Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273508.roa
File:                     AS273508.roa (raw, json)
Hash identifier:          HFZvPcl5SEUng7Eh0CP3UY5hQmOEramiaUKTe8LqKPk=
Subject key identifier:   25:01:7B:07:F3:F1:11:32:54:55:C7:CE:76:E1:BD:E3:21:0C:C7:3A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       67AB5E3425D2FD0AB4D571DD1606453F3ECD82AA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273508.roa
Signing time:             Mon 27 Oct 2025 15:46:59 +0000
ROA not before:           Mon 27 Oct 2025 15:41:59 +0000
ROA not after:            Mon 26 Oct 2026 15:46:59 +0000
asID:                     273508
IP address blocks:        82.39.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:ab:5e:34:25:d2:fd:0a:b4:d5:71:dd:16:06:45:3f:3e:cd:82:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 27 15:41:59 2025 GMT
            Not After : Oct 26 15:46:59 2026 GMT
        Subject: CN=25017B07F3F111325455C7CE76E1BDE3210CC73A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:b1:d6:d1:94:71:fd:91:86:1b:30:9c:1d:6a:
                    28:11:24:4b:ef:1c:fc:91:c5:72:fe:08:04:95:08:
                    3a:55:21:75:fa:a9:74:5a:af:65:1d:bc:a9:8f:dd:
                    af:04:b0:a2:db:14:10:ae:91:bc:ae:22:1b:bd:5b:
                    63:bd:46:a2:f4:19:a3:b6:2d:15:dd:97:ba:05:96:
                    08:e5:a9:9c:72:33:13:56:90:3c:00:3c:c7:18:4a:
                    b6:95:8f:ed:c4:fb:f6:76:75:5d:fd:ba:0e:6f:1c:
                    2c:cd:27:59:0b:24:a8:c5:1e:5d:40:95:dd:ce:70:
                    8e:78:4a:2e:7e:2f:18:70:ad:b4:6b:67:e5:24:d7:
                    c7:7f:fd:ac:31:af:d4:4d:31:42:25:4d:d1:98:71:
                    26:fd:90:0d:ef:9e:b7:8d:28:08:a4:9f:e7:3d:06:
                    86:4b:81:99:2b:6e:36:6d:06:00:8c:72:53:d5:79:
                    89:e3:93:9e:39:ee:58:51:c7:ee:22:e0:44:42:f2:
                    3b:47:95:50:f4:92:d0:c1:f5:4a:1c:c8:48:c7:38:
                    59:99:1d:07:ad:de:a6:c0:01:62:29:98:ff:32:45:
                    ff:f2:f0:dd:63:f4:2d:51:a6:f3:80:87:e1:30:99:
                    d9:d8:02:44:31:ef:6c:e0:42:dd:41:4e:71:6b:59:
                    04:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:01:7B:07:F3:F1:11:32:54:55:C7:CE:76:E1:BD:E3:21:0C:C7:3A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS273508.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:5a:01:ad:df:ea:f8:cb:05:50:88:cd:c4:67:cc:5c:1a:a1:
         75:e1:9a:eb:d3:3d:e1:fe:fb:a2:6f:8f:b4:b4:a1:95:e0:6d:
         a8:5f:77:7b:b8:43:9d:3a:80:5b:c8:93:7d:58:44:2d:8f:1c:
         c6:a9:17:9c:ef:63:97:19:59:37:27:ce:e9:19:af:ea:f6:f0:
         63:f6:d8:2a:8c:53:23:51:14:3f:48:ab:64:48:12:c1:1f:a4:
         30:5a:77:55:a5:19:37:30:e5:65:0b:52:ce:fc:be:d5:19:41:
         b5:ce:24:85:8a:1a:ea:09:b1:ec:0e:03:9c:5b:cb:7a:a6:c1:
         18:40:23:bb:25:3d:f7:f7:4b:95:5b:f9:00:0c:30:bf:64:b9:
         8d:23:91:0c:de:8c:a2:21:f8:09:89:ea:22:69:7f:6d:b4:3b:
         65:78:8f:e0:85:35:5f:1c:af:14:b8:97:eb:e2:ce:0c:79:5e:
         32:d9:9f:7b:97:df:0e:1d:c6:d9:fd:e7:50:81:d3:cb:7d:b4:
         7f:b8:83:dd:c9:f7:26:9a:52:dc:08:ef:61:13:4c:d9:a3:6e:
         6a:0a:69:8c:96:67:0f:e7:a7:91:03:ab:a3:9c:fa:89:77:19:
         45:31:88:5a:b1:d5:42:3c:ea:58:2d:d3:bc:c0:4c:26:f9:c4:
         3b:4a:b2:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ6teNCXS/Qq01XHdFgZFPz7NgqowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMjcxNTQxNTlaFw0yNjEwMjYxNTQ2NTlaMDMxMTAvBgNV
BAMTKDI1MDE3QjA3RjNGMTExMzI1NDU1QzdDRTc2RTFCREUzMjEwQ0M3M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6sdbRlHH9kYYbMJwdaigRJEvv
HPyRxXL+CASVCDpVIXX6qXRar2UdvKmP3a8EsKLbFBCukbyuIhu9W2O9RqL0GaO2
LRXdl7oFlgjlqZxyMxNWkDwAPMcYSraVj+3E+/Z2dV39ug5vHCzNJ1kLJKjFHl1A
ld3OcI54Si5+LxhwrbRrZ+Uk18d//awxr9RNMUIlTdGYcSb9kA3vnreNKAikn+c9
BoZLgZkrbjZtBgCMclPVeYnjk5457lhRx+4i4ERC8jtHlVD0ktDB9UocyEjHOFmZ
HQet3qbAAWIpmP8yRf/y8N1j9C1RpvOAh+EwmdnYAkQx72zgQt1BTnFrWQTpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJQF7B/PxETJUVcfOduG94yEMxzowHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjczNTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUif0
MA0GCSqGSIb3DQEBCwUAA4IBAQBnWgGt3+r4ywVQiM3EZ8xcGqF14Zrr0z3h/vui
b4+0tKGV4G2oX3d7uEOdOoBbyJN9WEQtjxzGqRec72OXGVk3J87pGa/q9vBj9tgq
jFMjURQ/SKtkSBLBH6QwWndVpRk3MOVlC1LO/L7VGUG1ziSFihrqCbHsDgOcW8t6
psEYQCO7JT3390uVW/kADDC/ZLmNI5EM3oyiIfgJieoiaX9ttDtleI/ghTVfHK8U
uJfr4s4MeV4y2Z97l98OHcbZ/edQgdPLfbR/uIPdyfcmmlLcCO9hE0zZo25qCmmM
lmcP56eRA6ujnPqJdxlFMYhasdVCPOpYLdO8wEwm+cQ7SrLH
-----END CERTIFICATE-----