Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208328.roa
File:                     AS208328.roa (raw, json)
Hash identifier:          qQX5OSPcYJFocsOTN/TJqbUneyF6kMn6RvJJwE+2qoU=
Subject key identifier:   34:69:9F:19:46:21:E3:86:29:33:AC:3B:C6:92:3D:06:A1:5B:85:61
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2CAEFA16D57801372B94748EC961DD5A372F9208
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208328.roa
Signing time:             Sat 04 Oct 2025 12:48:23 +0000
ROA not before:           Sat 04 Oct 2025 12:43:23 +0000
ROA not after:            Sat 03 Oct 2026 12:48:23 +0000
asID:                     208328
IP address blocks:        95.135.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ae:fa:16:d5:78:01:37:2b:94:74:8e:c9:61:dd:5a:37:2f:92:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct  4 12:43:23 2025 GMT
            Not After : Oct  3 12:48:23 2026 GMT
        Subject: CN=34699F194621E3862933AC3BC6923D06A15B8561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:b5:bc:56:97:32:6a:db:d6:85:b7:be:52:6f:
                    93:2d:11:74:2b:3c:58:01:5b:c7:47:ad:ea:d1:cd:
                    3d:5e:fe:c4:47:82:5d:f8:e9:17:f7:6a:3d:93:26:
                    8c:ad:a6:0f:f7:e6:e9:05:2d:aa:ec:cd:75:46:bc:
                    68:e3:83:91:a1:62:21:4a:6c:28:24:1d:7e:19:72:
                    26:b7:8b:d4:e9:8f:98:e0:c0:ab:fa:e8:53:b6:f0:
                    69:00:5e:72:52:0a:84:e7:5d:5a:ae:a7:1b:fa:ac:
                    c4:9c:08:02:3e:c0:65:07:81:99:e0:f0:c4:0f:29:
                    b3:9c:f4:39:43:97:d2:15:f0:f1:7c:6c:e4:f9:84:
                    75:6d:bd:13:b7:98:6f:a0:ea:4c:42:07:01:2b:36:
                    db:49:eb:c9:a0:af:0f:5b:3d:96:99:8f:9d:17:c8:
                    6e:e4:1c:b4:09:39:f6:4b:02:1c:39:bc:59:83:8a:
                    9c:29:fb:7c:8d:13:8c:3e:4f:a7:f3:65:1c:45:8f:
                    25:24:88:f2:a8:6d:c0:3c:fe:30:7d:20:da:57:07:
                    c9:ef:d6:58:ec:7b:ef:75:ab:3a:19:ba:a7:8f:e8:
                    08:44:a8:2f:64:d8:10:70:85:1a:f7:1b:70:23:7d:
                    ee:db:90:0f:56:ba:e0:98:8a:41:20:d9:75:1d:a4:
                    b1:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:69:9F:19:46:21:E3:86:29:33:AC:3B:C6:92:3D:06:A1:5B:85:61
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208328.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:3b:ec:54:04:3f:8f:17:fc:a3:eb:bf:21:15:3b:a7:fe:d2:
         d3:4a:b0:ae:e1:7a:7b:2b:b7:c4:57:ee:b4:6d:8b:17:56:bc:
         3b:6d:3a:20:89:d7:62:ba:01:25:7c:87:4c:02:cd:06:d0:50:
         a0:0e:05:af:90:7e:7c:4b:88:82:b2:d9:ff:74:6a:c4:8e:10:
         d8:12:d3:5b:78:bf:82:4c:1a:bd:fd:4d:1d:bd:89:d5:b2:29:
         66:fd:1d:aa:4e:01:6c:25:e5:3c:90:10:70:42:db:b6:53:b1:
         ac:32:ae:e9:47:90:63:85:b8:c0:83:62:12:62:32:e3:b7:c8:
         b9:04:e1:e4:e0:89:b2:8a:5c:fe:f3:19:44:87:db:05:79:db:
         d7:f5:0d:50:72:48:02:03:74:1f:3c:39:72:12:e4:30:fc:e5:
         d7:b6:9b:2e:37:5b:68:e1:b2:0d:00:35:93:6f:dc:a4:31:5c:
         6c:1e:7d:5c:1b:b9:b4:b2:78:58:2e:99:09:98:0b:1a:83:cc:
         e2:53:3f:f4:36:c5:6c:e5:a7:04:57:e1:2e:65:6c:63:9a:a8:
         be:44:bc:77:09:62:62:53:8f:d6:5d:07:40:c7:6b:e2:00:e4:
         43:e1:87:58:4b:46:8f:17:9b:16:4f:68:3e:64:cb:bb:74:b2:
         89:0b:b1:78
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULK76FtV4ATcrlHSOyWHdWjcvkggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMDQxMjQzMjNaFw0yNjEwMDMxMjQ4MjNaMDMxMTAvBgNV
BAMTKDM0Njk5RjE5NDYyMUUzODYyOTMzQUMzQkM2OTIzRDA2QTE1Qjg1NjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTtbxWlzJq29aFt75Sb5MtEXQr
PFgBW8dHrerRzT1e/sRHgl346Rf3aj2TJoytpg/35ukFLarszXVGvGjjg5GhYiFK
bCgkHX4Zcia3i9Tpj5jgwKv66FO28GkAXnJSCoTnXVqupxv6rMScCAI+wGUHgZng
8MQPKbOc9DlDl9IV8PF8bOT5hHVtvRO3mG+g6kxCBwErNttJ68mgrw9bPZaZj50X
yG7kHLQJOfZLAhw5vFmDipwp+3yNE4w+T6fzZRxFjyUkiPKobcA8/jB9INpXB8nv
1ljse+91qzoZuqeP6AhEqC9k2BBwhRr3G3Ajfe7bkA9WuuCYikEg2XUdpLF9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNGmfGUYh44YpM6w7xpI9BqFbhWEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA4MzI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4eH
MA0GCSqGSIb3DQEBCwUAA4IBAQBLO+xUBD+PF/yj678hFTun/tLTSrCu4Xp7K7fE
V+60bYsXVrw7bTogiddiugElfIdMAs0G0FCgDgWvkH58S4iCstn/dGrEjhDYEtNb
eL+CTBq9/U0dvYnVsilm/R2qTgFsJeU8kBBwQtu2U7GsMq7pR5BjhbjAg2ISYjLj
t8i5BOHk4Imyilz+8xlEh9sFedvX9Q1QckgCA3QfPDlyEuQw/OXXtpsuN1to4bIN
ADWTb9ykMVxsHn1cG7m0snhYLpkJmAsag8ziUz/0NsVs5acEV+EuZWxjmqi+RLx3
CWJiU4/WXQdAx2viAORD4YdYS0aPF5sWT2g+ZMu7dLKJC7F4
-----END CERTIFICATE-----