Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS50338.roa
File:                     AS50338.roa (raw, json)
Hash identifier:          aJWhEfKgqZX3SJWoB4xHqGB94DoAJepT8NL0N5WuB8A=
Subject key identifier:   81:D7:77:26:B7:26:D3:56:C7:72:57:D5:0B:E8:54:86:2A:EF:C3:09
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       44AD62B7D3E4E5F676B5CA1CC4A609EDE8748F49
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS50338.roa
Signing time:             Sat 20 Jun 2026 05:47:47 +0000
ROA not before:           Sat 20 Jun 2026 05:42:47 +0000
ROA not after:            Sat 19 Jun 2027 05:47:47 +0000
asID:                     50338
IP address blocks:        2a13:9500:b6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 02:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:ad:62:b7:d3:e4:e5:f6:76:b5:ca:1c:c4:a6:09:ed:e8:74:8f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 20 05:42:47 2026 GMT
            Not After : Jun 19 05:47:47 2027 GMT
        Subject: CN=81D77726B726D356C77257D50BE854862AEFC309
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ef:24:5d:23:b8:b2:17:d3:99:98:99:b6:2a:
                    30:c3:ef:b1:93:70:4d:da:83:9b:6c:3e:d9:df:9c:
                    a4:89:63:56:a3:b6:b6:c6:77:30:26:fc:4b:e7:11:
                    7f:4c:cd:7d:3f:3e:6a:7b:01:0c:7c:3f:6d:87:06:
                    39:b9:a0:b6:48:6b:a0:e1:45:49:79:bc:66:fe:71:
                    1a:3e:4c:1d:40:d4:05:d0:ff:81:53:a5:bc:67:34:
                    49:2b:ac:06:8c:08:3d:5f:0f:3b:09:0c:7e:88:9b:
                    98:b3:a2:88:f0:66:52:09:a1:48:df:70:67:c2:5c:
                    02:3a:2a:41:cf:e6:3a:fa:82:e5:4c:a5:44:ed:a3:
                    9e:da:48:f8:24:19:27:b5:f7:c2:0c:c8:29:54:56:
                    62:0b:88:a7:68:41:40:03:28:e0:be:37:cd:4d:7a:
                    24:90:93:fe:1e:4c:d5:1d:1f:0c:c0:59:eb:39:dd:
                    3c:e9:d4:8a:75:8b:4f:67:d2:0a:7b:38:56:81:8e:
                    07:de:52:3e:c9:54:e7:e3:bb:b9:66:15:b3:dc:2d:
                    dd:9a:8e:14:6b:e9:af:3b:88:ff:9a:61:60:c6:4a:
                    2b:5e:64:da:dd:b1:6e:12:59:bf:eb:cc:16:12:7b:
                    49:c4:d0:93:4d:ee:9c:e0:fb:04:cc:49:26:28:78:
                    3c:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:D7:77:26:B7:26:D3:56:C7:72:57:D5:0B:E8:54:86:2A:EF:C3:09
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS50338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:b6::/48

    Signature Algorithm: sha256WithRSAEncryption
         14:9a:ba:92:1b:1c:f9:cc:c3:88:fe:28:d2:46:d1:81:d5:1c:
         90:44:f2:9c:44:7c:59:e1:6e:9d:98:26:a6:91:96:93:66:5c:
         43:b0:2f:13:c0:e1:58:e9:8a:b3:79:b0:47:d4:9b:2c:80:99:
         84:5a:b2:d5:c4:ab:08:88:23:d9:27:d0:66:aa:37:af:a2:9e:
         55:9b:7a:a4:e1:28:bb:0d:cf:e6:6a:5f:33:46:8e:73:4b:f2:
         1e:2a:7c:16:9c:8f:ca:96:21:e0:48:9e:61:b6:67:03:c3:15:
         a7:ce:72:c7:75:6c:5c:00:ef:86:b9:1d:bc:da:ca:86:ce:75:
         c0:b4:16:55:04:19:62:55:18:b6:87:89:33:cd:15:34:f5:e4:
         ee:ab:6b:ed:df:c5:30:5e:e3:73:fd:d7:40:0a:b3:aa:31:05:
         da:c6:20:da:6b:c3:f7:a7:11:36:7a:9b:8e:d5:69:b0:dc:fd:
         8b:26:ed:17:1e:7a:e8:84:65:9f:02:e3:8a:2c:65:84:ff:d7:
         3d:88:35:f9:3c:67:25:59:da:38:68:13:35:ba:f3:d6:37:a3:
         38:e6:b8:a9:21:31:07:3d:fd:42:50:1d:31:ca:d3:5b:a7:c6:
         e8:90:ef:8e:95:b5:68:fa:bd:46:50:df:d3:f6:2d:04:92:52:
         7c:cb:7c:88
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIURK1it9Pk5fZ2tcocxKYJ7eh0j0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MjAwNTQyNDdaFw0yNzA2MTkwNTQ3NDdaMDMxMTAvBgNV
BAMTKDgxRDc3NzI2QjcyNkQzNTZDNzcyNTdENTBCRTg1NDg2MkFFRkMzMDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC47yRdI7iyF9OZmJm2KjDD77GT
cE3ag5tsPtnfnKSJY1ajtrbGdzAm/EvnEX9MzX0/Pmp7AQx8P22HBjm5oLZIa6Dh
RUl5vGb+cRo+TB1A1AXQ/4FTpbxnNEkrrAaMCD1fDzsJDH6Im5izoojwZlIJoUjf
cGfCXAI6KkHP5jr6guVMpUTto57aSPgkGSe198IMyClUVmILiKdoQUADKOC+N81N
eiSQk/4eTNUdHwzAWes53Tzp1Ip1i09n0gp7OFaBjgfeUj7JVOfju7lmFbPcLd2a
jhRr6a87iP+aYWDGSiteZNrdsW4SWb/rzBYSe0nE0JNN7pzg+wTMSSYoeDxdAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUgdd3Jrcm01bHclfVC+hUhirvwwkwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNTAzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
ALYwDQYJKoZIhvcNAQELBQADggEBABSaupIbHPnMw4j+KNJG0YHVHJBE8pxEfFnh
bp2YJqaRlpNmXEOwLxPA4VjpirN5sEfUmyyAmYRastXEqwiII9kn0GaqN6+inlWb
eqThKLsNz+ZqXzNGjnNL8h4qfBacj8qWIeBInmG2ZwPDFafOcsd1bFwA74a5Hbza
yobOdcC0FlUEGWJVGLaHiTPNFTT15O6ra+3fxTBe43P910AKs6oxBdrGINprw/en
ETZ6m47VabDc/Ysm7RceeuiEZZ8C44osZYT/1z2INfk8ZyVZ2jhoEzW689Y3ozjm
uKkhMQc9/UJQHTHK01unxuiQ746VtWj6vUZQ39P2LQSSUnzLfIg=
-----END CERTIFICATE-----