Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207675.roa
File:                     AS207675.roa (raw, json)
Hash identifier:          ORcxg1ChkIj3B/9rsHyNtIcOERuHYlZYC7TaF3jBu54=
Subject key identifier:   44:D2:75:CF:6D:66:C5:C1:0F:50:F4:7D:55:CC:FE:EC:89:29:95:9C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5238D8B4541585C1934AAC5A68B7E6A140AB1009
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207675.roa
Signing time:             Mon 02 Jun 2025 16:10:52 +0000
ROA not before:           Mon 02 Jun 2025 16:05:52 +0000
ROA not after:            Mon 01 Jun 2026 16:10:52 +0000
asID:                     207675
IP address blocks:        2a13:9500:52::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:38:d8:b4:54:15:85:c1:93:4a:ac:5a:68:b7:e6:a1:40:ab:10:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  2 16:05:52 2025 GMT
            Not After : Jun  1 16:10:52 2026 GMT
        Subject: CN=44D275CF6D66C5C10F50F47D55CCFEEC8929959C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:08:6b:a3:f3:e9:62:6f:db:d1:9a:96:b0:8c:
                    a5:db:7b:84:0f:7a:74:66:de:18:00:70:c4:42:5f:
                    25:a3:5b:06:38:ba:f1:27:81:33:b6:fc:7b:35:30:
                    06:d6:81:1b:4e:a7:d2:dc:b6:b8:2e:61:f1:90:fe:
                    60:74:32:3a:b6:3a:80:d2:e7:e4:26:98:4d:f8:3e:
                    46:74:b5:26:27:15:c3:40:e8:70:42:cc:2b:c9:c5:
                    9b:8e:d5:a2:f6:e8:43:94:08:93:b9:3f:28:c9:97:
                    46:0e:67:a3:ae:74:dc:01:40:28:28:38:af:a9:ca:
                    b4:40:df:3c:7e:35:57:97:f0:0d:63:02:2c:c4:74:
                    15:fe:fa:9b:42:86:e9:e7:f4:80:74:15:4a:8f:cf:
                    8a:89:fa:c1:09:b4:47:dd:33:3b:67:93:73:ce:2c:
                    d5:50:5e:00:f6:80:d7:b5:ea:93:ee:a2:64:21:3c:
                    02:80:01:ba:2f:f7:d4:b7:d6:b3:e6:26:11:68:13:
                    78:f6:1c:13:17:ce:3b:97:1a:0b:b1:72:49:4b:d1:
                    16:22:d0:4b:f3:7a:19:97:d5:7b:16:14:14:ca:e2:
                    ef:65:b5:0d:38:59:33:6b:d8:4c:4c:90:45:a1:7f:
                    f2:ea:25:53:af:5d:0f:f2:06:e9:5b:58:29:c4:f9:
                    ad:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D2:75:CF:6D:66:C5:C1:0F:50:F4:7D:55:CC:FE:EC:89:29:95:9C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207675.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:52::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:e2:94:93:f1:34:57:2e:ca:da:98:b9:67:25:35:b6:04:e3:
         48:d0:b4:94:b7:d4:e5:8c:f1:71:b1:a1:dc:88:2c:c2:a3:e8:
         24:d3:18:0f:6c:1d:e9:2d:09:85:df:b6:6c:27:fa:78:7c:8d:
         b9:d3:fc:48:2d:a9:ea:1c:44:de:12:5b:39:ea:0f:3c:a8:9f:
         f9:02:46:df:d4:c1:4c:13:b1:fc:01:02:06:fd:55:8a:b1:d9:
         45:f3:f9:8e:3b:80:cf:65:79:b9:06:b8:ee:05:9c:18:5a:e5:
         75:49:f4:3a:c0:d7:3e:cd:b2:25:1a:52:10:32:7f:1f:66:e0:
         39:6d:77:5b:08:26:88:f5:7e:a5:2a:83:0d:f9:a5:c6:3e:e5:
         1c:de:3d:dd:56:63:bc:33:e2:1e:e2:23:ae:45:4a:61:c6:3a:
         b6:21:22:fd:e1:e5:80:df:29:32:a4:e3:fb:d5:c9:cf:83:30:
         f4:7c:6f:de:21:7f:49:4f:e8:16:c0:c1:4b:c4:1e:fc:8b:70:
         44:71:53:65:57:fd:87:ff:56:83:ec:28:c4:4c:77:5d:b3:1d:
         13:36:8b:4a:e0:d9:e8:65:0d:c1:a7:c6:87:ce:c3:0e:12:71:
         7a:30:46:ca:d1:96:1b:e4:1f:b6:da:9c:5c:61:c6:00:86:71:
         aa:b3:40:c1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUjjYtFQVhcGTSqxaaLfmoUCrEAkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MDIxNjA1NTJaFw0yNjA2MDExNjEwNTJaMDMxMTAvBgNV
BAMTKDQ0RDI3NUNGNkQ2NkM1QzEwRjUwRjQ3RDU1Q0NGRUVDODkyOTk1OUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZCGuj8+lib9vRmpawjKXbe4QP
enRm3hgAcMRCXyWjWwY4uvEngTO2/Hs1MAbWgRtOp9LctrguYfGQ/mB0Mjq2OoDS
5+QmmE34PkZ0tSYnFcNA6HBCzCvJxZuO1aL26EOUCJO5PyjJl0YOZ6OudNwBQCgo
OK+pyrRA3zx+NVeX8A1jAizEdBX++ptChunn9IB0FUqPz4qJ+sEJtEfdMztnk3PO
LNVQXgD2gNe16pPuomQhPAKAAbov99S31rPmJhFoE3j2HBMXzjuXGguxcklL0RYi
0EvzehmX1XsWFBTK4u9ltQ04WTNr2ExMkEWhf/LqJVOvXQ/yBulbWCnE+a0VAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURNJ1z21mxcEPUPR9Vcz+7IkplZwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3Njc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABSMA0GCSqGSIb3DQEBCwUAA4IBAQAI4pST8TRXLsramLlnJTW2BONI0LSUt9Tl
jPFxsaHciCzCo+gk0xgPbB3pLQmF37ZsJ/p4fI250/xILanqHETeEls56g88qJ/5
Akbf1MFME7H8AQIG/VWKsdlF8/mOO4DPZXm5BrjuBZwYWuV1SfQ6wNc+zbIlGlIQ
Mn8fZuA5bXdbCCaI9X6lKoMN+aXGPuUc3j3dVmO8M+Ie4iOuRUphxjq2ISL94eWA
3ykypOP71cnPgzD0fG/eIX9JT+gWwMFLxB78i3BEcVNlV/2H/1aD7CjETHddsx0T
NotK4NnoZQ3Bp8aHzsMOEnF6MEbK0ZYb5B+22pxcYcYAhnGqs0DB
-----END CERTIFICATE-----