Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
File:                     AS205733.roa (raw, json)
Hash identifier:          FLW08y6qKjgDBA2nYexyeGmH99MsczqqcfqJN+GF+78=
Subject key identifier:   4D:E2:39:EE:E5:1F:6E:6F:9B:C1:38:66:F3:06:48:F1:64:06:19:7F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46D7AC22B7E1070E3D8BB0455BDBBB8895BAD448
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa
Signing time:             Sun 22 Mar 2026 00:46:51 +0000
ROA not before:           Sun 22 Mar 2026 00:41:51 +0000
ROA not after:            Sun 21 Mar 2027 00:46:51 +0000
asID:                     205733
IP address blocks:        149.62.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:d7:ac:22:b7:e1:07:0e:3d:8b:b0:45:5b:db:bb:88:95:ba:d4:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 22 00:41:51 2026 GMT
            Not After : Mar 21 00:46:51 2027 GMT
        Subject: CN=4DE239EEE51F6E6F9BC13866F30648F16406197F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bf:ed:29:8e:bd:bf:c7:11:c0:97:48:56:7c:
                    f7:f9:bd:40:65:31:f6:65:ef:e4:4a:7c:c1:ab:74:
                    44:c9:0f:33:80:bb:fb:b9:48:3d:47:19:92:92:ce:
                    af:0a:50:49:75:b9:95:91:88:ff:e6:37:3d:57:eb:
                    b9:25:80:a0:9f:88:c8:99:6f:dc:d3:13:1d:45:4b:
                    22:69:6e:b4:c5:b5:d2:85:db:b5:b9:ba:e9:ca:f9:
                    b3:e7:3a:cf:00:69:2a:c9:3b:e9:ee:6b:14:89:d6:
                    ed:68:f2:0c:48:1a:2e:ec:4c:e3:bf:57:67:af:19:
                    86:94:1e:5a:0c:18:dc:4f:47:b6:d7:dd:97:3e:50:
                    6c:e8:f6:21:15:44:26:ce:b5:50:40:83:1e:02:78:
                    e6:c7:53:62:4d:82:dc:6a:54:4a:b4:dc:9f:cb:31:
                    a5:fa:73:11:4f:d6:60:5c:97:af:7b:49:b3:97:cb:
                    29:5d:ea:0c:41:41:e8:61:89:85:90:bb:76:be:8b:
                    27:08:c5:f7:5e:02:d8:94:41:f1:cb:d4:f9:19:5a:
                    8e:48:d0:67:73:7b:ab:71:91:d3:60:1c:6b:7c:99:
                    f7:a8:e9:3c:a7:85:2e:34:54:28:ae:6c:48:d6:42:
                    da:1a:93:6e:a4:c1:f3:73:60:a9:7c:f1:f8:52:e6:
                    7e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:E2:39:EE:E5:1F:6E:6F:9B:C1:38:66:F3:06:48:F1:64:06:19:7F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.62.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:48:bc:f5:f3:98:f4:f9:f4:90:a5:2d:7b:cf:34:1d:49:c2:
         74:da:a9:1c:2c:b7:7a:9f:ce:3c:76:33:8b:f7:4a:dc:38:11:
         59:84:b1:bf:8c:a3:8c:0e:9b:2d:6b:e7:75:68:95:46:07:c4:
         6a:c7:c0:ff:26:c1:b4:84:54:fa:09:d6:c9:56:bb:b0:59:7a:
         b7:ec:68:a2:be:a2:82:bb:4e:05:1f:e8:a8:82:8c:09:8d:8f:
         96:ce:31:b1:ba:db:c1:a2:79:99:d5:41:3d:b2:f2:17:aa:6c:
         5a:6c:31:35:54:08:00:93:8e:a4:1b:05:ba:8b:47:e5:31:fe:
         11:65:12:d2:18:f7:ae:27:1d:80:97:ce:12:73:ae:fb:26:03:
         66:98:ca:4f:4d:35:31:5f:41:4e:93:79:37:97:61:bd:86:2f:
         7a:ab:46:73:63:0c:81:a8:6c:25:ce:f9:e8:bb:0b:29:d7:76:
         89:cc:c3:4c:4e:81:17:a6:90:8f:0a:cb:fa:7b:1b:9b:7e:56:
         6b:92:5c:b8:30:54:fd:a5:20:9d:f1:63:8e:56:3f:08:09:11:
         c0:4c:62:5f:70:90:da:b6:a1:c0:57:33:f3:80:77:40:8f:b1:
         be:47:ba:ef:aa:00:c9:f8:65:93:e8:0b:79:4c:7d:84:f9:93:
         df:68:79:a3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURtesIrfhBw49i7BFW9u7iJW61EgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjIwMDQxNTFaFw0yNzAzMjEwMDQ2NTFaMDMxMTAvBgNV
BAMTKDRERTIzOUVFRTUxRjZFNkY5QkMxMzg2NkYzMDY0OEYxNjQwNjE5N0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiv+0pjr2/xxHAl0hWfPf5vUBl
MfZl7+RKfMGrdETJDzOAu/u5SD1HGZKSzq8KUEl1uZWRiP/mNz1X67klgKCfiMiZ
b9zTEx1FSyJpbrTFtdKF27W5uunK+bPnOs8AaSrJO+nuaxSJ1u1o8gxIGi7sTOO/
V2evGYaUHloMGNxPR7bX3Zc+UGzo9iEVRCbOtVBAgx4CeObHU2JNgtxqVEq03J/L
MaX6cxFP1mBcl697SbOXyyld6gxBQehhiYWQu3a+iycIxfdeAtiUQfHL1PkZWo5I
0Gdze6txkdNgHGt8mfeo6TynhS40VCiubEjWQtoak26kwfNzYKl88fhS5n6dAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTeI57uUfbm+bwThm8wZI8WQGGX8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NzMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlT4o
MA0GCSqGSIb3DQEBCwUAA4IBAQCaSLz185j0+fSQpS17zzQdScJ02qkcLLd6n848
djOL90rcOBFZhLG/jKOMDpsta+d1aJVGB8Rqx8D/JsG0hFT6CdbJVruwWXq37Gii
vqKCu04FH+iogowJjY+WzjGxutvBonmZ1UE9svIXqmxabDE1VAgAk46kGwW6i0fl
Mf4RZRLSGPeuJx2Al84Sc677JgNmmMpPTTUxX0FOk3k3l2G9hi96q0ZzYwyBqGwl
zvnouwsp13aJzMNMToEXppCPCsv6exubflZrkly4MFT9pSCd8WOOVj8ICRHATGJf
cJDatqHAVzPzgHdAj7G+R7rvqgDJ+GWT6At5TH2E+ZPfaHmj
-----END CERTIFICATE-----