Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201207.roa
File:                     AS201207.roa (raw, json)
Hash identifier:          tUhEwjKajQxGOTKMKk0RvO751eTVGWq8DrRvNiNHeUc=
Subject key identifier:   E3:9E:B6:31:7D:7D:23:E9:19:6B:FD:4F:14:89:45:59:CB:AC:DB:BB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       237F4D3A1697092788842DE71CF04FC435FDD655
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201207.roa
Signing time:             Thu 12 Jun 2025 14:10:33 +0000
ROA not before:           Thu 12 Jun 2025 14:05:33 +0000
ROA not after:            Thu 11 Jun 2026 14:10:33 +0000
asID:                     201207
IP address blocks:        2a0a:9e06::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:7f:4d:3a:16:97:09:27:88:84:2d:e7:1c:f0:4f:c4:35:fd:d6:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:33 2025 GMT
            Not After : Jun 11 14:10:33 2026 GMT
        Subject: CN=E39EB6317D7D23E9196BFD4F14894559CBACDBBB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:31:21:08:87:9b:8b:a7:41:9b:52:ba:8b:89:
                    a0:0a:57:ea:e5:52:e5:9f:69:b2:47:30:ae:b5:f5:
                    62:ae:ad:65:84:44:90:0a:aa:ef:e2:66:c6:1a:c7:
                    05:64:db:c9:8a:6a:dc:62:35:51:63:43:3e:b2:4c:
                    be:74:39:a4:92:b1:82:9b:6a:51:52:9c:15:71:e0:
                    ac:cd:0d:6d:46:e3:fb:aa:aa:12:da:df:74:25:85:
                    e1:6e:9b:7a:81:e5:6d:be:9a:4b:44:6d:f4:e1:0a:
                    08:82:a9:6b:25:13:ec:11:ff:68:a5:cc:56:90:ff:
                    b9:53:74:38:9f:5e:e3:ad:1d:81:93:4f:af:a1:88:
                    8d:36:45:6d:2f:f6:ee:37:01:03:4d:3f:61:74:7e:
                    a2:51:d7:32:b2:b2:ce:6a:b8:db:4f:5c:7b:13:3c:
                    05:a3:2b:35:b6:ba:46:29:ce:5e:d2:e9:3c:f7:29:
                    8a:53:55:fa:bc:e1:42:84:b8:fd:9c:3e:4f:fd:59:
                    b3:1d:ff:17:9f:a8:4a:bb:59:df:d2:57:a1:31:ad:
                    56:26:b0:4b:c3:7c:8b:cf:62:5f:b2:6e:77:22:28:
                    a3:ea:43:e1:05:1e:07:14:41:84:79:fe:9a:90:3e:
                    1f:df:e2:bb:fc:2b:f2:f4:f8:46:c4:ed:87:6d:19:
                    75:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:9E:B6:31:7D:7D:23:E9:19:6B:FD:4F:14:89:45:59:CB:AC:DB:BB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS201207.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e06::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:37:c3:d2:ec:c5:0e:74:2b:f1:a0:aa:ee:67:2f:cd:ca:03:
         41:fb:a1:e4:1e:34:96:4d:36:2c:37:36:98:62:36:d9:11:43:
         6e:e0:0f:b6:14:dd:8e:1a:01:9f:54:3a:49:0d:cb:05:f9:63:
         94:99:5a:36:22:6e:93:0c:68:aa:35:5a:4c:0b:82:fa:05:a9:
         fb:60:27:23:aa:43:df:68:75:bc:2b:ca:35:3b:5f:7f:9a:25:
         70:5b:08:71:b4:30:16:43:b3:da:82:35:d1:13:0c:16:70:0f:
         6e:f8:9a:c0:7e:9c:b6:85:10:a3:c1:50:61:22:af:60:e7:cc:
         c4:ed:36:98:69:12:c2:51:f7:77:d6:53:fd:4c:d4:3f:6b:00:
         37:d5:fb:72:91:5e:51:f5:85:39:8b:b5:83:83:9c:44:45:08:
         0e:5e:fb:66:6c:bd:d3:3b:69:5d:b8:34:d6:3d:4c:14:da:ca:
         7d:70:40:c2:63:c4:e0:f4:4a:4a:26:72:b4:2c:45:e2:d0:33:
         dd:a8:08:d0:7f:92:6f:00:00:1d:70:18:bb:a4:47:76:a7:48:
         81:17:38:60:be:ac:f4:16:0c:06:72:5f:e6:8f:3f:01:0f:77:
         9b:04:03:91:a9:7c:4b:ec:2b:f9:82:82:16:da:46:e1:24:95:
         ac:7a:48:00
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUI39NOhaXCSeIhC3nHPBPxDX91lUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MzNaFw0yNjA2MTExNDEwMzNaMDMxMTAvBgNV
BAMTKEUzOUVCNjMxN0Q3RDIzRTkxOTZCRkQ0RjE0ODk0NTU5Q0JBQ0RCQkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuMSEIh5uLp0GbUrqLiaAKV+rl
UuWfabJHMK619WKurWWERJAKqu/iZsYaxwVk28mKatxiNVFjQz6yTL50OaSSsYKb
alFSnBVx4KzNDW1G4/uqqhLa33QlheFum3qB5W2+mktEbfThCgiCqWslE+wR/2il
zFaQ/7lTdDifXuOtHYGTT6+hiI02RW0v9u43AQNNP2F0fqJR1zKyss5quNtPXHsT
PAWjKzW2ukYpzl7S6Tz3KYpTVfq84UKEuP2cPk/9WbMd/xefqEq7Wd/SV6ExrVYm
sEvDfIvPYl+ybnciKKPqQ+EFHgcUQYR5/pqQPh/f4rv8K/L0+EbE7YdtGXWNAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU4562MX19I+kZa/1PFIlFWcus27swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAxMjA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
BjANBgkqhkiG9w0BAQsFAAOCAQEAODfD0uzFDnQr8aCq7mcvzcoDQfuh5B40lk02
LDc2mGI22RFDbuAPthTdjhoBn1Q6SQ3LBfljlJlaNiJukwxoqjVaTAuC+gWp+2An
I6pD32h1vCvKNTtff5olcFsIcbQwFkOz2oI10RMMFnAPbviawH6ctoUQo8FQYSKv
YOfMxO02mGkSwlH3d9ZT/UzUP2sAN9X7cpFeUfWFOYu1g4OcREUIDl77Zmy90ztp
Xbg01j1MFNrKfXBAwmPE4PRKSiZytCxF4tAz3agI0H+SbwAAHXAYu6RHdqdIgRc4
YL6s9BYMBnJf5o8/AQ93mwQDkal8S+wr+YKCFtpG4SSVrHpIAA==
-----END CERTIFICATE-----