Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205418.roa
File:                     AS205418.roa (raw, json)
Hash identifier:          nyptMb3oah2guuGHZnemhOI8mwb9EAOjga9TZw/D1mk=
Subject key identifier:   9F:FD:14:BC:4B:C9:B6:27:EB:3A:95:8F:98:7E:23:5D:2A:30:F8:12
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2B095B52D46457B873FAD293C00E430F897D119F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205418.roa
Signing time:             Fri 22 Aug 2025 12:17:56 +0000
ROA not before:           Fri 22 Aug 2025 12:12:56 +0000
ROA not after:            Fri 21 Aug 2026 12:17:56 +0000
asID:                     205418
IP address blocks:        155.117.164.0/24 maxlen: 24
                          162.141.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:09:5b:52:d4:64:57:b8:73:fa:d2:93:c0:0e:43:0f:89:7d:11:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 22 12:12:56 2025 GMT
            Not After : Aug 21 12:17:56 2026 GMT
        Subject: CN=9FFD14BC4BC9B627EB3A958F987E235D2A30F812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:71:ef:94:6e:da:84:62:3b:6b:b9:32:8d:4d:
                    47:23:26:f9:f9:6f:70:b7:e5:52:f0:2f:e9:5d:50:
                    7d:7d:11:b6:7a:35:7a:4e:7d:b6:67:87:cc:00:ac:
                    ba:6f:44:66:2b:5d:8c:c8:29:00:a9:e9:a8:ca:25:
                    ab:17:24:5d:5d:93:4c:4a:ca:9f:25:0a:3f:e8:4a:
                    63:0e:18:f0:9c:e1:b7:54:4c:13:9a:e7:7b:0f:4c:
                    8c:73:4c:24:06:37:aa:11:21:6f:19:01:69:b9:db:
                    da:94:80:3a:63:90:87:80:07:e6:57:43:e9:a6:3c:
                    d0:b6:e9:c7:4b:ac:bd:b6:f0:74:12:bb:c1:47:6f:
                    fa:b3:a7:5c:80:87:26:69:dd:79:e1:0e:fd:05:b7:
                    a2:16:c6:5c:16:ba:de:32:a0:b7:72:a2:51:6e:07:
                    df:0d:fb:3f:35:d1:af:8f:14:82:ce:ae:97:e9:72:
                    b4:db:78:17:8a:da:58:39:6d:54:56:9d:d9:62:d0:
                    bd:25:89:90:92:2b:c0:8b:3f:f0:41:bf:94:f0:de:
                    26:53:37:a9:ac:9f:35:8a:b7:f0:5c:02:6b:9a:43:
                    4f:cb:0f:ed:09:f5:a8:9f:5b:54:3b:75:e6:68:53:
                    6c:21:55:27:7f:a2:f1:8a:c7:67:c2:64:2e:65:d6:
                    75:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:FD:14:BC:4B:C9:B6:27:EB:3A:95:8F:98:7E:23:5D:2A:30:F8:12
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205418.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.164.0/24
                  162.141.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:cf:0b:7e:dc:b4:92:73:36:04:2e:67:e0:66:82:eb:42:e5:
         99:42:fb:69:92:23:b5:06:25:1c:f0:76:05:86:26:0f:00:84:
         5a:c6:33:d2:91:eb:ac:27:57:c6:c5:49:77:d0:cd:16:9f:a5:
         cf:b8:97:e5:a4:1c:6e:98:57:38:b9:27:59:1f:3a:15:7a:b7:
         d7:4f:f3:7a:94:aa:a5:43:b6:b2:9e:51:a1:75:d9:4e:ce:25:
         a5:29:53:d7:34:60:4c:84:ed:50:5e:43:36:b6:21:02:1c:2d:
         45:5a:00:ee:4b:a0:a7:8c:6c:01:05:a7:45:71:ce:14:1b:d8:
         94:cd:1b:8c:ec:03:cf:a3:df:4a:9b:c0:ef:14:76:9e:64:01:
         d6:e0:5f:aa:8e:d9:4e:d1:01:0b:59:fa:7d:01:4e:70:ba:35:
         8f:26:05:67:46:fa:72:2d:9a:b4:54:4e:16:a4:8e:d4:fa:2e:
         15:c7:65:28:6f:c5:66:05:c5:13:17:69:da:7e:ad:0f:25:3b:
         80:38:ec:f3:78:89:fc:da:9b:ba:10:15:e5:d6:3e:07:a6:80:
         54:46:9d:c9:7e:b2:a2:88:44:c0:a6:4a:8e:55:74:23:48:31:
         4d:63:9c:dc:3c:b5:92:a0:90:f4:15:7a:af:a0:11:49:32:56:
         d1:b3:0c:39
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKwlbUtRkV7hz+tKTwA5DD4l9EZ8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MjIxMjEyNTZaFw0yNjA4MjExMjE3NTZaMDMxMTAvBgNV
BAMTKDlGRkQxNEJDNEJDOUI2MjdFQjNBOTU4Rjk4N0UyMzVEMkEzMEY4MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRce+UbtqEYjtruTKNTUcjJvn5
b3C35VLwL+ldUH19EbZ6NXpOfbZnh8wArLpvRGYrXYzIKQCp6ajKJasXJF1dk0xK
yp8lCj/oSmMOGPCc4bdUTBOa53sPTIxzTCQGN6oRIW8ZAWm529qUgDpjkIeAB+ZX
Q+mmPNC26cdLrL228HQSu8FHb/qzp1yAhyZp3XnhDv0Ft6IWxlwWut4yoLdyolFu
B98N+z810a+PFILOrpfpcrTbeBeK2lg5bVRWndli0L0liZCSK8CLP/BBv5Tw3iZT
N6msnzWKt/BcAmuaQ0/LD+0J9aifW1Q7deZoU2whVSd/ovGKx2fCZC5l1nWtAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUn/0UvEvJtifrOpWPmH4jXSow+BIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1NDE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3Wk
AwQAoo0EMA0GCSqGSIb3DQEBCwUAA4IBAQCtzwt+3LSSczYELmfgZoLrQuWZQvtp
kiO1BiUc8HYFhiYPAIRaxjPSkeusJ1fGxUl30M0Wn6XPuJflpBxumFc4uSdZHzoV
erfXT/N6lKqlQ7aynlGhddlOziWlKVPXNGBMhO1QXkM2tiECHC1FWgDuS6CnjGwB
BadFcc4UG9iUzRuM7APPo99Km8DvFHaeZAHW4F+qjtlO0QELWfp9AU5wujWPJgVn
RvpyLZq0VE4WpI7U+i4Vx2Uob8VmBcUTF2nafq0PJTuAOOzzeIn82pu6EBXl1j4H
poBURp3JfrKiiETApkqOVXQjSDFNY5zcPLWSoJD0FXqvoBFJMlbRsww5
-----END CERTIFICATE-----