Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
File:                     AS213730.roa (raw, json)
Hash identifier:          DO3DaMRX+g5+xePkuglh2c9EGWj9r30e2CERrwoPIVw=
Subject key identifier:   56:DF:10:EB:0B:CB:51:31:45:C9:16:21:D5:23:D8:EF:E3:08:64:48
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       677A3C546358AA5F38803B9EF4D4B9BCECEA0AA7
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa
Signing time:             Sat 26 Apr 2025 15:24:37 +0000
ROA not before:           Sat 26 Apr 2025 15:19:37 +0000
ROA not after:            Sat 25 Apr 2026 15:24:37 +0000
asID:                     213730
IP address blocks:        46.203.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 00:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:7a:3c:54:63:58:aa:5f:38:80:3b:9e:f4:d4:b9:bc:ec:ea:0a:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 26 15:19:37 2025 GMT
            Not After : Apr 25 15:24:37 2026 GMT
        Subject: CN=56DF10EB0BCB513145C91621D523D8EFE3086448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d6:10:dc:eb:54:cc:05:9a:f3:96:bc:41:5c:
                    ff:61:31:18:f8:1c:98:11:00:53:6a:bb:38:9b:c2:
                    41:8e:d0:64:8a:e1:9a:1f:5b:14:24:e6:d7:f7:e0:
                    99:ee:17:47:a0:e2:39:84:30:3c:b0:de:2e:f6:f9:
                    74:3a:c6:8b:55:3d:4a:72:27:6a:fe:23:6f:71:13:
                    1f:9a:46:d9:3b:fa:60:fe:16:38:82:5e:e7:38:96:
                    78:80:89:e2:a7:10:57:51:9c:2b:5e:f6:44:9a:2c:
                    5d:01:63:84:12:52:33:f4:eb:c8:5e:f0:39:e0:a6:
                    cf:8a:cc:d9:dd:33:61:f1:36:24:89:9c:67:54:7c:
                    12:f7:14:35:91:42:af:32:9d:7d:79:aa:92:5e:a1:
                    12:bc:a9:54:24:21:34:d1:7a:a0:7c:e4:ca:17:50:
                    e9:3d:a7:99:28:e8:3b:02:e4:22:bf:b4:75:92:0a:
                    e7:e4:b3:25:27:fc:0e:23:99:93:a3:28:a7:32:70:
                    54:67:e3:65:09:af:6a:d7:d9:70:5f:3c:7e:63:93:
                    6c:40:6a:01:8a:56:30:66:cb:95:ba:7c:01:87:1b:
                    a8:f5:91:00:65:b7:42:0f:d4:f0:1a:93:4d:e9:92:
                    eb:bc:f4:65:12:42:89:bb:e9:88:6b:27:ea:8b:e9:
                    9b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:DF:10:EB:0B:CB:51:31:45:C9:16:21:D5:23:D8:EF:E3:08:64:48
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS213730.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:62:f4:32:75:f4:51:2d:5b:72:cc:82:c5:f5:59:23:21:3f:
         9a:bc:21:61:b8:e9:82:e1:dc:e5:c9:7f:07:17:03:0a:ba:86:
         32:33:ef:b7:79:60:35:b1:be:64:b0:8f:00:cb:82:09:24:bf:
         63:b3:41:e0:d7:a1:ff:5f:78:20:25:69:29:c9:0b:76:22:4f:
         55:e6:12:3b:85:f7:59:bd:f6:21:84:88:79:99:ce:d2:55:f5:
         a9:7d:b8:4d:56:76:36:05:5f:2f:d1:d3:a3:83:87:80:92:a4:
         01:54:1b:15:24:6d:0c:c8:aa:4c:91:8d:70:11:3b:a1:ab:dc:
         32:e7:06:d4:38:2b:04:48:ec:ca:c5:ad:cd:ad:ce:07:c5:e9:
         6c:cd:b4:c4:5b:cc:0a:bb:a3:67:98:80:34:d1:d5:76:2b:64:
         d1:18:42:a7:15:04:4a:f6:30:d3:5e:df:62:33:c1:d5:0a:b2:
         8c:4c:6c:f4:f7:9a:d9:8a:94:1e:be:42:43:a3:96:3b:cd:65:
         15:33:63:47:47:05:c1:75:53:7c:bd:37:7c:61:74:9b:7d:8c:
         b1:e4:41:73:a2:2b:d1:1c:0a:82:95:f8:bf:a2:07:19:5c:54:
         92:e1:5e:bc:02:e1:d3:a4:49:c5:ae:17:96:b6:2d:ae:e3:32:
         b8:e9:da:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZ3o8VGNYql84gDue9NS5vOzqCqcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA0MjYxNTE5MzdaFw0yNjA0MjUxNTI0MzdaMDMxMTAvBgNV
BAMTKDU2REYxMEVCMEJDQjUxMzE0NUM5MTYyMUQ1MjNEOEVGRTMwODY0NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc1hDc61TMBZrzlrxBXP9hMRj4
HJgRAFNquzibwkGO0GSK4ZofWxQk5tf34JnuF0eg4jmEMDyw3i72+XQ6xotVPUpy
J2r+I29xEx+aRtk7+mD+FjiCXuc4lniAieKnEFdRnCte9kSaLF0BY4QSUjP068he
8Dngps+KzNndM2HxNiSJnGdUfBL3FDWRQq8ynX15qpJeoRK8qVQkITTReqB85MoX
UOk9p5ko6DsC5CK/tHWSCufksyUn/A4jmZOjKKcycFRn42UJr2rX2XBfPH5jk2xA
agGKVjBmy5W6fAGHG6j1kQBlt0IP1PAak03pkuu89GUSQom76YhrJ+qL6Zu7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVt8Q6wvLUTFFyRYh1SPY7+MIZEgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjEzNzMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsv4
MA0GCSqGSIb3DQEBCwUAA4IBAQCgYvQydfRRLVtyzILF9VkjIT+avCFhuOmC4dzl
yX8HFwMKuoYyM++3eWA1sb5ksI8Ay4IJJL9js0Hg16H/X3ggJWkpyQt2Ik9V5hI7
hfdZvfYhhIh5mc7SVfWpfbhNVnY2BV8v0dOjg4eAkqQBVBsVJG0MyKpMkY1wETuh
q9wy5wbUOCsESOzKxa3Nrc4HxelszbTEW8wKu6NnmIA00dV2K2TRGEKnFQRK9jDT
Xt9iM8HVCrKMTGz095rZipQevkJDo5Y7zWUVM2NHRwXBdVN8vTd8YXSbfYyx5EFz
oivRHAqClfi/ogcZXFSS4V68AuHTpEnFrheWti2u4zK46dqz
-----END CERTIFICATE-----