Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201667.roa
File:                     AS201667.roa (raw, json)
Hash identifier:          NtrNWFc/E8n1N/JuqcdPMfh4aM4YogtipJPnlWPxjz4=
Subject key identifier:   57:E0:AA:CC:0A:55:97:77:40:E0:4C:EE:52:6B:8E:7B:05:E5:AB:67
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6037F568D75BDEA3FD03BF160884AFB98484CC34
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201667.roa
Signing time:             Fri 05 Jun 2026 11:43:01 +0000
ROA not before:           Fri 05 Jun 2026 11:38:01 +0000
ROA not after:            Fri 04 Jun 2027 11:43:01 +0000
asID:                     201667
IP address blocks:        178.83.66.0/24 maxlen: 24
                          2a13:9500:15f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:37:f5:68:d7:5b:de:a3:fd:03:bf:16:08:84:af:b9:84:84:cc:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  5 11:38:01 2026 GMT
            Not After : Jun  4 11:43:01 2027 GMT
        Subject: CN=57E0AACC0A55977740E04CEE526B8E7B05E5AB67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:8e:2c:ec:55:c6:e6:75:b9:9c:03:85:0d:1f:
                    99:0a:69:e7:db:86:88:5d:c1:0f:1b:5a:00:3a:bd:
                    d3:81:18:8e:9f:d7:2f:3a:38:0e:46:af:c2:55:16:
                    10:0a:9b:5d:c7:a0:91:0f:d2:c6:07:c2:5b:40:1f:
                    b5:03:6a:b0:11:c2:b2:c8:0f:fb:e7:a0:48:b5:c5:
                    26:bf:02:ee:3b:59:e6:61:4b:77:1b:fa:52:9d:54:
                    14:80:6b:42:85:06:c2:95:43:9c:a3:88:6f:0c:76:
                    39:7f:3e:0b:ba:9d:9a:f3:30:1e:52:f2:53:5b:58:
                    93:ad:e6:0d:cb:6c:99:69:71:fb:59:5e:3a:a1:0b:
                    5a:b3:ae:63:f4:0f:1c:95:ff:c4:ff:50:8d:60:2f:
                    a6:bc:b7:56:6b:ea:c9:53:be:26:ae:cb:17:d5:30:
                    b5:f4:53:d1:4e:29:f7:06:a1:0a:33:de:d4:ed:88:
                    5e:91:f3:09:aa:c3:d7:22:23:3e:ad:69:de:0d:96:
                    02:ef:dd:85:91:05:f0:9b:b7:f8:fe:f0:74:c5:77:
                    dc:aa:86:e5:a3:e0:b5:44:6d:16:1d:92:a1:20:51:
                    ad:00:24:f6:22:8d:64:79:fc:69:97:59:58:d3:a0:
                    21:2d:de:f9:0b:a9:77:a0:48:82:21:e8:f2:f1:64:
                    b0:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:E0:AA:CC:0A:55:97:77:40:E0:4C:EE:52:6B:8E:7B:05:E5:AB:67
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS201667.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.66.0/24
                IPv6:
                  2a13:9500:15f::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:14:fc:68:2d:bc:99:be:6b:7a:0d:3d:e3:66:4c:d3:4d:e8:
         2c:de:e1:a1:3b:30:5f:c7:87:01:fd:bc:b2:ac:ae:69:de:ca:
         95:56:82:6f:02:c6:bd:d4:c1:85:1b:ec:50:91:32:24:2f:56:
         89:97:98:21:35:40:34:40:89:5a:b8:7c:5d:20:50:75:66:56:
         0b:0a:21:46:ad:6b:07:96:ae:41:b0:70:08:62:22:0d:bb:0b:
         24:75:6f:36:f8:c7:0a:84:16:cd:47:a7:78:ac:b7:12:2e:79:
         10:fe:11:03:b5:cb:bc:7a:ba:4a:bc:a7:e6:b8:83:b6:c8:ec:
         12:91:6e:0e:d7:c8:b1:38:78:da:e5:90:32:a1:9a:9a:72:07:
         f2:b8:b1:52:3f:6f:46:01:1d:7e:e8:44:63:81:7a:87:03:44:
         e0:d3:fd:43:12:7d:91:d0:73:f7:bd:08:cc:19:ab:ba:6f:db:
         8e:66:3f:28:2e:28:81:52:68:d0:a5:01:d7:63:e9:93:0a:e3:
         79:80:27:c5:99:d5:3e:4a:5e:b1:1c:3d:73:96:10:9a:04:ff:
         c0:df:ab:33:9e:fd:7f:bb:fe:cf:f8:dc:bc:e0:03:5d:91:cf:
         49:d3:c3:c2:64:d7:14:c7:0a:1c:a4:70:5d:d6:d3:d0:e0:10:
         70:1b:1c:9e
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIUYDf1aNdb3qP9A78WCISvuYSEzDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDUxMTM4MDFaFw0yNzA2MDQxMTQzMDFaMDMxMTAvBgNV
BAMTKDU3RTBBQUNDMEE1NTk3Nzc0MEUwNENFRTUyNkI4RTdCMDVFNUFCNjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXjizsVcbmdbmcA4UNH5kKaefb
hohdwQ8bWgA6vdOBGI6f1y86OA5Gr8JVFhAKm13HoJEP0sYHwltAH7UDarARwrLI
D/vnoEi1xSa/Au47WeZhS3cb+lKdVBSAa0KFBsKVQ5yjiG8Mdjl/Pgu6nZrzMB5S
8lNbWJOt5g3LbJlpcftZXjqhC1qzrmP0DxyV/8T/UI1gL6a8t1Zr6slTviauyxfV
MLX0U9FOKfcGoQoz3tTtiF6R8wmqw9ciIz6tad4NlgLv3YWRBfCbt/j+8HTFd9yq
huWj4LVEbRYdkqEgUa0AJPYijWR5/GmXWVjToCEt3vkLqXegSIIh6PLxZLBjAgMB
AAGjggIbMIICFzAdBgNVHQ4EFgQUV+CqzApVl3dA4EzuUmuOewXlq2cwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjAxNjY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAslNC
MA8EAgACMAkDBwAqE5UAAV8wDQYJKoZIhvcNAQELBQADggEBAGoU/GgtvJm+a3oN
PeNmTNNN6Cze4aE7MF/HhwH9vLKsrmneypVWgm8Cxr3UwYUb7FCRMiQvVomXmCE1
QDRAiVq4fF0gUHVmVgsKIUataweWrkGwcAhiIg27CyR1bzb4xwqEFs1Hp3istxIu
eRD+EQO1y7x6ukq8p+a4g7bI7BKRbg7XyLE4eNrlkDKhmppyB/K4sVI/b0YBHX7o
RGOBeocDRODT/UMSfZHQc/e9CMwZq7pv245mPyguKIFSaNClAddj6ZMK43mAJ8WZ
1T5KXrEcPXOWEJoE/8DfqzOe/X+7/s/43LzgA12Rz0nTw8Jk1xTHChykcF3W09Dg
EHAbHJ4=
-----END CERTIFICATE-----