Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa
File:                     AS208723.roa (raw, json)
Hash identifier:          y1783o73s4qH8LrnsWB48pgmoeJEHJTN/d4o/a1OBbA=
Subject key identifier:   0C:5C:C3:0B:F4:1D:30:EE:80:4B:03:F3:07:6D:E1:33:D9:6E:7D:D5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0A95609EC9A6E5ECEA6A89DA4C5ECAEF76292489
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa
Signing time:             Fri 16 May 2025 10:19:37 +0000
ROA not before:           Fri 16 May 2025 10:14:37 +0000
ROA not after:            Fri 15 May 2026 10:19:37 +0000
asID:                     208723
IP address blocks:        2a13:9500:46::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:95:60:9e:c9:a6:e5:ec:ea:6a:89:da:4c:5e:ca:ef:76:29:24:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 16 10:14:37 2025 GMT
            Not After : May 15 10:19:37 2026 GMT
        Subject: CN=0C5CC30BF41D30EE804B03F3076DE133D96E7DD5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c7:65:13:5f:d7:87:5f:c8:d2:5c:cd:43:84:
                    63:56:5e:71:6e:f8:0f:51:40:ed:6d:93:f9:f9:71:
                    f3:54:4a:d3:80:12:67:01:a5:69:31:d2:0b:c8:2c:
                    d2:2a:83:77:33:51:b1:44:f9:1d:8e:21:15:39:18:
                    98:8c:cf:6b:8a:55:3e:c3:57:17:5a:55:6f:59:eb:
                    2e:d5:c3:8b:86:1b:91:54:b8:bd:ab:27:17:30:9b:
                    22:c9:81:79:91:73:98:4a:fc:8e:72:42:99:81:2e:
                    ba:5b:7e:75:2c:ba:ca:9a:b9:27:dc:2c:e2:ad:b0:
                    a3:b8:8b:91:0b:bf:6d:0c:a2:7b:62:95:d9:11:36:
                    5c:17:29:6f:b7:e0:a9:e6:31:6a:17:0d:66:51:7b:
                    5b:d5:b6:c6:23:72:3a:72:a4:0d:9a:f5:15:19:24:
                    c7:a8:8f:80:51:d8:e9:cf:bd:78:74:29:ed:ee:e3:
                    be:ca:a0:54:a5:bc:8a:19:33:f2:73:b1:2c:45:a1:
                    fe:35:ce:61:f1:87:e6:81:53:70:53:2b:19:ea:0d:
                    e2:54:73:7d:27:08:ab:eb:4d:a8:af:e8:c3:4f:f0:
                    0c:05:c8:46:c6:96:56:be:65:0f:91:c8:5b:37:f6:
                    28:a7:91:3b:92:24:26:c4:d1:12:46:83:76:1d:83:
                    96:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:5C:C3:0B:F4:1D:30:EE:80:4B:03:F3:07:6D:E1:33:D9:6E:7D:D5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208723.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:46::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:30:21:8b:87:db:6b:ed:a7:4c:de:95:f7:52:90:b8:b5:f4:
         07:08:7b:ac:df:76:d6:97:e8:84:5c:2f:cc:01:09:da:1f:a6:
         15:4e:ac:f3:b0:a1:69:d7:1e:bd:59:3c:81:64:a1:da:89:41:
         12:f7:7b:e0:b1:51:06:79:8d:2c:46:3c:be:8b:0a:b9:90:06:
         81:01:c1:a8:69:54:1a:c3:49:1a:08:74:81:e3:69:8f:ff:11:
         f5:a0:7e:b4:cc:95:8a:92:72:12:77:7a:4f:94:02:c3:70:57:
         93:db:c3:8c:c1:48:30:ed:23:38:34:58:45:c0:8c:fa:bd:4d:
         7c:0a:f7:af:c2:e9:f6:b7:bd:2c:9c:58:37:79:72:0a:c5:b9:
         68:14:bf:f3:14:bb:ff:55:40:46:27:30:2d:a4:c2:22:89:b5:
         9b:1d:89:e8:42:38:6e:d7:f5:74:c1:a6:22:af:af:57:d4:b3:
         72:21:63:d1:f0:08:f9:75:d7:59:b0:1b:28:82:88:50:71:f5:
         4a:57:92:35:b4:37:50:77:a5:2d:a3:6f:b9:55:e9:cc:6a:6a:
         2e:0f:88:c3:1a:d7:8e:fb:f7:df:c1:4e:9f:be:fc:09:01:a1:
         43:5e:2f:85:08:7e:76:a4:1f:68:a8:76:88:e7:9c:9a:0d:e2:
         ce:7d:41:44
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUCpVgnsmm5ezqaonaTF7K73YpJIkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA1MTYxMDE0MzdaFw0yNjA1MTUxMDE5MzdaMDMxMTAvBgNV
BAMTKDBDNUNDMzBCRjQxRDMwRUU4MDRCMDNGMzA3NkRFMTMzRDk2RTdERDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCx2UTX9eHX8jSXM1DhGNWXnFu
+A9RQO1tk/n5cfNUStOAEmcBpWkx0gvILNIqg3czUbFE+R2OIRU5GJiMz2uKVT7D
VxdaVW9Z6y7Vw4uGG5FUuL2rJxcwmyLJgXmRc5hK/I5yQpmBLrpbfnUsusqauSfc
LOKtsKO4i5ELv20MontildkRNlwXKW+34KnmMWoXDWZRe1vVtsYjcjpypA2a9RUZ
JMeoj4BR2OnPvXh0Ke3u477KoFSlvIoZM/JzsSxFof41zmHxh+aBU3BTKxnqDeJU
c30nCKvrTaiv6MNP8AwFyEbGlla+ZQ+RyFs39iinkTuSJCbE0RJGg3Ydg5a5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDFzDC/QdMO6ASwPzB23hM9lufdUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4NzIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AABGMA0GCSqGSIb3DQEBCwUAA4IBAQACMCGLh9tr7adM3pX3UpC4tfQHCHus33bW
l+iEXC/MAQnaH6YVTqzzsKFp1x69WTyBZKHaiUES93vgsVEGeY0sRjy+iwq5kAaB
AcGoaVQaw0kaCHSB42mP/xH1oH60zJWKknISd3pPlALDcFeT28OMwUgw7SM4NFhF
wIz6vU18Cvevwun2t70snFg3eXIKxbloFL/zFLv/VUBGJzAtpMIiibWbHYnoQjhu
1/V0waYir69X1LNyIWPR8Aj5dddZsBsogohQcfVKV5I1tDdQd6Uto2+5VenMamou
D4jDGteO+/ffwU6fvvwJAaFDXi+FCH52pB9oqHaI55yaDeLOfUFE
-----END CERTIFICATE-----