Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205227.roa
File:                     AS205227.roa (raw, json)
Hash identifier:          3KxFGuPbFWh5GhFBsZL0pHsXrY2XVLjnxsqPHQqmcd0=
Subject key identifier:   6A:C9:71:92:8F:2E:D0:3F:22:26:9B:C4:36:ED:08:B7:EA:B9:BD:58
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1DB29C7FD1F52F187788488D722B04E8E837A9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205227.roa
Signing time:             Thu 12 Jun 2025 14:10:04 +0000
ROA not before:           Thu 12 Jun 2025 14:05:04 +0000
ROA not after:            Thu 11 Jun 2026 14:10:04 +0000
asID:                     205227
IP address blocks:        2a0b:8705::/32 maxlen: 48
                          2a0c:fa46::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 01:56:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:b2:9c:7f:d1:f5:2f:18:77:88:48:8d:72:2b:04:e8:e8:37:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:04 2025 GMT
            Not After : Jun 11 14:10:04 2026 GMT
        Subject: CN=6AC971928F2ED03F22269BC436ED08B7EAB9BD58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:08:8f:43:a2:6f:50:eb:12:32:cd:93:51:75:
                    6e:91:00:03:59:40:c5:d6:70:8d:93:9f:9c:c7:5a:
                    3b:81:32:95:a5:6c:76:fb:7f:c6:95:03:4d:af:9a:
                    26:65:4c:98:cc:06:9a:c7:54:f5:bd:db:44:e9:e5:
                    31:21:97:da:27:99:90:bc:0c:50:9f:06:e7:5b:f5:
                    a6:29:34:d7:a7:71:37:eb:55:9b:a0:58:61:3b:5d:
                    b3:c4:9c:fa:37:24:a5:55:f0:e8:c2:a8:83:9b:26:
                    bb:35:1d:db:a6:5e:b8:86:2e:f2:32:e5:e9:91:62:
                    e8:3d:9b:0b:da:d1:11:f9:7e:e4:f8:87:1f:55:5d:
                    c1:55:b6:fd:66:76:aa:d4:58:e8:d4:31:c2:fe:53:
                    f5:7e:cc:43:ea:a7:ef:26:6f:83:4a:3c:a1:c2:e7:
                    51:15:d3:8e:5f:85:29:5b:09:74:96:92:28:26:e4:
                    df:4c:c2:49:40:bc:a9:b1:08:6f:a5:c3:70:61:73:
                    c1:ab:b9:76:82:f5:cf:19:fd:ff:4a:64:2a:40:a8:
                    a2:7c:8a:67:96:85:48:21:63:d0:7a:5c:20:13:fa:
                    d6:bd:f1:56:8b:bf:30:a6:bf:22:39:00:30:dd:ea:
                    1b:b7:ff:1b:64:10:c5:9c:cf:a9:05:9e:6b:c4:15:
                    f7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:C9:71:92:8F:2E:D0:3F:22:26:9B:C4:36:ED:08:B7:EA:B9:BD:58
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205227.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8705::/32
                  2a0c:fa46::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:5b:3e:71:a3:2d:ee:c1:ac:9e:e8:e7:10:d8:91:b7:a0:1c:
