Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS206781.roa
File:                     AS206781.roa (raw, json)
Hash identifier:          u5AtvuN8DZoybC5jmpdLGiJIsJAgQ1te19Ty/6LaNP8=
Subject key identifier:   CA:24:77:96:2D:0F:28:62:FD:35:41:C7:6A:F7:5A:05:C6:5A:92:1A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       40F8452761D39F293342E7CC03819EAE7DBE88AA
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS206781.roa
Signing time:             Tue 30 Sep 2025 10:03:13 +0000
ROA not before:           Tue 30 Sep 2025 09:58:13 +0000
ROA not after:            Tue 29 Sep 2026 10:03:13 +0000
asID:                     206781
IP address blocks:        82.139.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:f8:45:27:61:d3:9f:29:33:42:e7:cc:03:81:9e:ae:7d:be:88:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:13 2025 GMT
            Not After : Sep 29 10:03:13 2026 GMT
        Subject: CN=CA2477962D0F2862FD3541C76AF75A05C65A921A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7e:cf:cb:3b:81:f4:c4:bc:6e:5b:dd:94:94:
                    6b:e3:19:5f:17:b9:76:08:b2:05:db:db:84:ad:86:
                    fb:6a:a2:38:5a:7c:0a:db:e4:96:85:1d:37:3b:41:
                    13:88:1d:e6:27:42:98:2f:5f:61:fb:f4:09:6e:36:
                    95:33:04:97:33:9f:7f:c3:31:ad:af:12:b6:15:76:
                    71:76:9e:42:c2:7d:77:35:83:92:05:ae:66:c8:ff:
                    95:35:fd:3c:9e:66:c3:3c:f2:42:49:da:db:8b:e7:
                    76:c5:03:42:0b:19:e1:c1:a7:4c:71:82:61:3b:2e:
                    54:98:ff:b8:f8:fb:cd:18:30:93:6c:16:82:06:a9:
                    aa:ea:16:06:f6:ac:66:23:7d:eb:30:7e:bb:66:1a:
                    3a:41:31:17:d2:28:4e:19:4e:8b:a9:4e:af:fb:7a:
                    2d:43:aa:86:a7:85:88:da:38:59:6f:2e:8e:b3:5f:
                    43:1b:49:0a:e2:78:e7:ec:1e:f9:4c:07:63:63:bf:
                    1a:6e:de:b0:05:85:ed:31:e1:04:16:81:40:d5:d0:
                    94:a1:14:b3:f9:ac:4c:1e:ad:46:f4:95:ae:40:cf:
                    a1:79:cc:88:93:3e:9d:71:b5:a1:59:fc:93:2a:80:
                    f9:ca:8a:14:57:ca:03:7f:41:f1:f8:ed:ab:e5:85:
                    b0:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:24:77:96:2D:0F:28:62:FD:35:41:C7:6A:F7:5A:05:C6:5A:92:1A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS206781.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:43:17:e2:5f:bc:12:0e:61:94:b1:75:2f:7a:c8:2c:4b:29:
         0b:3d:64:b4:d4:35:6e:38:9b:b5:32:49:17:52:6c:a1:5d:85:
         d4:58:fd:3b:6b:bf:de:6e:db:00:b9:cc:40:d5:4a:e0:58:4b:
         ce:91:03:38:71:7d:ab:58:ce:37:36:7e:d3:6f:cc:6e:f8:8e:
         7c:79:ab:18:a7:37:45:d7:8a:89:3b:81:4d:d3:3d:fb:64:16:
         00:af:66:8f:cf:48:3b:ac:e4:62:29:91:2c:ea:3e:ad:e5:07:
         27:d8:74:67:29:ad:f8:06:d7:5b:0b:78:f9:47:4a:76:0e:5d:
         78:7e:d5:cc:95:92:39:b0:1b:88:0d:1a:e0:64:97:1d:07:66:
         cd:88:ae:6a:46:5d:79:da:07:2e:45:c7:91:6c:b8:90:58:24:
         b2:81:1d:f3:15:6b:3c:24:eb:e6:66:30:d8:cd:18:62:2b:ed:
         b2:5f:27:60:19:e0:56:bf:8a:aa:c7:b8:7b:d1:c8:56:86:69:
         31:ac:07:b5:02:df:fd:78:0e:e8:e8:60:12:69:cb:60:d3:3c:
         a1:61:79:5d:c3:2c:be:a4:a1:02:fc:42:fb:96:0c:98:f3:56:
         01:0f:a8:ec:45:83:36:52:78:b4:c4:71:f4:c4:69:67:2d:c1:
         ed:68:19:9b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQPhFJ2HTnykzQufMA4Gern2+iKowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTNaFw0yNjA5MjkxMDAzMTNaMDMxMTAvBgNV
BAMTKENBMjQ3Nzk2MkQwRjI4NjJGRDM1NDFDNzZBRjc1QTA1QzY1QTkyMUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+fs/LO4H0xLxuW92UlGvjGV8X
uXYIsgXb24SthvtqojhafArb5JaFHTc7QROIHeYnQpgvX2H79AluNpUzBJczn3/D
Ma2vErYVdnF2nkLCfXc1g5IFrmbI/5U1/TyeZsM88kJJ2tuL53bFA0ILGeHBp0xx
gmE7LlSY/7j4+80YMJNsFoIGqarqFgb2rGYjfeswfrtmGjpBMRfSKE4ZToupTq/7
ei1DqoanhYjaOFlvLo6zX0MbSQrieOfsHvlMB2Njvxpu3rAFhe0x4QQWgUDV0JSh
FLP5rEwerUb0la5Az6F5zIiTPp1xtaFZ/JMqgPnKihRXygN/QfH47avlhbCjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyiR3li0PKGL9NUHHavdaBcZakhowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjA2NzgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUov7
MA0GCSqGSIb3DQEBCwUAA4IBAQBkQxfiX7wSDmGUsXUvesgsSykLPWS01DVuOJu1
MkkXUmyhXYXUWP07a7/ebtsAucxA1UrgWEvOkQM4cX2rWM43Nn7Tb8xu+I58easY
pzdF14qJO4FN0z37ZBYAr2aPz0g7rORiKZEs6j6t5Qcn2HRnKa34BtdbC3j5R0p2
Dl14ftXMlZI5sBuIDRrgZJcdB2bNiK5qRl152gcuRceRbLiQWCSygR3zFWs8JOvm
ZjDYzRhiK+2yXydgGeBWv4qqx7h70chWhmkxrAe1At/9eA7o6GASactg0zyhYXld
wyy+pKEC/EL7lgyY81YBD6jsRYM2Uni0xHH0xGlnLcHtaBmb
-----END CERTIFICATE-----