Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207992.roa
File:                     AS207992.roa (raw, json)
Hash identifier:          yTXgzjpTmAnve2TcCkXAD8DFdXuto8wLI6frclAVOGs=
Subject key identifier:   5E:08:09:9E:46:B8:F7:57:CB:EF:F5:C7:75:01:CE:F7:51:03:DA:79
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       7A991C47C9D7B87F0C2010B5435F32058A57EFDB
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207992.roa
Signing time:             Fri 16 May 2025 18:13:39 +0000
ROA not before:           Fri 16 May 2025 18:08:39 +0000
ROA not after:            Fri 15 May 2026 18:13:39 +0000
asID:                     207992
IP address blocks:        2a13:9500:4b::/48 maxlen: 48
                          2a13:9500:4f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 05:59:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:99:1c:47:c9:d7:b8:7f:0c:20:10:b5:43:5f:32:05:8a:57:ef:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 18:08:39 2025 GMT
            Not After : May 15 18:13:39 2026 GMT
        Subject: CN=5E08099E46B8F757CBEFF5C77501CEF75103DA79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:3c:c3:6f:5e:b6:50:60:72:fb:af:9d:f5:b9:
                    a1:12:42:55:bc:48:6a:15:51:1e:40:52:95:9e:a2:
                    b5:c3:74:74:95:13:f8:40:cc:b7:aa:3e:5a:e4:52:
                    38:fd:ab:64:8b:50:62:ad:32:de:ad:19:55:aa:e2:
                    1d:b1:5d:8c:a0:8c:cd:ba:7a:4f:63:e4:c9:9a:b3:
                    0b:4c:1d:a7:a2:2a:cb:5e:7e:d6:81:7c:ef:a7:8f:
                    e4:e1:97:4b:02:37:7f:f1:7f:03:c2:d5:34:99:37:
                    f7:58:cc:b2:1f:81:b5:74:03:75:33:b7:f4:c4:c8:
                    ed:35:70:63:bc:0f:2b:42:a1:e8:3e:b8:34:63:8d:
                    63:f0:27:27:c1:62:37:c7:8a:1b:86:cd:89:37:40:
                    d9:44:f7:e1:bf:b7:c3:75:cb:74:e3:e0:78:b4:87:
                    2c:90:5b:4d:68:d8:b8:05:4a:3f:eb:dc:a9:6a:af:
                    dc:67:20:ef:e7:dd:c7:f9:f6:cb:ef:35:99:c2:90:
                    40:6c:c6:6c:a1:8c:ba:a8:51:27:e8:67:be:f8:f9:
                    58:24:5d:03:34:af:86:b6:ce:01:3f:cb:fe:df:22:
                    80:94:21:7f:0f:61:62:5f:19:00:8e:a5:ac:9f:db:
                    df:eb:4d:7d:68:01:ae:c7:f7:58:28:7e:a1:92:3b:
                    42:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:08:09:9E:46:B8:F7:57:CB:EF:F5:C7:75:01:CE:F7:51:03:DA:79
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS207992.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:4b::/48
                  2a13:9500:4f::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:cb:01:ce:1e:43:16:b0:76:1c:2b:b0:95:a8:ae:71:32:33:
         62:24:10:14:91:86:89:5e:f6:39:32:20:69:f2:4f:ef:a2:28:
         0e:c9:da:1b:19:21:a1:26:b0:62:48:01:6a:e3:fd:ae:50:9c:
         2b:b3:5c:21:42:98:ea:a4:e5:b7:96:11:8d:14:2d:b8:59:b4:
         0f:6a:92:13:1a:15:94:f3:b8:4e:53:5d:89:36:ac:94:ee:c8:
         f6:a8:d6:11:ca:22:70:89:6c:56:2f:e1:e3:19:6c:7d:9b:35:
         5a:fc:d1:a2:d9:d1:7f:f2:a3:c8:65:ba:2b:7a:7a:33:87:47:
         57:25:f0:b8:79:96:9a:77:96:7d:12:d8:67:34:f2:a2:4f:38:
         51:de:e2:37:59:5c:51:22:6e:4e:df:54:ee:32:3c:18:7a:40:
         9c:40:b7:29:de:b3:0e:9e:49:ce:b9:26:92:dc:ec:30:7e:60:
         8b:fe:44:de:1f:73:5c:6b:4a:bb:0d:2e:94:72:fe:83:f0:8a:
         d7:de:f2:96:17:b5:b0:fc:27:0e:ea:6d:35:83:99:59:05:94:
         25:8a:77:dd:cc:be:f2:24:f3:cf:78:ec:5e:04:e9:62:80:16:
         49:da:05:f3:7a:38:35:20:bf:79:0e:5e:01:2c:ca:f5:dd:40:
         df:f6:45:99
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUepkcR8nXuH8MIBC1Q18yBYpX79swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTYxODA4MzlaFw0yNjA1MTUxODEzMzlaMDMxMTAvBgNV
BAMTKDVFMDgwOTlFNDZCOEY3NTdDQkVGRjVDNzc1MDFDRUY3NTEwM0RBNzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLPMNvXrZQYHL7r531uaESQlW8
SGoVUR5AUpWeorXDdHSVE/hAzLeqPlrkUjj9q2SLUGKtMt6tGVWq4h2xXYygjM26
ek9j5MmaswtMHaeiKsteftaBfO+nj+Thl0sCN3/xfwPC1TSZN/dYzLIfgbV0A3Uz
t/TEyO01cGO8DytCoeg+uDRjjWPwJyfBYjfHihuGzYk3QNlE9+G/t8N1y3Tj4Hi0
hyyQW01o2LgFSj/r3Klqr9xnIO/n3cf59svvNZnCkEBsxmyhjLqoUSfoZ774+Vgk
XQM0r4a2zgE/y/7fIoCUIX8PYWJfGQCOpayf29/rTX1oAa7H91gofqGSO0KBAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUXggJnka491fL7/XHdQHO91ED2nkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA3OTkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhOV
AABLAwcAKhOVAABPMA0GCSqGSIb3DQEBCwUAA4IBAQAGywHOHkMWsHYcK7CVqK5x
MjNiJBAUkYaJXvY5MiBp8k/voigOydobGSGhJrBiSAFq4/2uUJwrs1whQpjqpOW3
lhGNFC24WbQPapITGhWU87hOU12JNqyU7sj2qNYRyiJwiWxWL+HjGWx9mzVa/NGi
2dF/8qPIZborenozh0dXJfC4eZaad5Z9EthnNPKiTzhR3uI3WVxRIm5O31TuMjwY
ekCcQLcp3rMOnknOuSaS3OwwfmCL/kTeH3Nca0q7DS6Ucv6D8IrX3vKWF7Ww/CcO
6m01g5lZBZQlinfdzL7yJPPPeOxeBOligBZJ2gXzejg1IL95Dl4BLMr13UDf9kWZ
-----END CERTIFICATE-----