:50:e1:37:29:f0:50:3f:6b:e5:
                    61:7f:ec:cb:7c:07:3a:82:a4:a8:d1:a1:bb:6d:4e:
                    eb:98:bd:46:e3:c3:e4:6a:f1:2a:6a:cc:39:80:88:
                    a4:db:61:79:d0:3a:92:47:ae:04:ba:c9:8a:71:6b:
                    10:68:88:51:64:27:78:58:bf:65:ed:66:39:f3:4f:
                    57:fd:5b:3e:0c:d6:04:c9:1f:d2:31:63:28:7e:09:
                    3d:f6:a4:bc:51:ac:04:a2:e9:78:b0:3e:5f:0d:e7:
                    f1:ca:ab:e6:4b:76:41:ec:5e:1b:c3:d2:57:47:34:
                    a2:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:16:C2:FF:4D:4E:4A:B4:E0:52:3E:3A:6A:E6:EB:A2:BE:27:13:82
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:68:7b:f8:eb:11:32:a2:2c:05:fc:e6:7b:13:c7:0a:4c:d2:
         61:7f:77:18:29:de:e1:5a:11:90:1a:ae:f7:4b:6a:22:42:d3:
         75:e4:7a:10:f5:0a:d8:1f:f0:59:03:f5:9c:4d:e5:0f:56:ee:
         c7:14:cb:ff:3a:e8:d3:b7:7f:61:a1:c6:c4:5c:33:31:fe:51:
         b5:a4:b9:a3:42:5c:28:cf:08:ed:50:b0:05:32:19:19:92:50:
         7a:de:de:a0:2f:c7:98:b3:97:54:1e:1f:8c:e0:d8:be:7b:14:
         64:9b:0a:ac:b6:02:f2:99:2a:73:01:bc:62:54:60:b9:4a:2d:
         08:52:12:42:0b:f7:77:c1:b3:72:e3:c8:5d:8c:bb:a9:ba:24:
         2f:c8:7b:6a:56:a8:cc:b7:fe:88:a1:3a:e4:46:b0:52:80:29:
         4f:0c:a7:76:b3:45:cb:b7:67:10:12:3c:10:e9:7c:c7:21:d8:
         e4:7a:76:13:09:4e:c0:0a:a8:3f:34:8a:ff:91:03:88:61:f1:
         ff:48:b5:7c:b1:51:e6:a0:ef:ba:af:88:bf:d0:35:68:28:72:
         6e:3d:b1:17:a0:4e:a8:cb:04:7e:16:60:39:3e:64:9c:ae:07:
         68:98:35:f5:3c:4b:ce:51:e4:bc:2b:b9:d9:98:11:3c:48:b3:
         c8:57:20:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZslO4P+me+KkORBdjSU63kokXTYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MzAxMzAwMDRaFw0yNjA2MjkxMzA1MDRaMDMxMTAvBgNV
BAMTKEVBMTZDMkZGNEQ0RTRBQjRFMDUyM0UzQTZBRTZFQkEyQkUyNzEzODIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/czSyEw068ixcjA1PcRcByXqQ
9Y5Dx+sLQ7jL3xLWqkUl8V7VGgK9/pF56A1quQ1GLhffrIwa4VRLM2NQZfBSVccG
zoHfm6Wjs7wFd8QmhmvKf+OSrN3WRGeQA9rMGI+kQzGJYtkHITDaN/QTb7yH3LMc
K2MTR+T69dzvj7tlpJUTAGR9n+FsIa02s1DhNynwUD9r5WF/7Mt8BzqCpKjRobtt
TuuYvUbjw+Rq8SpqzDmAiKTbYXnQOpJHrgS6yYpxaxBoiFFkJ3hYv2XtZjnzT1f9
Wz4M1gTJH9IxYyh+CT32pLxRrASi6XiwPl8N5/HKq+ZLdkHsXhvD0ldHNKLZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6hbC/01OSrTgUj46aubror4nE4IwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZC
MA0GCSqGSIb3DQEBCwUAA4IBAQAbaHv46xEyoiwF/OZ7E8cKTNJhf3cYKd7hWhGQ
Gq73S2oiQtN15HoQ9QrYH/BZA/WcTeUPVu7HFMv/OujTt39hocbEXDMx/lG1pLmj
QlwozwjtULAFMhkZklB63t6gL8eYs5dUHh+M4Ni+exRkmwqstgLymSpzAbxiVGC5
Si0IUhJCC/d3wbNy48hdjLupuiQvyHtqVqjMt/6IoTrkRrBSgClPDKd2s0XLt2cQ
EjwQ6XzHIdjkenYTCU7ACqg/NIr/kQOIYfH/SLV8sVHmoO+6r4i/0DVoKHJuPbEX
oE6oywR+FmA5PmScrgdomDX1PEvOUeS8K7nZmBE8SLPIVyD0
-----END CERTIFICATE-----