         33:ba:ec:c9:a7:b0:c9:d1:99:ef:a6:87:38:eb:cf:e1:ce:08:
         7c:a4:64:9e:f4:70:96:cf:56:0d:47:cf:dd:bd:2a:ce:47:04:
         89:fd:25:5f:24:d4:66:70:08:0d:f0:6a:b8:01:2f:b0:13:67:
         6a:35:56:01:cd:ba:6b:b1:f7:47:20:88:1e:15:fa:e9:85:ea:
         88:38:17:4d:41:ab:43:77:0d:5a:48:e9:98:f3:f3:18:43:06:
         31:e5:72:95:4e:e8:ed:95:ba:06:93:36:aa:54:b3:5c:cc:2a:
         87:c6:d7:34:86:4c:02:c9:b2:58:d0:0c:96:20:74:2b:47:1a:
         d8:e1:c1:6b:ea:76:8a:bc:29:52:a3:52:f2:e3:44:7e:3a:fe:
         13:95:ae:85:de:f4:c7:a3:79:e0:0f:bc:c3:1f:b8:eb:82:cf:
         1a:82:a0:38:81:38:a7:ed:92:d3:e5:2b:b8:ab:a1:a8:48:72:
         db:92:2b:05:69:15:e0:bd:24:3d:2a:70:e3:2a:2b:63:17:06:
         a8:b2:64:29:58:ee:ef:ab:79:1b:02:10:c4:8a:63:ce:2a:b7:
         97:d8:4e:d1:8e:79:29:03:a5:2f:0f:4b:fd:ba:e9:a1:91:c5:
         e6:39:ac:92
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgITHbKcf9H1Lxh3iEiNcisE6Og3qTANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg2MWIxYmI0NDQ3NzE4ZjE2YjNkMzY2NzVkMjA1YzRkZWE0
MWJiYTBhMB4XDTI1MDYxMjE0MDUwNFoXDTI2MDYxMTE0MTAwNFowMzExMC8GA1UE
AxMoNkFDOTcxOTI4RjJFRDAzRjIyMjY5QkM0MzZFRDA4QjdFQUI5QkQ1ODCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOMIj0Oib1DrEjLNk1F1bpEAA1lA
xdZwjZOfnMdaO4EylaVsdvt/xpUDTa+aJmVMmMwGmsdU9b3bROnlMSGX2ieZkLwM
UJ8G51v1pik016dxN+tVm6BYYTtds8Sc+jckpVXw6MKog5smuzUd26ZeuIYu8jLl
6ZFi6D2bC9rREfl+5PiHH1VdwVW2/WZ2qtRY6NQxwv5T9X7MQ+qn7yZvg0o8ocLn
URXTjl+FKVsJdJaSKCbk30zCSUC8qbEIb6XDcGFzwau5doL1zxn9/0pkKkCoonyK
Z5aFSCFj0HpcIBP61r3xVou/MKa/IjkAMN3qG7f/G2QQxZzPqQWea8QV90cCAwEA
AaOCAhIwggIOMB0GA1UdDgQWBBRqyXGSjy7QPyImm8Q27Qi36rm9WDAfBgNVHSME
GDAWgBRhsbtER3GPFrPTZnXSBcTepBu6CjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS81Mzc0NTllNy0yYTgzLTQzZDEtOWFhMS01ODQxN2FiYWM0
YjYvMS82MUIxQkI0NDQ3NzE4RjE2QjNEMzY2NzVEMjA1QzRERUE0MUJCQTBBLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvWWJHN1JFZHhqeGF6MDJaMTBnWEUzcVFi
dWdvLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00
M2QxLTlhYTEtNTg0MTdhYmFjNGI2LzEvQVMyMDUyMjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgACMA4DBQAqC4cF
AwUAKgz6RjANBgkqhkiG9w0BAQsFAAOCAQEAkFs+caMt7sGsnujnENiRt6AcM7rs
yaewydGZ76aHOOvP4c4IfKRknvRwls9WDUfP3b0qzkcEif0lXyTUZnAIDfBquAEv
sBNnajVWAc26a7H3RyCIHhX66YXqiDgXTUGrQ3cNWkjpmPPzGEMGMeVylU7o7ZW6
BpM2qlSzXMwqh8bXNIZMAsmyWNAMliB0K0ca2OHBa+p2irwpUqNS8uNEfjr+E5Wu
hd70x6N54A+8wx+464LPGoKgOIE4p+2S0+UruKuhqEhy25IrBWkV4L0kPSpw4yor
YxcGqLJkKVju76t5GwIQxIpjziq3l9hO0Y55KQOlLw9L/brpoZHF5jmskg==
-----END CERTIFICATE-----