Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa
File:                     AS204770.roa (raw, json)
Hash identifier:          H7m+9WLkKZOFQDH+lc4YwBdA0qX0CY4qz6eAR0/2Zjk=
Subject key identifier:   36:9C:76:39:8C:2E:D6:01:89:BF:2A:D3:A6:C3:58:A8:FB:3A:FD:57
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       6CF59ACB221921E0CB70A99E348645A4C09DDD53
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa
Signing time:             Thu 14 May 2026 12:47:13 +0000
ROA not before:           Thu 14 May 2026 12:42:13 +0000
ROA not after:            Thu 13 May 2027 12:47:13 +0000
asID:                     204770
IP address blocks:        82.27.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:f5:9a:cb:22:19:21:e0:cb:70:a9:9e:34:86:45:a4:c0:9d:dd:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May 14 12:42:13 2026 GMT
            Not After : May 13 12:47:13 2027 GMT
        Subject: CN=369C76398C2ED60189BF2AD3A6C358A8FB3AFD57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:b7:e0:b4:6e:52:bd:fd:06:41:3d:e9:43:e5:
                    74:ea:3f:2d:cf:bb:dd:be:92:22:99:a4:e6:96:03:
                    3f:5f:ef:6c:fd:9f:dc:f3:24:5b:30:d0:fb:6a:06:
                    05:e6:40:c3:7f:bd:7f:5d:d9:3a:f8:23:f0:03:b9:
                    c2:57:a0:17:3e:1e:63:9f:ca:1f:ed:0b:f7:5c:95:
                    3e:79:a6:9b:bb:ed:ce:f1:84:b5:fe:f5:b5:98:5b:
                    03:02:dd:11:6e:93:4b:4d:73:47:2c:c3:28:0d:9b:
                    54:22:18:02:75:2e:6d:53:77:84:bc:fc:c4:ae:f4:
                    92:ad:57:9b:fd:66:65:7e:f2:95:b8:54:5c:d6:8e:
                    a1:c0:23:68:77:07:e6:61:f1:31:b8:6d:d4:cf:83:
                    f8:db:7f:e6:1b:c6:27:de:71:19:99:74:61:83:10:
                    ec:f7:42:96:ae:8d:41:2d:12:bb:35:d3:12:1a:42:
                    7d:3a:51:10:dd:29:00:77:03:08:50:75:27:45:0f:
                    55:d3:7b:48:99:09:66:9c:d9:1c:2a:8b:71:ee:98:
                    e6:45:af:3c:09:27:c8:19:92:d9:5f:b7:0f:f9:4b:
                    73:24:67:e5:be:db:2a:1e:33:7e:96:89:51:91:c4:
                    7d:06:58:5b:75:ee:cd:ea:b8:77:75:50:6c:0f:f0:
                    e5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:9C:76:39:8C:2E:D6:01:89:BF:2A:D3:A6:C3:58:A8:FB:3A:FD:57
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:55:34:1f:2b:8c:88:8b:73:66:36:16:7d:b7:d4:bb:be:56:
         70:9c:3b:54:72:43:d6:0e:52:aa:84:3a:12:37:10:dd:01:11:
         25:f9:3f:06:71:e9:2d:0d:34:4b:b4:1f:6f:b4:6e:f2:68:72:
         b7:3a:31:e0:f6:12:50:f1:b3:00:06:d5:b3:d0:34:86:d7:8e:
         49:0e:d5:7c:55:3e:dc:d3:69:d0:82:c5:0b:2a:91:35:d7:cc:
         52:49:e2:24:ae:a8:e9:68:99:dd:0e:93:f5:74:b7:bf:21:ab:
         68:7c:82:26:ea:0f:35:7b:bb:87:2b:7f:2d:ac:9d:dd:aa:99:
         d3:e1:93:6e:19:85:3b:74:ea:b1:6c:97:4d:8a:4a:d6:3d:56:
         90:bd:a5:23:18:6b:ec:40:77:81:e7:4e:a2:6c:3c:75:2e:74:
         e8:22:4f:32:ad:11:51:0d:26:58:a9:17:50:e1:b9:f3:be:40:
         ec:15:9f:bb:41:ad:3f:17:08:7d:5e:cf:7f:d6:c8:23:f8:09:
         04:23:53:97:94:d5:67:92:3c:42:29:74:68:3f:7f:91:ec:5d:
         1c:8e:04:66:2b:26:84:56:c3:6f:d5:cb:37:63:91:e9:02:5c:
         34:c5:0a:28:47:f7:00:fc:ed:6f:fe:4b:b2:d0:2b:31:3c:f6:
         2c:b0:f7:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUbPWayyIZIeDLcKmeNIZFpMCd3VMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MTQxMjQyMTNaFw0yNzA1MTMxMjQ3MTNaMDMxMTAvBgNV
BAMTKDM2OUM3NjM5OEMyRUQ2MDE4OUJGMkFEM0E2QzM1OEE4RkIzQUZENTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2t+C0blK9/QZBPelD5XTqPy3P
u92+kiKZpOaWAz9f72z9n9zzJFsw0PtqBgXmQMN/vX9d2Tr4I/ADucJXoBc+HmOf
yh/tC/dclT55ppu77c7xhLX+9bWYWwMC3RFuk0tNc0cswygNm1QiGAJ1Lm1Td4S8
/MSu9JKtV5v9ZmV+8pW4VFzWjqHAI2h3B+Zh8TG4bdTPg/jbf+YbxifecRmZdGGD
EOz3QpaujUEtErs10xIaQn06URDdKQB3AwhQdSdFD1XTe0iZCWac2Rwqi3HumOZF
rzwJJ8gZktlftw/5S3MkZ+W+2yoeM36WiVGRxH0GWFt17s3quHd1UGwP8OXlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNpx2OYwu1gGJvyrTpsNYqPs6/VcwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhti
MA0GCSqGSIb3DQEBCwUAA4IBAQCHVTQfK4yIi3NmNhZ9t9S7vlZwnDtUckPWDlKq
hDoSNxDdAREl+T8GcektDTRLtB9vtG7yaHK3OjHg9hJQ8bMABtWz0DSG145JDtV8
VT7c02nQgsULKpE118xSSeIkrqjpaJndDpP1dLe/IatofIIm6g81e7uHK38trJ3d
qpnT4ZNuGYU7dOqxbJdNikrWPVaQvaUjGGvsQHeB506ibDx1LnToIk8yrRFRDSZY
qRdQ4bnzvkDsFZ+7Qa0/Fwh9Xs9/1sgj+AkEI1OXlNVnkjxCKXRoP3+R7F0cjgRm
KyaEVsNv1cs3Y5HpAlw0xQooR/cA/O1v/kuy0CsxPPYssPew
-----END CERTIFICATE-----