Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS207654.roa
File:                     AS207654.roa (raw, json)
Hash identifier:          ZSFxThGneIBH2yStTA3bBZlpPy8KbeO+royJpbkOmHc=
Subject key identifier:   2B:94:08:0C:7A:48:38:4E:F1:A9:B0:80:EF:88:3A:B4:08:4A:D1:CC
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       652EE6FC768B83247E3DC9937B66C361313ECC8A
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS207654.roa
Signing time:             Tue 30 Sep 2025 10:03:14 +0000
ROA not before:           Tue 30 Sep 2025 09:58:14 +0000
ROA not after:            Tue 29 Sep 2026 10:03:14 +0000
asID:                     207654
IP address blocks:        82.139.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:2e:e6:fc:76:8b:83:24:7e:3d:c9:93:7b:66:c3:61:31:3e:cc:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:14 2025 GMT
            Not After : Sep 29 10:03:14 2026 GMT
        Subject: CN=2B94080C7A48384EF1A9B080EF883AB4084AD1CC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:b8:12:83:62:b3:83:0a:6e:52:f9:dc:95:
                    7d:15:28:93:65:08:c4:cd:e6:66:ec:fd:25:71:27:
                    4d:52:04:2a:b6:19:ee:5c:00:97:90:6a:4f:1a:fb:
                    28:a2:1b:be:55:b2:bd:43:b8:4f:d4:43:5a:1a:be:
                    ff:1b:6a:82:f8:98:8a:63:7e:30:8e:b6:3e:11:7d:
                    7e:15:c5:2b:b3:de:2c:96:d7:f7:49:ad:db:da:75:
                    23:8e:4d:5e:60:f8:7e:0f:09:c9:fa:88:c5:b8:18:
                    72:6d:67:9d:fa:8e:ef:04:32:63:e4:06:ec:a3:15:
                    37:5d:a1:76:32:d3:41:ca:66:66:cd:ab:3c:34:15:
                    5c:72:82:71:8c:ab:3b:5d:f6:9e:57:dc:3f:e1:c7:
                    26:99:13:cf:55:b4:33:48:19:39:f4:f4:22:fd:ca:
                    fa:ba:2a:0c:67:17:3e:b5:43:70:7b:af:f8:9d:f1:
                    74:b1:23:84:19:28:2b:45:ea:49:d1:d1:44:a9:3d:
                    db:9c:89:2c:73:f7:7b:e6:22:c5:4e:cf:7e:30:78:
                    37:57:f2:36:41:36:f6:cb:d9:02:b1:e8:d4:a3:c3:
                    00:49:7f:2e:7c:a8:a0:c5:f0:44:23:22:f5:42:7b:
                    5a:3a:c1:ef:08:38:b8:8b:b0:df:bd:6a:31:ea:6d:
                    e6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:94:08:0C:7A:48:38:4E:F1:A9:B0:80:EF:88:3A:B4:08:4A:D1:CC
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS207654.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:76:c4:01:55:14:68:18:b8:cf:a2:17:35:c9:f7:29:18:97:
         da:5f:2b:3d:8f:28:c4:e7:c8:21:1f:bf:33:33:19:42:12:b8:
         28:dc:8b:72:16:81:60:86:c0:f9:a2:0d:f5:b1:0f:e2:79:ba:
         45:23:90:2c:d2:72:8a:b0:a8:f4:bb:c0:f6:62:a6:d6:4f:b5:
         70:fe:8b:e3:4c:9f:c2:66:6f:cd:19:9e:82:e4:62:04:65:ea:
         5f:56:a2:d9:b2:d6:2b:e1:76:2b:27:0a:ff:48:93:e9:91:7a:
         40:22:2f:89:f3:a8:2d:1e:ab:6e:5b:e4:72:2b:05:0e:72:6a:
         51:14:14:67:4f:ec:a5:ad:f4:00:cc:b0:87:d4:4c:a0:2d:39:
         64:3e:6e:65:e7:c3:e6:c7:60:91:83:39:6d:70:5a:83:15:10:
         34:c1:6a:51:55:d7:03:f9:34:af:da:b6:e9:6e:6e:62:81:ce:
         14:5c:34:3c:f6:0d:3d:f5:d4:6f:1f:f0:84:84:48:91:9c:49:
         58:a9:5f:bf:13:80:1a:7b:dc:39:0b:71:9c:88:56:38:15:7a:
         3d:89:30:9e:ef:53:16:63:1e:6c:e8:b9:cb:4b:f3:b9:4c:37:
         bd:ce:d7:cc:4f:eb:62:1b:5d:4c:62:77:a2:37:2a:fd:21:40:
         a1:9c:31:9a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZS7m/HaLgyR+PcmTe2bDYTE+zIowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTRaFw0yNjA5MjkxMDAzMTRaMDMxMTAvBgNV
BAMTKDJCOTQwODBDN0E0ODM4NEVGMUE5QjA4MEVGODgzQUI0MDg0QUQxQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3wbgSg2KzgwpuUvnclX0VKJNl
CMTN5mbs/SVxJ01SBCq2Ge5cAJeQak8a+yiiG75Vsr1DuE/UQ1oavv8baoL4mIpj
fjCOtj4RfX4VxSuz3iyW1/dJrdvadSOOTV5g+H4PCcn6iMW4GHJtZ536ju8EMmPk
BuyjFTddoXYy00HKZmbNqzw0FVxygnGMqztd9p5X3D/hxyaZE89VtDNIGTn09CL9
yvq6KgxnFz61Q3B7r/id8XSxI4QZKCtF6knR0USpPduciSxz93vmIsVOz34weDdX
8jZBNvbL2QKx6NSjwwBJfy58qKDF8EQjIvVCe1o6we8IOLiLsN+9ajHqbebjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUK5QIDHpIOE7xqbCA74g6tAhK0cwwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjA3NjU0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovW
MA0GCSqGSIb3DQEBCwUAA4IBAQB7dsQBVRRoGLjPohc1yfcpGJfaXys9jyjE58gh
H78zMxlCErgo3ItyFoFghsD5og31sQ/iebpFI5As0nKKsKj0u8D2YqbWT7Vw/ovj
TJ/CZm/NGZ6C5GIEZepfVqLZstYr4XYrJwr/SJPpkXpAIi+J86gtHqtuW+RyKwUO
cmpRFBRnT+ylrfQAzLCH1EygLTlkPm5l58Pmx2CRgzltcFqDFRA0wWpRVdcD+TSv
2rbpbm5igc4UXDQ89g099dRvH/CEhEiRnElYqV+/E4Aae9w5C3GciFY4FXo9iTCe
71MWYx5s6LnLS/O5TDe9ztfMT+tiG11MYneiNyr9IUChnDGa
-----END CERTIFICATE-----