Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208753.roa
File:                     AS208753.roa (raw, json)
Hash identifier:          SbV3UfsrtzDPeJRrWi63WI0uDbvbi3kZSWvWnPKG51c=
Subject key identifier:   43:AD:90:11:C0:13:C8:BC:7A:38:5C:15:6A:AB:E6:02:B6:D4:45:FA
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       682A57E8D0D9F33D5125F8D30149218683731BDF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208753.roa
Signing time:             Mon 18 May 2026 08:06:22 +0000
ROA not before:           Mon 18 May 2026 08:01:22 +0000
ROA not after:            Mon 17 May 2027 08:06:22 +0000
asID:                     208753
IP address blocks:        2a13:9500:17a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:2a:57:e8:d0:d9:f3:3d:51:25:f8:d3:01:49:21:86:83:73:1b:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 18 08:01:22 2026 GMT
            Not After : May 17 08:06:22 2027 GMT
        Subject: CN=43AD9011C013C8BC7A385C156AABE602B6D445FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:6c:b6:fc:8e:04:82:dd:f9:bc:b8:32:b4:8d:
                    30:95:53:9e:e2:11:e2:a2:0e:9c:47:3c:70:83:bc:
                    ca:06:0e:3b:f1:16:d2:38:d4:7d:af:ab:ca:04:c0:
                    37:e5:42:ea:70:b1:d4:4f:b9:c3:89:a3:7a:95:4b:
                    31:b2:9c:0f:d2:f3:03:6d:28:ed:f3:17:8e:97:df:
                    2c:b8:fc:1c:fc:dd:e3:45:89:d5:6d:b3:42:26:f9:
                    f7:ed:61:8c:c7:3f:32:ce:c1:40:49:05:a1:c3:3c:
                    c1:9e:4a:35:46:65:3d:12:21:5d:bf:0e:c2:36:22:
                    e9:08:15:19:b9:ab:1c:fe:02:94:b3:36:e1:59:12:
                    64:06:2b:54:26:fe:f3:d3:3c:5e:b3:dd:1a:1f:bb:
                    1b:6b:78:6b:6e:46:15:ca:70:78:49:7a:da:7e:01:
                    3b:f2:d7:90:38:c3:97:12:3f:e7:ae:09:18:d2:10:
                    93:de:14:3c:02:ab:2d:ac:96:0f:0d:4b:7f:47:57:
                    45:05:d9:22:87:08:41:2f:c7:9a:2c:41:00:5f:23:
                    b0:fd:3e:0e:1b:5c:06:23:99:3f:6f:ef:bf:f9:3c:
                    e2:2b:37:97:dd:b4:74:8c:12:2c:aa:1f:af:a5:75:
                    94:93:e7:cc:74:2d:b8:83:20:04:43:a0:a6:9f:ea:
                    03:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:AD:90:11:C0:13:C8:BC:7A:38:5C:15:6A:AB:E6:02:B6:D4:45:FA
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS208753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:17a::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:d2:ce:3f:c9:1b:54:74:65:90:dd:9a:9c:de:28:e7:98:61:
         8c:bb:61:0c:6d:ef:c1:ef:29:ba:a6:b6:76:9a:f9:87:e8:67:
         72:cf:7f:d7:04:d9:7a:bd:e4:f5:03:a7:d0:19:d6:f6:e2:0f:
         cd:3e:e0:fd:a3:dc:76:db:54:e2:82:75:df:e9:b0:dc:33:9d:
         68:ac:86:9d:32:11:ad:d2:07:b6:f4:4f:4a:d7:ec:b2:8d:07:
         43:4e:59:12:13:df:96:b5:af:21:8b:d0:bf:b9:c2:89:23:b9:
         4b:65:26:f7:7f:f5:ad:12:25:2e:01:0b:09:f4:d3:bc:e9:4d:
         2a:7a:0c:84:dd:df:ed:43:40:18:08:26:80:8b:67:bd:6a:bd:
         de:cd:fd:00:ee:75:eb:6d:d5:81:29:d8:48:f3:db:94:fe:07:
         b8:48:70:0c:89:7b:92:53:e7:f5:5e:32:7d:08:27:80:e7:d1:
         49:82:0b:bc:dd:56:ba:d3:aa:e0:3f:a5:47:a0:4d:2f:84:6a:
         af:d3:36:30:c9:7e:07:4a:80:78:c0:0a:64:63:bf:12:f9:c3:
         9b:f2:fc:cb:bc:e9:b0:83:05:03:a3:01:8f:0b:96:d5:02:55:
         90:03:5e:33:9e:61:d0:ad:e7:4e:7b:fd:62:cc:33:42:20:6e:
         2d:af:40:76
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaCpX6NDZ8z1RJfjTAUkhhoNzG98wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTgwODAxMjJaFw0yNzA1MTcwODA2MjJaMDMxMTAvBgNV
BAMTKDQzQUQ5MDExQzAxM0M4QkM3QTM4NUMxNTZBQUJFNjAyQjZENDQ1RkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDObLb8jgSC3fm8uDK0jTCVU57i
EeKiDpxHPHCDvMoGDjvxFtI41H2vq8oEwDflQupwsdRPucOJo3qVSzGynA/S8wNt
KO3zF46X3yy4/Bz83eNFidVts0Im+fftYYzHPzLOwUBJBaHDPMGeSjVGZT0SIV2/
DsI2IukIFRm5qxz+ApSzNuFZEmQGK1Qm/vPTPF6z3RofuxtreGtuRhXKcHhJetp+
ATvy15A4w5cSP+euCRjSEJPeFDwCqy2slg8NS39HV0UF2SKHCEEvx5osQQBfI7D9
Pg4bXAYjmT9v77/5POIrN5fdtHSMEiyqH6+ldZST58x0LbiDIARDoKaf6gMjAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ62QEcATyLx6OFwVaqvmArbURfowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA4NzUzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AAF6MA0GCSqGSIb3DQEBCwUAA4IBAQBM0s4/yRtUdGWQ3Zqc3ijnmGGMu2EMbe/B
7ym6prZ2mvmH6Gdyz3/XBNl6veT1A6fQGdb24g/NPuD9o9x221TignXf6bDcM51o
rIadMhGt0ge29E9K1+yyjQdDTlkSE9+Wta8hi9C/ucKJI7lLZSb3f/WtEiUuAQsJ
9NO86U0qegyE3d/tQ0AYCCaAi2e9ar3ezf0A7nXrbdWBKdhI89uU/ge4SHAMiXuS
U+f1XjJ9CCeA59FJggu83Va606rgP6VHoE0vhGqv0zYwyX4HSoB4wApkY78S+cOb
8vzLvOmwgwUDowGPC5bVAlWQA14znmHQredOe/1izDNCIG4tr0B2
-----END CERTIFICATE-----