Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209604.roa
File:                     AS209604.roa (raw, json)
Hash identifier:          bicCLqW5AYE/+62yriE0kzAsyKbi7sC0RIFlZW8Ek8M=
Subject key identifier:   59:37:35:45:C2:2C:12:00:2C:49:19:F8:97:B5:B1:BC:1C:FC:2E:DC
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5FCE1E09C6296330CBEAD7A2CDB3BB86E643CD74
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209604.roa
Signing time:             Mon 28 Jul 2025 22:22:47 +0000
ROA not before:           Mon 28 Jul 2025 22:17:47 +0000
ROA not after:            Mon 27 Jul 2026 22:22:47 +0000
asID:                     209604
IP address blocks:        82.21.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 01:11:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:ce:1e:09:c6:29:63:30:cb:ea:d7:a2:cd:b3:bb:86:e6:43:cd:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jul 28 22:17:47 2025 GMT
            Not After : Jul 27 22:22:47 2026 GMT
        Subject: CN=59373545C22C12002C4919F897B5B1BC1CFC2EDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:49:df:cf:b4:63:15:56:ee:a5:17:e8:12:b2:
                    ad:0e:7e:17:ff:ef:f0:63:7b:ca:d3:d4:d5:b6:5f:
                    66:d8:17:f9:45:28:7e:6b:00:6c:ee:f9:67:ea:c1:
                    11:5c:1d:d2:9d:b3:76:24:df:95:f5:ae:28:ce:e7:
                    59:df:53:af:98:7f:0f:5f:b0:6f:18:c5:7e:c2:ac:
                    30:cf:56:34:0f:95:93:3c:aa:e4:18:12:07:31:b4:
                    11:64:34:f1:5f:d4:d0:f3:e1:a2:fa:51:2b:22:84:
                    e9:35:68:ec:79:a9:1d:f5:22:c4:26:e6:7c:1f:c5:
                    ff:3d:7d:94:29:10:fc:4b:10:1e:29:99:df:88:35:
                    7e:75:5d:36:5b:e2:71:4b:b3:31:4c:a2:aa:98:5d:
                    7f:6a:8e:ec:60:74:7b:71:07:38:3d:68:2c:ca:69:
                    e0:23:af:fa:e5:a3:c9:54:82:3d:67:d3:14:4f:92:
                    f2:9a:59:0e:80:e9:fc:6d:b9:dd:b6:7c:c1:16:b4:
                    01:87:ad:b0:f0:50:05:59:79:75:42:2c:4e:a9:4b:
                    2d:de:c2:8d:14:0a:02:c4:b3:4e:73:60:20:58:40:
                    1b:6d:f5:d9:96:7d:ae:ec:d1:31:c3:a9:95:74:2c:
                    b4:1f:d9:ef:2d:88:5b:cc:6d:21:f4:87:f3:7c:6d:
                    90:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:37:35:45:C2:2C:12:00:2C:49:19:F8:97:B5:B1:BC:1C:FC:2E:DC
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209604.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.21.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:94:c6:4f:bb:be:43:2c:6d:36:d6:c8:54:c3:9d:06:02:0d:
         39:18:db:52:52:c5:93:c6:ea:4d:1f:54:b2:87:56:25:49:8f:
         ad:79:70:6b:f6:21:69:31:5e:a0:14:c6:9f:99:b3:70:88:2c:
         97:08:c9:4b:59:99:2a:3a:01:4a:16:dd:bc:71:27:74:82:82:
         d3:2d:ae:f9:c7:b1:e5:74:97:89:23:89:64:66:03:93:b2:08:
         ee:f2:95:83:c9:f3:f8:b8:18:7f:90:a9:5a:41:4f:6d:e6:71:
         70:b6:68:a8:0b:2e:5b:a8:4c:ee:8b:77:6d:ae:73:ee:0e:9e:
         43:03:d3:eb:e2:55:af:bb:c3:79:fc:c1:9c:06:02:97:9a:1a:
         d6:ed:6d:8f:c4:34:5c:5d:7e:58:e7:33:e3:84:80:9f:3e:88:
         78:61:52:43:f8:44:65:67:fb:26:f0:a9:ae:4f:a3:4d:d4:3c:
         4a:66:e5:3d:ee:e5:df:0b:86:aa:b2:67:c3:55:9a:70:86:99:
         e2:60:3c:0e:33:8a:df:b3:17:e9:4b:9a:0e:1d:c9:5a:bf:af:
         5e:09:5d:51:42:d8:c5:33:c4:62:b4:31:eb:cd:c3:be:80:e3:
         1b:87:12:bf:ce:42:a7:27:d4:ea:90:d1:59:db:0b:1c:6c:cc:
         4c:34:76:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX84eCcYpYzDL6teizbO7huZDzXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA3MjgyMjE3NDdaFw0yNjA3MjcyMjIyNDdaMDMxMTAvBgNV
BAMTKDU5MzczNTQ1QzIyQzEyMDAyQzQ5MTlGODk3QjVCMUJDMUNGQzJFREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQSd/PtGMVVu6lF+gSsq0Ofhf/
7/Bje8rT1NW2X2bYF/lFKH5rAGzu+WfqwRFcHdKds3Yk35X1rijO51nfU6+Yfw9f
sG8YxX7CrDDPVjQPlZM8quQYEgcxtBFkNPFf1NDz4aL6USsihOk1aOx5qR31IsQm
5nwfxf89fZQpEPxLEB4pmd+INX51XTZb4nFLszFMoqqYXX9qjuxgdHtxBzg9aCzK
aeAjr/rlo8lUgj1n0xRPkvKaWQ6A6fxtud22fMEWtAGHrbDwUAVZeXVCLE6pSy3e
wo0UCgLEs05zYCBYQBtt9dmWfa7s0THDqZV0LLQf2e8tiFvMbSH0h/N8bZDtAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWTc1RcIsEgAsSRn4l7WxvBz8LtwwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5NjA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhWV
MA0GCSqGSIb3DQEBCwUAA4IBAQAjlMZPu75DLG021shUw50GAg05GNtSUsWTxupN
H1Syh1YlSY+teXBr9iFpMV6gFMafmbNwiCyXCMlLWZkqOgFKFt28cSd0goLTLa75
x7HldJeJI4lkZgOTsgju8pWDyfP4uBh/kKlaQU9t5nFwtmioCy5bqEzui3dtrnPu
Dp5DA9Pr4lWvu8N5/MGcBgKXmhrW7W2PxDRcXX5Y5zPjhICfPoh4YVJD+ERlZ/sm
8KmuT6NN1DxKZuU97uXfC4aqsmfDVZpwhpniYDwOM4rfsxfpS5oOHclav69eCV1R
QtjFM8RitDHrzcO+gOMbhxK/zkKnJ9TqkNFZ2wscbMxMNHa5
-----END CERTIFICATE-----