Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa
File:                     AS208723.roa (raw, json)
Hash identifier:          6ehTgtyVFU+ej4TdozPGXIOlnPzEnEJ8LMSIw9wc8uk=
Subject key identifier:   83:CC:82:AF:14:FF:A9:79:CB:84:F9:E9:0C:B7:A9:8B:B1:37:5B:A3
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       76FC6EA6FA9E20B00D063A691777F42260222F95
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa
Signing time:             Fri 17 Apr 2026 10:47:05 +0000
ROA not before:           Fri 17 Apr 2026 10:42:05 +0000
ROA not after:            Fri 16 Apr 2027 10:47:05 +0000
asID:                     208723
IP address blocks:        2a13:9500:46::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:fc:6e:a6:fa:9e:20:b0:0d:06:3a:69:17:77:f4:22:60:22:2f:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 17 10:42:05 2026 GMT
            Not After : Apr 16 10:47:05 2027 GMT
        Subject: CN=83CC82AF14FFA979CB84F9E90CB7A98BB1375BA3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8b:80:bf:a7:e6:cd:67:df:42:fe:13:6b:63:
                    dc:a9:d4:95:73:bb:de:61:ac:27:7f:94:ec:e3:a1:
                    df:1a:42:8c:9d:e1:99:b9:8d:91:03:80:8d:22:23:
                    b7:8c:59:17:88:e3:2d:cd:f3:07:4b:89:fb:ab:50:
                    1a:b2:38:4d:0d:1e:66:58:53:46:fc:c2:fb:23:16:
                    0f:7a:81:9e:a8:12:c3:36:a5:0e:12:2b:16:78:ec:
                    ed:4d:9d:5d:0d:15:6f:11:05:7d:cf:f2:44:d1:0d:
                    be:1d:f9:86:8f:27:dd:41:35:6c:e7:84:1a:cc:f6:
                    52:93:1f:12:73:fd:c1:aa:1d:ee:93:93:d5:a6:4d:
                    75:86:96:1c:7e:d7:5f:a0:3a:f2:11:a8:ef:61:7a:
                    40:44:24:97:eb:50:29:11:0a:fd:d1:08:53:50:0a:
                    7f:90:5b:7c:ad:8c:7a:90:7f:c9:61:df:bc:a5:3d:
                    82:98:a0:ea:01:9a:7a:76:69:1a:f5:96:bc:94:bf:
                    7e:19:28:0f:02:d5:bb:ee:cb:a4:a8:88:80:2f:f7:
                    3f:00:77:a1:5a:5c:31:c9:df:07:7d:28:d7:9c:67:
                    48:9d:81:fe:d3:6e:61:90:81:7b:37:c1:d1:7d:2e:
                    0c:31:de:fa:83:dc:fd:ff:6c:91:1c:60:b3:5f:f3:
                    b5:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:CC:82:AF:14:FF:A9:79:CB:84:F9:E9:0C:B7:A9:8B:B1:37:5B:A3
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:46::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:1c:5a:2d:56:4f:fa:de:1f:3a:a2:92:ae:97:3b:b5:43:af:
         42:bc:94:c4:0c:06:e6:d5:a9:be:d6:c4:06:3a:06:cb:b7:4a:
         28:7c:62:b8:50:fe:45:16:52:bc:fa:1f:1e:ce:f5:18:60:6f:
         0f:7b:a2:80:a1:f4:3c:2c:dc:b5:3d:0b:fa:c9:60:0d:07:03:
         8d:15:44:bf:fe:df:17:39:be:74:2f:1b:53:61:92:ce:58:85:
         f6:d2:e5:f2:a0:b3:5a:4b:d0:22:0b:f5:8f:76:70:ec:c5:75:
         f1:12:34:60:07:71:1c:4f:07:78:f6:8a:ba:57:86:68:0d:91:
         fb:b3:f3:6f:63:99:af:58:75:2f:09:f0:28:38:c9:45:24:9a:
         57:d1:05:11:f9:b7:1d:18:fd:68:d1:d3:ac:5b:87:7f:c0:11:
         e2:32:78:67:72:65:8b:81:d8:7b:02:35:da:98:0d:b9:7f:be:
         0d:7c:72:f4:66:58:3b:04:63:aa:3d:41:56:e7:de:a2:e7:f7:
         8d:6a:bf:6a:5b:e1:7c:3e:2a:3e:31:f3:b2:12:03:37:82:a5:
         48:d3:5f:84:95:94:68:14:6f:7a:39:f0:2c:9c:0e:51:d6:8f:
         33:0e:bc:ff:d5:d3:6f:d2:41:18:75:52:42:ad:f8:8e:b5:e8:
         87:27:c0:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUdvxupvqeILANBjppF3f0ImAiL5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTcxMDQyMDVaFw0yNzA0MTYxMDQ3MDVaMDMxMTAvBgNV
BAMTKDgzQ0M4MkFGMTRGRkE5NzlDQjg0RjlFOTBDQjdBOThCQjEzNzVCQTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLi4C/p+bNZ99C/hNrY9yp1JVz
u95hrCd/lOzjod8aQoyd4Zm5jZEDgI0iI7eMWReI4y3N8wdLifurUBqyOE0NHmZY
U0b8wvsjFg96gZ6oEsM2pQ4SKxZ47O1NnV0NFW8RBX3P8kTRDb4d+YaPJ91BNWzn
hBrM9lKTHxJz/cGqHe6Tk9WmTXWGlhx+11+gOvIRqO9hekBEJJfrUCkRCv3RCFNQ
Cn+QW3ytjHqQf8lh37ylPYKYoOoBmnp2aRr1lryUv34ZKA8C1bvuy6SoiIAv9z8A
d6FaXDHJ3wd9KNecZ0idgf7TbmGQgXs3wdF9Lgwx3vqD3P3/bJEcYLNf87WDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUg8yCrxT/qXnLhPnpDLepi7E3W6MwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4NzIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABGMA0GCSqGSIb3DQEBCwUAA4IBAQBzHFotVk/63h86opKulzu1Q69CvJTEDAbm
1am+1sQGOgbLt0oofGK4UP5FFlK8+h8ezvUYYG8Pe6KAofQ8LNy1PQv6yWANBwON
FUS//t8XOb50LxtTYZLOWIX20uXyoLNaS9AiC/WPdnDsxXXxEjRgB3EcTwd49oq6
V4ZoDZH7s/NvY5mvWHUvCfAoOMlFJJpX0QUR+bcdGP1o0dOsW4d/wBHiMnhncmWL
gdh7AjXamA25f74NfHL0Zlg7BGOqPUFW596i5/eNar9qW+F8Pio+MfOyEgM3gqVI
01+ElZRoFG96OfAsnA5R1o8zDrz/1dNv0kEYdVJCrfiOteiHJ8DR
-----END CERTIFICATE-----