Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa
File:                     AS208302.roa (raw, json)
Hash identifier:          EOY7lrgyt+lDQ5qqFO0A9tMCsMu04PMWdwmT7bmaIKA=
Subject key identifier:   26:19:4F:6D:A5:DA:2D:4D:60:B8:6E:55:DB:98:3F:1F:9C:85:65:63
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5DA514BCFCF832016D0B964662C30239CFA3E005
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa
Signing time:             Sat 24 May 2025 12:14:15 +0000
ROA not before:           Sat 24 May 2025 12:09:15 +0000
ROA not after:            Sat 23 May 2026 12:14:15 +0000
asID:                     208302
IP address blocks:        2a0f:85c1:c45::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 13:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:a5:14:bc:fc:f8:32:01:6d:0b:96:46:62:c3:02:39:cf:a3:e0:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 24 12:09:15 2025 GMT
            Not After : May 23 12:14:15 2026 GMT
        Subject: CN=26194F6DA5DA2D4D60B86E55DB983F1F9C856563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6a:e8:b5:6a:c7:b9:b9:28:ff:ca:ea:62:54:
                    84:87:bb:1d:b1:43:04:86:ea:75:41:0c:b5:77:1e:
                    b8:65:98:42:8e:d0:75:19:df:fa:d6:0a:49:ec:ea:
                    8e:ca:e1:93:f2:01:2d:49:6c:8e:22:8a:c6:0a:60:
                    1f:9c:16:10:2f:14:a3:53:0e:83:df:84:ec:a5:6d:
                    b0:f3:29:b0:2f:bc:40:34:5a:c0:6e:6f:3f:64:bd:
                    05:b0:4d:9b:a7:fe:44:8f:f6:60:5c:42:77:c7:68:
                    11:54:d7:0f:7c:cc:a7:0e:86:b2:ff:e0:1e:48:a2:
                    08:59:70:c0:d4:36:75:5d:96:b2:44:ea:87:19:7d:
                    c2:65:3c:ac:a9:0b:25:d7:8b:09:71:9c:4c:58:11:
                    13:aa:7c:30:85:09:eb:51:ef:81:c4:7d:a2:69:d5:
                    3b:bb:99:76:b3:58:e7:54:58:1c:66:b9:49:56:21:
                    56:39:8e:91:60:33:57:a5:42:47:ee:57:b6:88:7e:
                    a1:bb:7d:f7:2a:cc:09:7e:17:10:80:3a:37:8e:53:
                    b5:d0:af:e2:38:75:6f:fa:84:52:a8:8e:7d:5b:69:
                    84:87:0f:e6:24:3d:de:a1:15:a4:5e:fc:04:99:bd:
                    93:7f:eb:32:a5:92:cc:52:35:ad:f3:c0:66:89:df:
                    48:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:19:4F:6D:A5:DA:2D:4D:60:B8:6E:55:DB:98:3F:1F:9C:85:65:63
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c45::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:3c:4a:94:c4:3c:22:bb:5f:cf:6d:d0:fe:33:ae:74:1c:e0:
         ec:59:ad:30:69:22:01:70:df:c7:ed:4c:3b:12:61:24:04:bc:
         e0:90:a3:2d:dc:9a:4c:d8:6d:6d:34:dc:f6:2f:6e:77:88:3b:
         36:b8:07:eb:83:e8:d7:5d:6c:ef:0a:2b:06:57:c6:91:75:e0:
         ba:3f:21:06:9f:05:0c:31:d2:6c:cb:2c:8e:b7:52:28:d2:e5:
         c7:ef:80:b3:94:d7:09:46:75:fb:ca:92:ae:2f:5a:5e:5d:2d:
         f2:da:15:4a:40:1e:fa:5d:ba:72:ca:ed:79:23:9c:a9:36:d4:
         25:9d:c2:47:6e:51:47:81:a2:b6:ff:26:7a:d7:89:c1:46:a8:
         ac:af:8a:88:5c:50:86:88:64:35:34:d4:68:01:24:e8:64:04:
         1b:10:21:f0:f7:48:55:1c:7f:e4:97:af:8d:5f:ef:36:33:22:
         09:d3:77:e2:45:b9:07:ac:b3:00:4a:b5:a5:1a:8b:05:89:16:
         24:c3:78:ee:86:fe:a3:eb:f4:4d:4c:a5:a4:c8:b0:8e:e6:7f:
         49:a3:2f:ce:00:cd:34:cc:00:94:e2:bb:8d:05:31:06:a8:44:
         d3:c7:4b:28:4a:4a:8c:5f:d1:43:8d:34:0a:c3:07:be:d7:91:
         23:4c:f6:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUXaUUvPz4MgFtC5ZGYsMCOc+j4AUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MjQxMjA5MTVaFw0yNjA1MjMxMjE0MTVaMDMxMTAvBgNV
BAMTKDI2MTk0RjZEQTVEQTJENEQ2MEI4NkU1NURCOTgzRjFGOUM4NTY1NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaui1ase5uSj/yupiVISHux2x
QwSG6nVBDLV3HrhlmEKO0HUZ3/rWCkns6o7K4ZPyAS1JbI4iisYKYB+cFhAvFKNT
DoPfhOylbbDzKbAvvEA0WsBubz9kvQWwTZun/kSP9mBcQnfHaBFU1w98zKcOhrL/
4B5IoghZcMDUNnVdlrJE6ocZfcJlPKypCyXXiwlxnExYEROqfDCFCetR74HEfaJp
1Tu7mXazWOdUWBxmuUlWIVY5jpFgM1elQkfuV7aIfqG7ffcqzAl+FxCAOjeOU7XQ
r+I4dW/6hFKojn1baYSHD+YkPd6hFaRe/ASZvZN/6zKlksxSNa3zwGaJ30ghAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUJhlPbaXaLU1guG5V25g/H5yFZWMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4MzAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxFMA0GCSqGSIb3DQEBCwUAA4IBAQAvPEqUxDwiu1/PbdD+M650HODsWa0waSIB
cN/H7Uw7EmEkBLzgkKMt3JpM2G1tNNz2L253iDs2uAfrg+jXXWzvCisGV8aRdeC6
PyEGnwUMMdJsyyyOt1Io0uXH74CzlNcJRnX7ypKuL1peXS3y2hVKQB76Xbpyyu15
I5ypNtQlncJHblFHgaK2/yZ614nBRqisr4qIXFCGiGQ1NNRoASToZAQbECHw90hV
HH/kl6+NX+82MyIJ03fiRbkHrLMASrWlGosFiRYkw3juhv6j6/RNTKWkyLCO5n9J
oy/OAM00zACU4ruNBTEGqETTx0soSkqMX9FDjTQKwwe+15EjTPbn
-----END CERTIFICATE-----