Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
File:                     AS205896.roa (raw, json)
Hash identifier:          1XvJzzcNHsBLwap0v83ntJ9Wk1gMM5v4zFWgvpMVFbM=
Subject key identifier:   10:79:5C:0E:00:81:D0:6C:B3:A0:BB:F6:F3:F0:AA:4C:A4:9D:27:E2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       443138BEBF0FC441E96B8F3950FBDB8A18A49461
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa
Signing time:             Thu 16 Oct 2025 03:48:10 +0000
ROA not before:           Thu 16 Oct 2025 03:43:10 +0000
ROA not after:            Thu 15 Oct 2026 03:48:10 +0000
asID:                     205896
IP address blocks:        143.14.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:31:38:be:bf:0f:c4:41:e9:6b:8f:39:50:fb:db:8a:18:a4:94:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 16 03:43:10 2025 GMT
            Not After : Oct 15 03:48:10 2026 GMT
        Subject: CN=10795C0E0081D06CB3A0BBF6F3F0AA4CA49D27E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d7:3e:a4:65:53:ce:e0:e2:f6:3b:39:a3:78:
                    94:a9:58:85:cd:79:28:02:a1:f1:3e:4c:9d:a0:54:
                    35:61:66:81:31:a6:26:2f:b9:5b:11:15:b4:20:8e:
                    06:46:68:5f:89:10:6c:68:72:bd:c8:39:8d:7c:60:
                    90:42:7a:56:3d:f3:ad:6e:c6:ff:96:70:8d:43:ef:
                    62:8d:f8:8d:4f:8d:d4:da:f5:50:47:d3:ed:77:d4:
                    97:9c:9a:ad:c8:63:1d:da:83:64:f6:2f:e8:e0:ee:
                    05:74:d7:6a:24:46:b8:eb:b7:92:68:56:e5:b6:da:
                    ca:db:06:f4:f7:a8:98:e6:77:8c:73:12:88:82:69:
                    8b:d3:c9:9e:cb:91:01:9a:92:39:24:b0:ad:42:5b:
                    02:1f:4b:45:ae:2f:c0:5d:4a:f8:d1:b2:fa:13:54:
                    de:48:52:01:34:f0:3a:57:19:17:d1:25:cc:4e:65:
                    59:5a:90:26:28:db:8e:d0:7f:96:09:23:71:51:6e:
                    28:95:c2:e9:23:1e:c4:b2:fa:db:42:a0:01:60:6b:
                    f7:d4:13:62:1f:8e:ae:46:17:5b:ea:95:b8:23:4c:
                    fa:16:55:b2:af:03:31:1f:29:3c:e6:78:cb:0b:15:
                    b1:c0:24:73:29:93:da:b2:92:ab:3e:e5:81:27:3d:
                    62:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:79:5C:0E:00:81:D0:6C:B3:A0:BB:F6:F3:F0:AA:4C:A4:9D:27:E2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205896.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:cd:dc:61:d4:cc:ad:6b:6d:30:c0:61:19:bd:c1:7c:2c:cc:
         06:31:59:93:41:c6:e5:83:16:8a:13:5f:16:08:4a:43:ba:30:
         1b:8c:fa:f5:a0:28:1c:7b:a7:36:bf:83:86:a2:62:77:c1:28:
         ae:5e:32:a2:e5:ac:db:90:7c:8a:13:f3:98:82:bb:a3:d6:8b:
         4c:0f:51:f7:ed:47:56:23:c0:74:0e:28:0c:eb:ba:f1:09:a3:
         03:76:42:64:c4:55:f3:28:c4:b1:d7:13:cf:22:1b:7e:77:46:
         11:f4:cd:8c:dd:17:73:6d:14:db:0b:b0:80:12:f2:e1:df:94:
         0a:1f:50:01:fb:71:8b:8d:39:23:89:86:fe:a2:c9:1b:79:5b:
         e1:d6:f2:c3:c4:3b:88:b0:b0:f2:a8:c3:0a:66:a7:f2:6c:f7:
         2d:ab:bc:c8:44:7b:af:a7:13:e7:96:b4:c7:17:7c:0b:b6:74:
         52:e5:48:64:12:4e:e9:e1:04:24:5c:5d:47:3f:a5:7a:a0:1e:
         03:92:55:fd:b8:64:8e:12:83:4e:c9:e7:ee:2c:ce:1f:41:b9:
         6c:0a:08:48:8b:b3:1f:88:f2:34:8b:19:ff:3b:17:dd:76:39:
         e5:d9:b0:1b:ec:e6:41:82:2d:7a:f4:94:0f:03:01:3a:88:a9:
         1e:40:8b:0a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURDE4vr8PxEHpa485UPvbihiklGEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTYwMzQzMTBaFw0yNjEwMTUwMzQ4MTBaMDMxMTAvBgNV
BAMTKDEwNzk1QzBFMDA4MUQwNkNCM0EwQkJGNkYzRjBBQTRDQTQ5RDI3RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV1z6kZVPO4OL2OzmjeJSpWIXN
eSgCofE+TJ2gVDVhZoExpiYvuVsRFbQgjgZGaF+JEGxocr3IOY18YJBCelY9861u
xv+WcI1D72KN+I1PjdTa9VBH0+131Jecmq3IYx3ag2T2L+jg7gV012okRrjrt5Jo
VuW22srbBvT3qJjmd4xzEoiCaYvTyZ7LkQGakjkksK1CWwIfS0WuL8BdSvjRsvoT
VN5IUgE08DpXGRfRJcxOZVlakCYo247Qf5YJI3FRbiiVwukjHsSy+ttCoAFga/fU
E2Ifjq5GF1vqlbgjTPoWVbKvAzEfKTzmeMsLFbHAJHMpk9qykqs+5YEnPWKnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEHlcDgCB0GyzoLv28/CqTKSdJ+IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw63
MA0GCSqGSIb3DQEBCwUAA4IBAQAYzdxh1Myta20wwGEZvcF8LMwGMVmTQcblgxaK
E18WCEpDujAbjPr1oCgce6c2v4OGomJ3wSiuXjKi5azbkHyKE/OYgruj1otMD1H3
7UdWI8B0DigM67rxCaMDdkJkxFXzKMSx1xPPIht+d0YR9M2M3RdzbRTbC7CAEvLh
35QKH1AB+3GLjTkjiYb+oskbeVvh1vLDxDuIsLDyqMMKZqfybPctq7zIRHuvpxPn
lrTHF3wLtnRS5UhkEk7p4QQkXF1HP6V6oB4DklX9uGSOEoNOyefuLM4fQblsCghI
i7MfiPI0ixn/Oxfddjnl2bAb7OZBgi169JQPAwE6iKkeQIsK
-----END CERTIFICATE-----