Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205809.roa
File:                     AS205809.roa (raw, json)
Hash identifier:          kuaggSVYuTWwuVT8jpW9VLYyGFWf9Lhd5xSxDnS88cE=
Subject key identifier:   F1:DD:63:DD:C7:EB:27:F2:50:BA:B5:1B:91:51:66:01:A7:BC:41:78
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       60110DEAF3C9E979D5CD47308E28484A7568EB4D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205809.roa
Signing time:             Tue 14 Jan 2025 22:55:57 +0000
ROA not before:           Tue 14 Jan 2025 22:50:57 +0000
ROA not after:            Tue 13 Jan 2026 22:55:57 +0000
asID:                     205809
IP address blocks:        82.29.203.0/24 maxlen: 24
                          82.29.204.0/24 maxlen: 24
                          82.29.205.0/24 maxlen: 24
                          82.29.206.0/24 maxlen: 24
                          82.29.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:11:0d:ea:f3:c9:e9:79:d5:cd:47:30:8e:28:48:4a:75:68:eb:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 14 22:50:57 2025 GMT
            Not After : Jan 13 22:55:57 2026 GMT
        Subject: CN=F1DD63DDC7EB27F250BAB51B91516601A7BC4178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:58:24:ad:30:77:60:88:b1:1b:b3:56:65:85:
                    97:bb:85:4a:e2:28:b4:61:42:5a:16:be:af:70:a1:
                    3f:74:69:95:56:62:f4:ac:4c:29:c2:63:8e:4d:d5:
                    eb:dd:96:ca:3a:9e:92:c2:65:fc:9c:cc:9b:93:a2:
                    cd:2c:12:31:38:07:b7:b0:b0:12:a6:ee:4b:e3:a7:
                    00:e2:2b:54:7d:fc:9c:f5:c6:58:e0:03:ee:f5:00:
                    c8:4c:2c:ed:bf:46:d9:71:3a:c2:65:cf:d9:43:80:
                    e8:55:17:d4:38:f5:38:01:7f:1a:4d:e9:d9:9e:ce:
                    73:10:d2:7b:3c:84:f5:13:38:3a:6e:c2:e9:f1:f4:
                    79:fd:7b:20:9c:9a:35:54:be:30:ed:46:4f:70:19:
                    0a:c0:27:0b:49:84:ae:36:b3:ac:6c:89:9c:56:2f:
                    fd:b0:13:98:bc:b0:3a:93:b4:2b:13:67:98:d8:9d:
                    fc:37:6e:b3:c2:2d:a7:fe:cc:94:9d:b6:9b:fb:d3:
                    6d:bb:21:1c:9c:df:de:ad:c8:c8:92:96:4e:f8:49:
                    60:eb:62:0e:7c:c1:1b:74:5d:9f:58:0a:0e:2a:f9:
                    86:2e:71:06:53:50:33:eb:ec:10:1f:fc:bf:26:f9:
                    84:b0:5c:96:61:22:e0:d6:96:73:91:e4:cc:32:c9:
                    dc:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:DD:63:DD:C7:EB:27:F2:50:BA:B5:1B:91:51:66:01:A7:BC:41:78
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS205809.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.203.0-82.29.207.255

    Signature Algorithm: sha256WithRSAEncryption
         16:28:9c:1f:01:c3:58:93:c5:15:27:ce:0f:de:ea:1c:52:1c:
         b1:6c:69:db:70:ac:b7:2a:77:78:08:6f:93:1e:cc:1f:f6:68:
         bd:47:5b:ea:d0:9b:2c:86:20:22:4d:8b:b2:e1:3e:e6:cb:67:
         f9:f2:c3:6e:86:54:0e:83:39:2c:94:3d:6e:3b:86:4b:8b:87:
         9e:99:9a:3d:cb:17:01:b2:b1:0e:d7:65:b2:78:1b:84:02:1c:
         51:09:43:98:01:25:0e:9c:70:b3:f0:ce:5c:72:ab:0b:0b:83:
         d3:4b:0c:b4:83:97:f4:0e:0d:89:a8:54:e0:bd:f4:14:ee:5b:
         0c:1f:04:18:99:f9:bd:f4:cb:15:c4:d3:18:e8:d0:d4:54:ea:
         86:b4:9c:a0:ef:e0:91:9e:61:1f:6a:dd:8d:aa:db:af:36:23:
         95:8f:08:3a:e6:7c:74:f4:79:31:3b:31:f3:9e:38:09:63:4f:
         54:91:eb:59:d4:5c:77:49:67:43:aa:62:ab:fc:32:3f:e2:de:
         00:fc:ce:c2:53:25:e4:c2:e8:4c:88:14:30:35:df:f1:8e:b1:
         ca:0c:9f:d3:a0:c5:28:f6:a3:71:ed:69:6b:71:32:e4:8e:f1:
         d5:f3:fc:fd:35:88:c7:74:61:53:be:05:23:8b:57:5a:91:80:
         8e:59:83:78
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUYBEN6vPJ6XnVzUcwjihISnVo600wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMTQyMjUwNTdaFw0yNjAxMTMyMjU1NTdaMDMxMTAvBgNV
BAMTKEYxREQ2M0REQzdFQjI3RjI1MEJBQjUxQjkxNTE2NjAxQTdCQzQxNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2WCStMHdgiLEbs1ZlhZe7hUri
KLRhQloWvq9woT90aZVWYvSsTCnCY45N1evdlso6npLCZfyczJuTos0sEjE4B7ew
sBKm7kvjpwDiK1R9/Jz1xljgA+71AMhMLO2/RtlxOsJlz9lDgOhVF9Q49TgBfxpN
6dmeznMQ0ns8hPUTODpuwunx9Hn9eyCcmjVUvjDtRk9wGQrAJwtJhK42s6xsiZxW
L/2wE5i8sDqTtCsTZ5jYnfw3brPCLaf+zJSdtpv70227IRyc396tyMiSlk74SWDr
Yg58wRt0XZ9YCg4q+YYucQZTUDPr7BAf/L8m+YSwXJZhIuDWlnOR5MwyydxPAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQU8d1j3cfrJ/JQurUbkVFmAae8QXgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA1ODA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABS
HcsDBARSHcAwDQYJKoZIhvcNAQELBQADggEBABYonB8Bw1iTxRUnzg/e6hxSHLFs
adtwrLcqd3gIb5MezB/2aL1HW+rQmyyGICJNi7LhPubLZ/nyw26GVA6DOSyUPW47
hkuLh56Zmj3LFwGysQ7XZbJ4G4QCHFEJQ5gBJQ6ccLPwzlxyqwsLg9NLDLSDl/QO
DYmoVOC99BTuWwwfBBiZ+b30yxXE0xjo0NRU6oa0nKDv4JGeYR9q3Y2q2682I5WP
CDrmfHT0eTE7MfOeOAljT1SR61nUXHdJZ0OqYqv8Mj/i3gD8zsJTJeTC6EyIFDA1
3/GOscoMn9OgxSj2o3HtaWtxMuSO8dXz/P01iMd0YVO+BSOLV1qRgI5Zg3g=
-----END CERTIFICATE-----