Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204844.roa
File:                     AS204844.roa (raw, json)
Hash identifier:          XQZ69SjoRYii/4RIyyBB0ITlt9/GbgvU88amB4rtHUc=
Subject key identifier:   9D:94:C5:7C:6B:BA:17:20:06:99:2E:D9:C1:2E:28:95:A3:FF:56:0A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0D75D3CCE34874F153E2E8F345195FBE7D87270F
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204844.roa
Signing time:             Mon 22 Sep 2025 14:32:59 +0000
ROA not before:           Mon 22 Sep 2025 14:27:59 +0000
ROA not after:            Mon 21 Sep 2026 14:32:59 +0000
asID:                     204844
IP address blocks:        2a13:9500:e8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:75:d3:cc:e3:48:74:f1:53:e2:e8:f3:45:19:5f:be:7d:87:27:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 22 14:27:59 2025 GMT
            Not After : Sep 21 14:32:59 2026 GMT
        Subject: CN=9D94C57C6BBA172006992ED9C12E2895A3FF560A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:e2:6e:47:ac:fa:b2:4d:4f:d3:b8:1f:85:03:
                    c3:b4:a8:f0:34:2b:a5:18:89:1a:8e:37:b6:e5:a4:
                    3d:6f:4a:72:51:31:28:9f:07:47:a6:b9:b1:6b:0c:
                    86:6e:43:cb:de:18:bb:2f:0d:b8:84:b0:16:c6:34:
                    b9:5b:51:78:44:66:c0:06:b4:1c:bd:5e:98:e9:a3:
                    b3:1d:be:f0:f0:5a:b6:de:9c:74:b0:40:e0:7e:34:
                    00:d9:0e:67:50:b6:82:ad:67:38:18:e5:43:96:ed:
                    21:19:9e:7c:3e:93:92:19:a3:db:d7:68:4b:f3:b7:
                    88:39:8b:81:43:f9:e7:4a:14:e5:77:64:5d:5f:e1:
                    c7:86:ac:b1:d1:8d:92:72:fc:4b:07:f4:f6:25:97:
                    4b:10:ba:7f:27:05:18:64:f0:84:5e:ab:0a:fc:5c:
                    8b:1d:57:c8:bd:34:26:6d:36:4e:84:89:8b:2d:85:
                    13:10:c0:6a:2a:98:12:b3:ec:ad:ca:15:e8:5e:f6:
                    2d:96:27:01:55:03:47:97:f5:e6:10:de:5d:ad:5c:
                    c0:13:56:5c:40:11:bd:f9:74:e5:6c:15:ee:65:89:
                    d7:92:6d:b9:7e:15:7a:47:d5:77:67:92:c8:3b:a6:
                    32:66:cf:d3:c2:30:4a:a3:02:fd:18:34:70:e8:2a:
                    57:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:94:C5:7C:6B:BA:17:20:06:99:2E:D9:C1:2E:28:95:A3:FF:56:0A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:e8::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:a9:73:1a:fc:08:11:c7:7c:86:56:6d:38:15:a9:74:9c:6d:
         a4:06:c2:39:c6:6f:30:52:1e:ef:52:1b:87:60:b2:6b:a0:a8:
         2a:c6:b9:84:90:fe:e9:c1:b0:c6:37:9d:4f:87:e2:0e:6f:18:
         5b:c6:f5:21:f9:cf:35:5a:05:fa:c9:e5:4b:43:fc:ab:02:66:
         7b:0b:c0:a8:46:e5:cc:67:d4:e8:8d:da:07:b3:da:a8:da:dc:
         91:7c:09:42:68:ea:2b:1b:cf:f7:17:28:f9:f4:95:c2:81:4f:
         13:5c:7e:a8:7b:99:8a:ef:0b:01:28:1f:65:f2:c2:69:69:9a:
         45:d1:88:5f:da:ad:1a:ad:96:a3:bc:56:c1:2c:b9:16:89:91:
         e7:d8:e8:25:c6:89:b9:f1:c8:4f:4c:03:cb:8a:51:c0:46:41:
         a4:03:21:a7:d3:49:62:97:a4:11:a1:12:91:d9:4f:47:1e:e9:
         12:cd:4d:0b:7b:3b:6e:13:a4:8f:af:f7:bc:8b:39:42:de:6e:
         06:af:0c:7c:f4:cb:0e:32:bf:49:9e:7e:f9:1c:20:9e:92:31:
         d1:7b:83:10:78:43:4e:f6:dd:c2:eb:32:b2:f6:47:22:ce:63:
         dc:7c:16:25:0b:02:f1:a7:96:d2:94:9a:a2:5d:8f:68:61:a7:
         8f:52:66:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDXXTzONIdPFT4ujzRRlfvn2HJw8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjIxNDI3NTlaFw0yNjA5MjExNDMyNTlaMDMxMTAvBgNV
BAMTKDlEOTRDNTdDNkJCQTE3MjAwNjk5MkVEOUMxMkUyODk1QTNGRjU2MEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCk4m5HrPqyTU/TuB+FA8O0qPA0
K6UYiRqON7blpD1vSnJRMSifB0emubFrDIZuQ8veGLsvDbiEsBbGNLlbUXhEZsAG
tBy9Xpjpo7MdvvDwWrbenHSwQOB+NADZDmdQtoKtZzgY5UOW7SEZnnw+k5IZo9vX
aEvzt4g5i4FD+edKFOV3ZF1f4ceGrLHRjZJy/EsH9PYll0sQun8nBRhk8IReqwr8
XIsdV8i9NCZtNk6EiYsthRMQwGoqmBKz7K3KFehe9i2WJwFVA0eX9eYQ3l2tXMAT
VlxAEb35dOVsFe5lideSbbl+FXpH1Xdnksg7pjJmz9PCMEqjAv0YNHDoKlcVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUnZTFfGu6FyAGmS7ZwS4olaP/VgowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0ODQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADoMA0GCSqGSIb3DQEBCwUAA4IBAQBZqXMa/AgRx3yGVm04Fal0nG2kBsI5xm8w
Uh7vUhuHYLJroKgqxrmEkP7pwbDGN51Ph+IObxhbxvUh+c81WgX6yeVLQ/yrAmZ7
C8CoRuXMZ9TojdoHs9qo2tyRfAlCaOorG8/3Fyj59JXCgU8TXH6oe5mK7wsBKB9l
8sJpaZpF0Yhf2q0arZajvFbBLLkWiZHn2Oglxom58chPTAPLilHARkGkAyGn00li
l6QRoRKR2U9HHukSzU0LeztuE6SPr/e8izlC3m4Grwx89MsOMr9Jnn75HCCekjHR
e4MQeENO9t3C6zKy9kcizmPcfBYlCwLxp5bSlJqiXY9oYaePUmbd
-----END CERTIFICATE-----