Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203905.roa
File:                     AS203905.roa (raw, json)
Hash identifier:          2r8p1yXlFzO5coZtox75pRyjhF3dzSJobZs9A7eWmSo=
Subject key identifier:   8A:2C:DF:A7:B8:8C:3A:43:43:DE:65:89:DE:01:2A:33:A7:60:D3:61
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3644AC43FFE906013BB0850D8BD14763DB98816B
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203905.roa
Signing time:             Thu 23 Apr 2026 11:05:33 +0000
ROA not before:           Thu 23 Apr 2026 11:00:33 +0000
ROA not after:            Thu 22 Apr 2027 11:05:33 +0000
asID:                     203905
IP address blocks:        2a13:9500:169::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 20:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:44:ac:43:ff:e9:06:01:3b:b0:85:0d:8b:d1:47:63:db:98:81:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 23 11:00:33 2026 GMT
            Not After : Apr 22 11:05:33 2027 GMT
        Subject: CN=8A2CDFA7B88C3A4343DE6589DE012A33A760D361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:61:60:54:7f:2b:db:69:6e:c1:15:2d:74:fe:
                    94:da:d1:92:20:87:9e:b8:ba:bb:66:a4:03:31:04:
                    9f:e5:31:3b:b7:5e:77:1d:a7:06:e8:79:b8:31:6f:
                    cc:92:e1:dc:26:f3:18:32:2d:95:5f:05:96:8b:1d:
                    53:29:15:a1:1e:88:0b:78:b0:d7:a5:22:bf:bc:d8:
                    a9:7a:87:52:ba:c9:17:0a:ef:be:ff:35:eb:b8:6e:
                    29:83:fa:0b:f2:6f:0a:cc:a6:cd:7f:c0:ed:2f:3a:
                    f3:6c:83:23:8d:01:05:78:28:1e:8e:ec:1d:11:2b:
                    8c:55:41:6d:4f:4c:a6:cc:43:45:15:5e:a5:98:e2:
                    82:01:ca:1b:92:a6:e3:16:67:77:f3:1b:e1:c3:58:
                    5b:37:33:dd:eb:0e:4b:f7:8c:81:27:5a:5d:01:98:
                    7b:76:ae:a6:2a:bf:5c:59:3f:76:08:aa:f2:32:7c:
                    63:22:3c:45:56:af:6a:2a:88:21:5a:2e:8f:98:af:
                    eb:43:06:ec:85:d6:e9:ad:5f:fd:e7:94:84:af:cd:
                    da:37:63:4e:82:8a:6e:85:c3:cb:29:96:8e:6d:0e:
                    fd:ad:7d:98:b9:4f:24:5b:bf:e4:39:31:c8:a7:c6:
                    d3:06:e0:32:ab:b0:25:03:27:e8:ad:d0:1d:7f:a6:
                    f9:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:2C:DF:A7:B8:8C:3A:43:43:DE:65:89:DE:01:2A:33:A7:60:D3:61
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS203905.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:169::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:25:a2:1d:8a:97:75:ae:31:86:44:24:11:df:45:d2:b4:b2:
         92:4b:86:24:f8:bf:87:91:71:cc:14:9f:4c:83:5a:ad:bb:9e:
         83:77:7c:aa:b4:34:98:7b:d8:e3:63:51:e8:fd:f1:92:08:a7:
         04:75:2c:8c:de:34:05:bd:ff:da:ad:00:74:aa:c8:2f:c2:1c:
         a6:45:55:d6:1d:cf:d3:f3:74:8f:94:71:ae:36:61:65:6e:75:
         7a:df:06:86:2b:53:df:d9:c1:6f:de:59:c5:c8:6c:9c:5b:bc:
         cd:a3:6a:20:6b:d9:d2:0a:7b:83:18:6a:0c:20:6d:61:c0:de:
         45:4f:d4:58:40:7b:b3:93:78:64:dd:3f:65:fa:03:34:54:e0:
         32:af:8e:8d:64:61:8e:ff:17:8a:4a:2e:07:8e:d7:e9:dd:2f:
         28:88:a4:82:04:c3:51:03:a8:f8:4f:6c:35:8a:56:08:f0:4a:
         d9:df:ee:84:37:b2:6e:25:71:1b:14:64:af:e0:28:7b:b9:2d:
         14:16:d2:b8:15:3e:31:d0:04:e9:83:f4:68:ac:22:29:d2:96:
         48:25:1a:f0:00:a0:19:b4:c7:50:44:f1:c1:0d:15:38:32:e3:
         19:34:77:da:d0:be:ec:d5:a5:93:5e:7e:c7:96:0a:25:f0:e9:
         ed:da:78:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNkSsQ//pBgE7sIUNi9FHY9uYgWswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjMxMTAwMzNaFw0yNzA0MjIxMTA1MzNaMDMxMTAvBgNV
BAMTKDhBMkNERkE3Qjg4QzNBNDM0M0RFNjU4OURFMDEyQTMzQTc2MEQzNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYWBUfyvbaW7BFS10/pTa0ZIg
h564urtmpAMxBJ/lMTu3Xncdpwboebgxb8yS4dwm8xgyLZVfBZaLHVMpFaEeiAt4
sNelIr+82Kl6h1K6yRcK777/Neu4bimD+gvybwrMps1/wO0vOvNsgyONAQV4KB6O
7B0RK4xVQW1PTKbMQ0UVXqWY4oIByhuSpuMWZ3fzG+HDWFs3M93rDkv3jIEnWl0B
mHt2rqYqv1xZP3YIqvIyfGMiPEVWr2oqiCFaLo+Yr+tDBuyF1umtX/3nlISvzdo3
Y06Cim6Fw8splo5tDv2tfZi5TyRbv+Q5McinxtMG4DKrsCUDJ+it0B1/pvknAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUiizfp7iMOkND3mWJ3gEqM6dg02EwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAzOTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAFpMA0GCSqGSIb3DQEBCwUAA4IBAQCdJaIdipd1rjGGRCQR30XStLKSS4Yk+L+H
kXHMFJ9Mg1qtu56Dd3yqtDSYe9jjY1Ho/fGSCKcEdSyM3jQFvf/arQB0qsgvwhym
RVXWHc/T83SPlHGuNmFlbnV63waGK1Pf2cFv3lnFyGycW7zNo2oga9nSCnuDGGoM
IG1hwN5FT9RYQHuzk3hk3T9l+gM0VOAyr46NZGGO/xeKSi4Hjtfp3S8oiKSCBMNR
A6j4T2w1ilYI8ErZ3+6EN7JuJXEbFGSv4Ch7uS0UFtK4FT4x0ATpg/RorCIp0pZI
JRrwAKAZtMdQRPHBDRU4MuMZNHfa0L7s1aWTXn7Hlgol8Ont2nj7
-----END CERTIFICATE-----