Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206735.roa
File:                     AS206735.roa (raw, json)
Hash identifier:          o/Klav9KWDCjwcTh+IQrTqyetUl+wPBWTewGsPYj7bU=
Subject key identifier:   67:3A:F6:33:E8:62:01:3F:10:60:E8:E3:22:E1:AA:8B:66:21:67:45
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       71850CB951A0278D6826B5493A02F256B10E1D0A
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206735.roa
Signing time:             Thu 15 May 2025 10:29:32 +0000
ROA not before:           Thu 15 May 2025 10:24:32 +0000
ROA not after:            Thu 14 May 2026 10:29:32 +0000
asID:                     206735
IP address blocks:        2a13:9500:3f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:85:0c:b9:51:a0:27:8d:68:26:b5:49:3a:02:f2:56:b1:0e:1d:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 15 10:24:32 2025 GMT
            Not After : May 14 10:29:32 2026 GMT
        Subject: CN=673AF633E862013F1060E8E322E1AA8B66216745
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:0f:e8:e3:32:5b:1e:a3:a0:27:f7:a4:c9:26:
                    61:bd:8a:c1:90:0d:65:20:70:59:fc:c9:6c:e2:1a:
                    ff:6e:7e:70:fa:9d:ad:4e:0f:80:c2:40:ef:ba:f6:
                    e8:42:9e:88:63:96:c2:95:9b:fe:2e:35:75:c1:6d:
                    55:eb:fe:00:10:89:5b:97:58:39:7c:52:04:dd:68:
                    27:03:13:b7:be:d3:f7:ed:2b:b3:e4:7c:ed:68:47:
                    99:3c:87:91:31:a7:c5:ce:fd:35:b6:b5:b3:03:ce:
                    6d:96:10:65:99:32:fa:a2:b1:73:94:df:02:7f:bf:
                    74:78:0e:da:bb:8e:d3:e4:bb:75:7e:c7:cd:6d:ea:
                    83:ee:23:74:a4:33:9d:34:9e:9b:ed:a1:79:00:e7:
                    97:6f:af:15:c0:e2:48:8c:39:0e:bf:82:d8:b3:49:
                    12:be:32:bf:0f:34:f5:bf:4c:fd:23:26:5a:aa:1b:
                    64:6d:89:88:18:bf:fc:9c:2b:42:55:6b:75:d5:97:
                    47:d5:a8:03:25:32:d5:db:a7:b7:ae:4f:ba:9d:ee:
                    b9:98:6c:d8:15:7d:c8:1d:fa:28:a3:d6:8d:1b:45:
                    1e:e1:50:e2:d5:01:41:d1:af:32:cd:6f:f2:8a:22:
                    77:e9:c8:75:f5:21:dc:b8:d3:9e:da:0a:81:e6:7e:
                    33:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:3A:F6:33:E8:62:01:3F:10:60:E8:E3:22:E1:AA:8B:66:21:67:45
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS206735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:3f::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:16:1c:a0:cb:4d:8c:6a:e6:9d:87:35:bd:d4:c1:06:d8:23:
         24:da:ab:73:f9:50:44:37:78:18:8f:1b:0a:41:e3:e9:ff:de:
         1f:eb:e1:df:37:34:b7:59:b7:7f:87:36:d5:51:af:00:06:fc:
         43:ea:57:10:8d:cc:e5:28:d3:1b:3b:f4:7b:3f:c5:c8:81:c3:
         0a:f4:bc:89:ff:e8:49:0a:eb:a5:6e:be:10:23:11:7c:9b:73:
         76:00:fd:17:3b:63:26:50:63:4b:b3:86:5f:54:60:af:e0:08:
         4d:62:2c:5b:0d:cf:58:88:8f:18:f9:75:bd:97:53:f1:a5:18:
         8f:0d:14:76:8b:6d:17:16:2e:90:e3:b3:30:fd:00:45:78:84:
         46:90:ec:56:d5:66:db:dc:59:77:64:2d:1e:bf:61:b2:a1:aa:
         b2:f6:52:8b:90:20:ba:8e:96:8a:6d:ce:fa:23:a1:38:bd:a2:
         98:cb:e5:8f:cb:4b:c0:f8:ed:f9:36:ce:96:7e:3b:b1:31:13:
         0d:b3:67:f9:3c:d4:14:39:17:af:aa:0d:f5:cb:28:35:02:e5:
         b8:e9:35:21:ae:a2:34:69:ba:65:bf:80:b5:97:78:52:05:d4:
         24:40:2b:03:f7:bb:f1:4a:61:92:81:94:59:52:3f:63:78:b3:
         30:f2:d4:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcYUMuVGgJ41oJrVJOgLyVrEOHQowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTUxMDI0MzJaFw0yNjA1MTQxMDI5MzJaMDMxMTAvBgNV
BAMTKDY3M0FGNjMzRTg2MjAxM0YxMDYwRThFMzIyRTFBQThCNjYyMTY3NDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+D+jjMlseo6An96TJJmG9isGQ
DWUgcFn8yWziGv9ufnD6na1OD4DCQO+69uhCnohjlsKVm/4uNXXBbVXr/gAQiVuX
WDl8UgTdaCcDE7e+0/ftK7PkfO1oR5k8h5Exp8XO/TW2tbMDzm2WEGWZMvqisXOU
3wJ/v3R4Dtq7jtPku3V+x81t6oPuI3SkM500npvtoXkA55dvrxXA4kiMOQ6/gtiz
SRK+Mr8PNPW/TP0jJlqqG2RtiYgYv/ycK0JVa3XVl0fVqAMlMtXbp7euT7qd7rmY
bNgVfcgd+iij1o0bRR7hUOLVAUHRrzLNb/KKInfpyHX1Idy4057aCoHmfjNvAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUZzr2M+hiAT8QYOjjIuGqi2YhZ0UwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA2NzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAA/MA0GCSqGSIb3DQEBCwUAA4IBAQB7Fhygy02MauadhzW91MEG2CMk2qtz+VBE
N3gYjxsKQePp/94f6+HfNzS3Wbd/hzbVUa8ABvxD6lcQjczlKNMbO/R7P8XIgcMK
9LyJ/+hJCuulbr4QIxF8m3N2AP0XO2MmUGNLs4ZfVGCv4AhNYixbDc9YiI8Y+XW9
l1PxpRiPDRR2i20XFi6Q47Mw/QBFeIRGkOxW1Wbb3Fl3ZC0ev2Gyoaqy9lKLkCC6
jpaKbc76I6E4vaKYy+WPy0vA+O35Ns6WfjuxMRMNs2f5PNQUORevqg31yyg1AuW4
6TUhrqI0abplv4C1l3hSBdQkQCsD97vxSmGSgZRZUj9jeLMw8tRx
-----END CERTIFICATE-----