Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
File:                     AS213908.roa (raw, json)
Hash identifier:          QYSg+dunt+G/wIR79cvm9EUvWz9ZrUJYwxOlSBFGsfA=
Subject key identifier:   89:CD:A7:41:F9:74:A8:7B:C7:21:C4:33:D2:B9:BD:E5:9F:27:6E:C7
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       44B594614006E936CA3D10DA0918F976EB0AC83A
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa
Signing time:             Thu 22 May 2025 13:02:20 +0000
ROA not before:           Thu 22 May 2025 12:57:20 +0000
ROA not after:            Thu 21 May 2026 13:02:20 +0000
asID:                     213908
IP address blocks:        37.221.78.0/24 maxlen: 24
                          37.221.79.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:b5:94:61:40:06:e9:36:ca:3d:10:da:09:18:f9:76:eb:0a:c8:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May 22 12:57:20 2025 GMT
            Not After : May 21 13:02:20 2026 GMT
        Subject: CN=89CDA741F974A87BC721C433D2B9BDE59F276EC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b8:26:a9:69:da:eb:4b:c2:00:2d:f7:2d:ab:
                    a2:63:5b:5d:37:15:1a:d3:9a:d7:e1:70:24:6f:91:
                    0a:a0:fc:85:e0:44:3f:b8:32:0f:75:d1:75:ac:22:
                    27:16:8a:80:cc:61:95:0f:4d:9e:ca:d7:8f:14:e7:
                    43:64:27:c3:67:bc:85:cb:ec:c2:a9:12:a4:30:3c:
                    74:97:a1:d0:de:19:55:08:77:88:a4:9c:f5:f0:cd:
                    0e:97:97:58:a4:b8:07:5c:22:98:b9:41:42:db:d2:
                    e9:3f:e0:2d:14:f5:93:fd:3b:02:00:89:ae:a6:38:
                    28:e2:fc:de:90:15:4a:21:1e:c6:14:1f:ba:19:47:
                    b8:53:ac:9c:5a:df:db:a1:92:ad:e3:e6:7d:92:d5:
                    2e:31:82:c5:7d:d9:c5:05:2e:42:55:bd:54:1b:5f:
                    16:4f:74:38:11:28:58:e2:d4:3b:7c:76:8b:1f:cc:
                    f7:5d:cc:13:42:d3:ac:11:2d:e3:10:54:1c:a8:23:
                    d1:11:b6:5c:d7:91:58:75:15:4e:e1:be:cb:95:96:
                    59:0b:d3:a6:65:0e:10:60:a4:39:be:80:17:a2:ad:
                    ba:e8:a4:c1:95:40:15:c9:86:0c:ca:10:9c:76:b0:
                    e0:1b:34:41:59:9e:75:e1:6a:90:10:5d:c2:9e:aa:
                    d8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:CD:A7:41:F9:74:A8:7B:C7:21:C4:33:D2:B9:BD:E5:9F:27:6E:C7
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS213908.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.221.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:80:18:8f:0b:07:b2:67:8d:5e:9a:51:ef:fc:92:a3:b3:5e:
         91:7d:0f:3a:ec:43:2d:78:d3:8b:6e:55:8b:d5:30:38:c1:73:
         16:ba:d9:60:33:6d:e4:dc:db:40:fd:55:e8:26:57:58:96:dd:
         6f:cd:2e:29:7d:75:3a:14:2e:ed:95:5a:cd:33:39:c0:75:58:
         67:39:c7:1b:62:6e:1e:17:ff:6e:c8:cd:7b:09:81:f5:e7:67:
         a2:47:ad:ea:0c:c9:c9:d6:7e:d3:ca:6d:6e:07:bb:b3:b8:c0:
         4e:66:31:5b:9c:ad:01:84:d4:24:4d:21:3a:75:7a:5c:93:df:
         10:9f:ce:c8:af:0c:8f:55:80:95:8c:7e:59:0f:e5:ad:04:2e:
         40:66:4a:3c:30:a3:5c:36:b3:13:df:3d:c3:71:db:66:02:66:
         24:83:55:29:a5:af:13:19:5b:5d:26:1a:5a:20:e4:85:c4:be:
         5e:fc:3f:bf:cf:a0:63:4f:16:2c:4b:b4:7b:44:79:99:74:12:
         e8:1f:8b:fe:fe:c7:58:1a:d1:be:e5:74:94:de:df:74:08:ea:
         88:c2:67:10:d0:2a:68:57:dc:c4:6d:63:88:14:da:01:06:a7:
         a6:f1:63:47:b9:b0:e8:4d:15:23:aa:78:0a:82:e2:ba:85:80:
         66:b5:1a:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURLWUYUAG6TbKPRDaCRj5dusKyDowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MjIxMjU3MjBaFw0yNjA1MjExMzAyMjBaMDMxMTAvBgNV
BAMTKDg5Q0RBNzQxRjk3NEE4N0JDNzIxQzQzM0QyQjlCREU1OUYyNzZFQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTuCapadrrS8IALfctq6JjW103
FRrTmtfhcCRvkQqg/IXgRD+4Mg910XWsIicWioDMYZUPTZ7K148U50NkJ8NnvIXL
7MKpEqQwPHSXodDeGVUId4iknPXwzQ6Xl1ikuAdcIpi5QULb0uk/4C0U9ZP9OwIA
ia6mOCji/N6QFUohHsYUH7oZR7hTrJxa39uhkq3j5n2S1S4xgsV92cUFLkJVvVQb
XxZPdDgRKFji1Dt8dosfzPddzBNC06wRLeMQVByoI9ERtlzXkVh1FU7hvsuVllkL
06ZlDhBgpDm+gBeirbropMGVQBXJhgzKEJx2sOAbNEFZnnXhapAQXcKeqthbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUic2nQfl0qHvHIcQz0rm95Z8nbscwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjEzOTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBJd1O
MA0GCSqGSIb3DQEBCwUAA4IBAQCMgBiPCweyZ41emlHv/JKjs16RfQ867EMteNOL
blWL1TA4wXMWutlgM23k3NtA/VXoJldYlt1vzS4pfXU6FC7tlVrNMznAdVhnOccb
Ym4eF/9uyM17CYH152eiR63qDMnJ1n7Tym1uB7uzuMBOZjFbnK0BhNQkTSE6dXpc
k98Qn87IrwyPVYCVjH5ZD+WtBC5AZko8MKNcNrMT3z3DcdtmAmYkg1Uppa8TGVtd
JhpaIOSFxL5e/D+/z6BjTxYsS7R7RHmZdBLoH4v+/sdYGtG+5XSU3t90COqIwmcQ
0CpoV9zEbWOIFNoBBqem8WNHubDoTRUjqngKguK6hYBmtRo0
-----END CERTIFICATE-----