Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa
File:                     AS204770.roa (raw, json)
Hash identifier:          zm2oDARrWn023QzGY2mx/Firr7x7xYdJg3cWuLcl4vo=
Subject key identifier:   E0:D8:23:2F:73:1A:EB:ED:BA:27:43:F2:19:D1:D2:11:5E:0A:AF:2C
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       635B771A440847D85A624170B20891DD32108380
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa
Signing time:             Thu 12 Jun 2025 12:11:47 +0000
ROA not before:           Thu 12 Jun 2025 12:06:47 +0000
ROA not after:            Thu 11 Jun 2026 12:11:47 +0000
asID:                     204770
IP address blocks:        82.27.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:5b:77:1a:44:08:47:d8:5a:62:41:70:b2:08:91:dd:32:10:83:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 12 12:06:47 2025 GMT
            Not After : Jun 11 12:11:47 2026 GMT
        Subject: CN=E0D8232F731AEBEDBA2743F219D1D2115E0AAF2C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:46:41:70:ab:68:71:5c:79:1d:47:17:86:a0:
                    9e:6e:d2:fd:93:75:1c:7e:f3:97:1c:e0:fe:c5:6b:
                    4a:7c:7d:2a:81:4a:a3:f0:bd:52:bd:0f:7f:53:a2:
                    11:c7:45:68:10:55:ac:67:cf:21:5b:36:0a:db:65:
                    c4:58:c8:1d:31:e4:96:af:a1:7a:52:b1:f0:38:f1:
                    b5:c1:01:d8:ec:c8:4a:24:54:e0:1a:c3:98:73:01:
                    dd:c8:dd:15:27:ec:ad:3a:97:49:0f:a4:7c:4a:cf:
                    ee:3a:40:52:52:c9:3e:2b:91:ca:62:62:54:e3:b5:
                    82:42:d9:d0:b9:dc:16:18:8c:b3:9e:0f:87:d1:97:
                    bc:47:24:1e:3f:0f:c4:08:9d:c4:0c:08:11:aa:18:
                    7f:c1:dd:5e:28:b2:67:41:19:06:8e:2c:2f:0e:55:
                    9c:d6:12:05:36:9e:5c:71:1f:da:77:5f:17:f9:e0:
                    7f:a5:4f:2b:16:f0:db:32:46:34:f1:56:09:b5:3a:
                    a4:17:74:69:59:a3:72:6b:e3:97:b3:51:7c:9e:7f:
                    25:99:30:8b:e1:ea:4e:18:6e:66:a0:07:d7:60:18:
                    74:07:fb:b3:a9:fc:14:88:04:cd:23:ef:69:3f:3d:
                    22:c1:81:70:a1:20:72:cb:1e:0d:a2:e1:78:7c:da:
                    54:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:D8:23:2F:73:1A:EB:ED:BA:27:43:F2:19:D1:D2:11:5E:0A:AF:2C
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS204770.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.27.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:63:e8:23:5e:5a:bf:17:70:5a:2a:18:2d:38:d1:61:8d:5a:
         23:de:0f:48:27:85:3c:0a:b8:92:1b:1d:40:89:51:cf:62:ab:
         d7:98:70:2a:f1:26:31:2d:47:96:8c:80:2e:55:7e:01:16:3b:
         f2:5b:c9:eb:5d:a9:23:57:fb:63:d9:c6:5f:8f:20:53:70:e9:
         57:00:a2:e0:12:6a:ca:6a:06:40:70:49:b3:f9:57:5a:67:16:
         89:4e:73:5c:2a:e0:03:93:26:54:29:8f:07:c2:01:c7:12:ca:
         3a:4f:c2:cf:da:43:d3:7e:ce:64:b3:9d:0d:53:fa:17:55:54:
         9b:56:0b:f3:8e:16:40:16:9a:7e:68:ae:5b:50:84:e9:97:3d:
         1f:2a:72:71:fc:b7:d2:c9:79:18:12:9f:f6:9c:bb:64:b9:ac:
         00:27:29:ad:8f:ee:6a:7b:21:5c:f3:71:c5:ab:f1:5e:02:cd:
         a0:f5:2e:fc:f3:cc:03:ca:dc:c2:b4:98:a2:65:e9:d2:ac:0c:
         27:c4:d0:49:1b:fb:ea:e1:1d:18:f8:65:1c:e8:50:28:2d:25:
         15:40:04:ad:22:df:95:c9:24:78:21:e7:8e:06:1a:39:be:f2:
         e3:ac:2b:94:ff:5f:c0:4f:86:81:42:5a:8e:21:5f:f8:bf:fe:
         1b:89:cd:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY1t3GkQIR9haYkFwsgiR3TIQg4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA2MTIxMjA2NDdaFw0yNjA2MTExMjExNDdaMDMxMTAvBgNV
BAMTKEUwRDgyMzJGNzMxQUVCRURCQTI3NDNGMjE5RDFEMjExNUUwQUFGMkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWRkFwq2hxXHkdRxeGoJ5u0v2T
dRx+85cc4P7Fa0p8fSqBSqPwvVK9D39TohHHRWgQVaxnzyFbNgrbZcRYyB0x5Jav
oXpSsfA48bXBAdjsyEokVOAaw5hzAd3I3RUn7K06l0kPpHxKz+46QFJSyT4rkcpi
YlTjtYJC2dC53BYYjLOeD4fRl7xHJB4/D8QIncQMCBGqGH/B3V4osmdBGQaOLC8O
VZzWEgU2nlxxH9p3Xxf54H+lTysW8NsyRjTxVgm1OqQXdGlZo3Jr45ezUXyefyWZ
MIvh6k4YbmagB9dgGHQH+7Op/BSIBM0j72k/PSLBgXChIHLLHg2i4Xh82lR1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU4NgjL3Ma6+26J0PyGdHSEV4KrywwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhti
MA0GCSqGSIb3DQEBCwUAA4IBAQBEY+gjXlq/F3BaKhgtONFhjVoj3g9IJ4U8CriS
Gx1AiVHPYqvXmHAq8SYxLUeWjIAuVX4BFjvyW8nrXakjV/tj2cZfjyBTcOlXAKLg
EmrKagZAcEmz+VdaZxaJTnNcKuADkyZUKY8HwgHHEso6T8LP2kPTfs5ks50NU/oX
VVSbVgvzjhZAFpp+aK5bUITplz0fKnJx/LfSyXkYEp/2nLtkuawAJymtj+5qeyFc
83HFq/FeAs2g9S7888wDytzCtJiiZenSrAwnxNBJG/vq4R0Y+GUc6FAoLSUVQASt
It+VySR4IeeOBho5vvLjrCuU/1/AT4aBQlqOIV/4v/4bic2B
-----END CERTIFICATE-----