Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa
File:                     AS208483.roa (raw, json)
Hash identifier:          jab/a9iFrL2cfjkDwkk/JEk8LhkP3xM0jwvYXcDnThI=
Subject key identifier:   5E:FF:0B:CB:93:4E:58:E9:52:80:6D:5D:3D:0E:6E:96:CE:C1:13:71
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       51CD40912E303FDE64CEC8A8F22A9C7A9F0A7727
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa
Signing time:             Mon 01 Jun 2026 13:47:20 +0000
ROA not before:           Mon 01 Jun 2026 13:42:20 +0000
ROA not after:            Mon 31 May 2027 13:47:20 +0000
asID:                     208483
IP address blocks:        91.198.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:13:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            51:cd:40:91:2e:30:3f:de:64:ce:c8:a8:f2:2a:9c:7a:9f:0a:77:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun  1 13:42:20 2026 GMT
            Not After : May 31 13:47:20 2027 GMT
        Subject: CN=5EFF0BCB934E58E952806D5D3D0E6E96CEC11371
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9f:25:b2:28:6c:15:b6:2c:63:70:31:08:10:
                    39:2c:d7:1b:0f:38:46:e2:ff:40:64:a1:01:07:bd:
                    e6:bd:ee:5a:77:a7:5a:b3:2c:b3:02:8f:24:a2:58:
                    7b:40:10:3a:60:96:33:7d:d2:5e:b0:dd:8c:32:58:
                    46:62:1b:16:b3:46:89:49:b7:fc:0e:a9:63:f9:73:
                    07:b1:22:5c:a4:d7:61:08:70:35:ed:ac:6d:87:4e:
                    05:aa:ec:55:3a:34:57:bf:d5:5e:1a:1b:e4:7e:9d:
                    c7:ea:08:c8:11:70:ea:92:74:66:f5:3d:d3:a7:31:
                    ec:c6:2e:44:14:aa:98:39:af:5a:d1:6e:de:7e:57:
                    c8:22:78:67:ca:b8:dc:47:a4:c0:9a:74:74:1b:8c:
                    34:57:11:6f:4f:19:52:ec:1a:d0:33:45:02:3c:e9:
                    db:86:46:56:5a:8f:4f:88:28:fb:ce:8d:78:4d:95:
                    12:0b:a9:d8:89:14:01:6c:fe:a6:82:ff:bc:93:1b:
                    ac:86:2e:28:61:97:a7:29:cc:cf:78:ae:45:dd:0c:
                    de:7f:3e:3b:e7:d6:ae:ef:11:32:25:b6:ea:58:fb:
                    e4:80:46:83:59:15:ff:97:8a:32:af:c3:08:fa:e6:
                    87:67:5d:d3:f2:9f:91:0a:62:5a:3c:b7:59:07:fb:
                    ff:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:FF:0B:CB:93:4E:58:E9:52:80:6D:5D:3D:0E:6E:96:CE:C1:13:71
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS208483.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:dd:39:aa:8c:5a:92:6b:8c:57:c4:86:58:dd:a4:ce:ef:aa:
         89:0b:a4:47:ef:44:5f:5f:1b:21:1a:48:fd:37:8c:4c:a4:90:
         34:88:8c:d7:fa:e9:59:ff:a2:1c:7b:df:dd:49:a1:ac:d3:3e:
         c2:e8:a3:11:47:e2:c3:60:85:ac:49:f9:0d:06:6b:3a:e3:b1:
         33:41:c0:70:c8:b3:47:79:46:5a:3d:d0:22:ec:cc:27:f3:c8:
         7c:e0:96:17:b9:3c:87:bb:80:a5:25:56:0c:68:ee:2b:de:43:
         f2:b8:11:a6:d2:9b:a8:b8:1a:d5:5e:96:43:a9:ff:f5:e1:3a:
         a4:94:e1:1b:2d:38:ca:9c:ef:74:b7:ab:f8:9a:c5:a8:b7:42:
         ff:41:01:04:2c:2c:f9:e8:54:00:4e:27:c5:38:c7:ff:87:6f:
         81:ea:c0:fb:f7:29:fa:af:f3:82:20:ad:91:7d:8b:9e:5f:37:
         5b:ef:f4:66:76:92:ed:8a:6e:de:13:e1:b1:34:6a:bb:49:b5:
         de:2a:bf:d4:ff:24:65:f2:e1:de:aa:42:d8:d8:2f:82:94:d1:
         e9:b4:13:bf:b0:32:8e:b2:a6:22:f5:d4:7d:c3:e2:12:f4:c0:
         76:46:71:3c:da:3f:d7:ce:0c:da:0d:bd:8d:f3:5c:55:76:80:
         d6:b9:22:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUc1AkS4wP95kzsio8iqcep8KdycwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA2MDExMzQyMjBaFw0yNzA1MzExMzQ3MjBaMDMxMTAvBgNV
BAMTKDVFRkYwQkNCOTM0RTU4RTk1MjgwNkQ1RDNEMEU2RTk2Q0VDMTEzNzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDznyWyKGwVtixjcDEIEDks1xsP
OEbi/0BkoQEHvea97lp3p1qzLLMCjySiWHtAEDpgljN90l6w3YwyWEZiGxazRolJ
t/wOqWP5cwexIlyk12EIcDXtrG2HTgWq7FU6NFe/1V4aG+R+ncfqCMgRcOqSdGb1
PdOnMezGLkQUqpg5r1rRbt5+V8gieGfKuNxHpMCadHQbjDRXEW9PGVLsGtAzRQI8
6duGRlZaj0+IKPvOjXhNlRILqdiJFAFs/qaC/7yTG6yGLihhl6cpzM94rkXdDN5/
Pjvn1q7vETIltupY++SARoNZFf+XijKvwwj65odnXdPyn5EKYlo8t1kH+/+/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXv8Ly5NOWOlSgG1dPQ5uls7BE3EwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA4NDgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ZC
MA0GCSqGSIb3DQEBCwUAA4IBAQAT3TmqjFqSa4xXxIZY3aTO76qJC6RH70RfXxsh
Gkj9N4xMpJA0iIzX+ulZ/6Ice9/dSaGs0z7C6KMRR+LDYIWsSfkNBms647EzQcBw
yLNHeUZaPdAi7Mwn88h84JYXuTyHu4ClJVYMaO4r3kPyuBGm0puouBrVXpZDqf/1
4TqklOEbLTjKnO90t6v4msWot0L/QQEELCz56FQATifFOMf/h2+B6sD79yn6r/OC
IK2RfYueXzdb7/RmdpLtim7eE+GxNGq7SbXeKr/U/yRl8uHeqkLY2C+ClNHptBO/
sDKOsqYi9dR9w+IS9MB2RnE82j/XzgzaDb2N81xVdoDWuSJr
-----END CERTIFICATE-----