Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209554.roa
File:                     AS209554.roa (raw, json)
Hash identifier:          kIg0CW9Eu8VnmE9LAL8gXkQjWRSeHoZZfFkPK3YnqTA=
Subject key identifier:   13:B0:44:F7:F7:88:A0:FC:4D:8A:DE:5A:0C:C0:0D:5F:66:A7:08:F0
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6D36BFD06BD8501022BC2E4846EB2287D7400313
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209554.roa
Signing time:             Mon 29 Sep 2025 13:50:42 +0000
ROA not before:           Mon 29 Sep 2025 13:45:42 +0000
ROA not after:            Mon 28 Sep 2026 13:50:42 +0000
asID:                     209554
IP address blocks:        2a13:9500:d9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:36:bf:d0:6b:d8:50:10:22:bc:2e:48:46:eb:22:87:d7:40:03:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 29 13:45:42 2025 GMT
            Not After : Sep 28 13:50:42 2026 GMT
        Subject: CN=13B044F7F788A0FC4D8ADE5A0CC00D5F66A708F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:f3:fc:39:d0:76:d5:56:06:84:a2:5a:4b:17:
                    11:ff:13:24:57:13:ac:0e:1b:32:5e:ef:f5:d7:be:
                    89:bb:49:e3:1f:41:53:81:5b:e8:07:45:55:0f:e6:
                    e9:80:58:13:d8:49:a5:0a:df:25:26:1a:ec:61:72:
                    73:25:3e:53:c9:8b:c5:ed:0c:38:cf:c6:62:f6:e0:
                    4c:8e:1b:bb:36:39:d5:45:4c:7a:46:c7:dc:8c:fe:
                    54:67:0e:b2:e5:1c:75:b7:0e:f9:97:ab:bd:4b:e0:
                    1d:7e:8d:ca:e4:d0:c2:67:13:0b:0e:ef:71:72:a7:
                    23:a1:0d:31:7c:fb:6c:80:51:4c:cc:a1:32:ce:52:
                    a0:a8:dc:ef:86:8c:82:f5:33:9a:49:b9:4d:df:76:
                    ec:7d:e0:9b:3e:d1:67:22:f7:04:66:98:a9:b0:a0:
                    b7:c2:99:8b:a9:d3:56:ea:7c:86:ae:f5:a6:e6:ec:
                    93:41:ce:e0:d6:e0:54:cf:1b:a9:d3:3b:4d:33:a4:
                    e7:73:a4:47:bf:1a:e8:e8:91:d2:7d:36:cc:35:ac:
                    71:84:9d:2e:3a:ed:90:93:fa:d2:d4:48:f2:01:6c:
                    72:2b:4f:ad:3f:b9:68:e6:3a:69:eb:3e:39:39:06:
                    c7:1d:0d:d2:98:79:70:6a:db:49:87:f3:37:10:cb:
                    8e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B0:44:F7:F7:88:A0:FC:4D:8A:DE:5A:0C:C0:0D:5F:66:A7:08:F0
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209554.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:d9::/48

    Signature Algorithm: sha256WithRSAEncryption
         6e:bc:90:8b:2f:a4:01:e2:71:1b:63:59:b4:1a:e7:e4:70:4f:
         6d:da:40:32:15:37:d1:8e:3c:59:f5:90:80:2b:61:51:e9:88:
         e5:33:48:f1:73:97:f0:77:86:a1:a9:01:ba:88:69:58:f2:ba:
         aa:20:ea:b1:25:1d:5e:eb:d3:40:4f:b6:44:12:9d:b4:49:d2:
         03:54:2e:6a:90:a2:96:f5:8f:9f:1e:97:bf:65:af:e6:9e:95:
         7c:76:53:b7:22:b2:e9:38:53:9f:ef:aa:48:de:5d:f6:76:49:
         ed:52:d5:b6:bc:f4:4b:54:ce:ac:68:70:1c:a8:9b:38:c2:cf:
         b9:fa:4c:40:1a:cb:5a:a0:b5:d4:0d:f7:93:95:a8:bd:9a:9c:
         5f:c6:8c:4f:3a:d4:e1:8f:54:cb:4e:9e:6f:b8:3e:bc:f8:bb:
         b0:95:47:41:4f:c1:9b:e6:d4:98:bc:92:ec:de:79:60:f7:66:
         55:2a:a4:a9:c7:67:8c:c6:94:f8:89:f9:17:ff:05:ef:12:25:
         b7:9c:c6:6a:56:9a:c3:c4:34:01:bb:42:c7:c0:0d:a5:32:54:
         e5:39:76:d9:c8:1b:39:9d:0a:fe:08:92:76:3d:39:66:f3:8a:
         87:4a:c0:72:75:da:c1:01:50:b4:6f:0f:3a:6b:03:10:93:5e:
         c1:c9:d1:35
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbTa/0GvYUBAivC5IRusih9dAAxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MjkxMzQ1NDJaFw0yNjA5MjgxMzUwNDJaMDMxMTAvBgNV
BAMTKDEzQjA0NEY3Rjc4OEEwRkM0RDhBREU1QTBDQzAwRDVGNjZBNzA4RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR8/w50HbVVgaEolpLFxH/EyRX
E6wOGzJe7/XXvom7SeMfQVOBW+gHRVUP5umAWBPYSaUK3yUmGuxhcnMlPlPJi8Xt
DDjPxmL24EyOG7s2OdVFTHpGx9yM/lRnDrLlHHW3DvmXq71L4B1+jcrk0MJnEwsO
73FypyOhDTF8+2yAUUzMoTLOUqCo3O+GjIL1M5pJuU3fdux94Js+0Wci9wRmmKmw
oLfCmYup01bqfIau9abm7JNBzuDW4FTPG6nTO00zpOdzpEe/GujokdJ9Nsw1rHGE
nS467ZCT+tLUSPIBbHIrT60/uWjmOmnrPjk5BscdDdKYeXBq20mH8zcQy45fAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUE7BE9/eIoPxNit5aDMANX2anCPAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5NTU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhOV
AADZMA0GCSqGSIb3DQEBCwUAA4IBAQBuvJCLL6QB4nEbY1m0GufkcE9t2kAyFTfR
jjxZ9ZCAK2FR6YjlM0jxc5fwd4ahqQG6iGlY8rqqIOqxJR1e69NAT7ZEEp20SdID
VC5qkKKW9Y+fHpe/Za/mnpV8dlO3IrLpOFOf76pI3l32dkntUtW2vPRLVM6saHAc
qJs4ws+5+kxAGstaoLXUDfeTlai9mpxfxoxPOtThj1TLTp5vuD68+LuwlUdBT8Gb
5tSYvJLs3nlg92ZVKqSpx2eMxpT4ifkX/wXvEiW3nMZqVprDxDQBu0LHwA2lMlTl
OXbZyBs5nQr+CJJ2PTlm84qHSsByddrBAVC0bw86awMQk17BydE1
-----END CERTIFICATE-----