Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205886.roa
File:                     AS205886.roa (raw, json)
Hash identifier:          m1D9uL5WHXU6t0NKE7RBHiwsPmNjwI4y7IXB/Fcneeg=
Subject key identifier:   E8:23:E9:27:6E:B0:6D:C8:9F:F3:B7:25:AF:49:2E:51:04:0A:AD:DB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0F418EE80E117DC799C104A3BDBB8B34D50B61B2
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205886.roa
Signing time:             Sat 11 Oct 2025 03:40:00 +0000
ROA not before:           Sat 11 Oct 2025 03:35:00 +0000
ROA not after:            Sat 10 Oct 2026 03:40:00 +0000
asID:                     205886
IP address blocks:        5.252.83.0/24 maxlen: 24
                          45.89.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:41:8e:e8:0e:11:7d:c7:99:c1:04:a3:bd:bb:8b:34:d5:0b:61:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 11 03:35:00 2025 GMT
            Not After : Oct 10 03:40:00 2026 GMT
        Subject: CN=E823E9276EB06DC89FF3B725AF492E51040AADDB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:89:a4:2e:62:15:e4:7b:79:8b:52:91:da:87:
                    03:a6:9b:0c:b9:cc:50:ff:e2:9a:d6:56:40:46:fd:
                    66:b8:eb:c4:e5:63:24:ad:f0:22:28:98:14:8d:cf:
                    29:2b:c5:a1:45:5b:b6:bc:cb:d8:08:97:c1:7c:1d:
                    29:ea:78:79:d8:88:e2:ae:5e:52:cf:5e:96:f4:ff:
                    c7:80:f3:44:f5:e1:06:de:f9:bb:fa:d8:f1:da:5f:
                    2e:f8:6b:ff:d7:cb:e6:b4:de:f1:c4:c1:19:c8:d8:
                    73:cb:de:fb:7c:7c:f4:72:cb:a8:bb:27:b8:f2:d8:
                    e2:68:13:bc:77:85:1b:af:46:e5:da:f2:03:f0:e0:
                    ac:72:12:9b:2d:f6:7a:2b:fd:62:70:4e:bc:c2:18:
                    96:5b:2e:ed:93:9d:74:b7:3b:07:f1:b5:9d:d8:ba:
                    0c:f1:e0:e6:37:c8:3a:8d:29:3b:53:af:3d:2f:7e:
                    df:c8:e2:ad:3b:62:00:79:a1:e2:12:c0:a9:3a:7f:
                    f0:7d:56:38:9d:e3:3d:cb:a2:fd:26:0d:4d:33:9a:
                    5d:78:9b:d5:76:b5:cc:53:82:ae:7f:40:33:20:20:
                    89:55:d7:b0:dd:6b:6e:78:64:8f:b4:0d:07:71:b7:
                    fe:ac:2a:0b:8e:07:a0:09:26:9a:29:6a:f8:58:d3:
                    03:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:23:E9:27:6E:B0:6D:C8:9F:F3:B7:25:AF:49:2E:51:04:0A:AD:DB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.83.0/24
                  45.89.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:01:19:e8:ac:85:db:66:f6:d3:f3:bf:ff:52:eb:36:0a:13:
         67:2b:95:4c:fa:73:c0:4f:52:94:be:b0:3b:1d:84:06:d6:89:
         0f:bc:64:30:54:a7:0d:88:36:ae:ec:44:42:15:6d:a0:60:dd:
         62:82:c3:de:ce:3b:8c:ea:5d:d3:3d:27:be:27:2e:68:f9:79:
         e7:59:0e:50:99:57:a7:2a:7b:92:cb:3a:e3:8e:cc:88:13:d9:
         47:d7:bb:d6:b5:4c:36:d4:16:d5:54:ae:0a:c0:88:bc:ca:34:
         c9:c4:83:cf:a4:b9:71:cc:7c:63:67:57:90:34:f6:5c:5d:b7:
         13:9d:52:00:a7:fe:2f:41:0d:50:71:b8:61:0a:ef:58:ad:f0:
         3f:ab:04:16:43:75:19:48:8a:32:38:a3:14:67:c7:95:bb:c6:
         fb:25:78:12:06:64:1d:73:33:68:fd:38:d3:c7:e6:61:63:0d:
         0a:09:e9:4d:ad:8a:32:c7:4c:37:dd:f8:58:26:56:13:97:ac:
         7f:31:a3:3f:95:c7:1c:de:b0:a5:e9:2f:6c:68:8a:6f:55:d5:
         d3:31:74:62:57:8f:35:4e:b6:e7:0e:b5:f8:d8:3a:8a:34:20:
         70:a0:dc:ac:eb:ca:ff:25:15:d6:99:82:01:bd:2e:a9:a9:62:
         3d:c1:c7:c9
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUD0GO6A4RfceZwQSjvbuLNNULYbIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTEwMTEwMzM1MDBaFw0yNjEwMTAwMzQwMDBaMDMxMTAvBgNV
BAMTKEU4MjNFOTI3NkVCMDZEQzg5RkYzQjcyNUFGNDkyRTUxMDQwQUFEREIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFiaQuYhXke3mLUpHahwOmmwy5
zFD/4prWVkBG/Wa468TlYySt8CIomBSNzykrxaFFW7a8y9gIl8F8HSnqeHnYiOKu
XlLPXpb0/8eA80T14Qbe+bv62PHaXy74a//Xy+a03vHEwRnI2HPL3vt8fPRyy6i7
J7jy2OJoE7x3hRuvRuXa8gPw4KxyEpst9nor/WJwTrzCGJZbLu2TnXS3OwfxtZ3Y
ugzx4OY3yDqNKTtTrz0vft/I4q07YgB5oeISwKk6f/B9Vjid4z3Lov0mDU0zml14
m9V2tcxTgq5/QDMgIIlV17Dda254ZI+0DQdxt/6sKguOB6AJJpopavhY0wMzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6CPpJ26wbcif87clr0kuUQQKrdswHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABfxT
AwQALVn5MA0GCSqGSIb3DQEBCwUAA4IBAQChARnorIXbZvbT87//Uus2ChNnK5VM
+nPAT1KUvrA7HYQG1okPvGQwVKcNiDau7ERCFW2gYN1igsPezjuM6l3TPSe+Jy5o
+XnnWQ5QmVenKnuSyzrjjsyIE9lH17vWtUw21BbVVK4KwIi8yjTJxIPPpLlxzHxj
Z1eQNPZcXbcTnVIAp/4vQQ1QcbhhCu9YrfA/qwQWQ3UZSIoyOKMUZ8eVu8b7JXgS
BmQdczNo/TjTx+ZhYw0KCelNrYoyx0w33fhYJlYTl6x/MaM/lccc3rCl6S9saIpv
VdXTMXRiV481TrbnDrX42DqKNCBwoNys68r/JRXWmYIBvS6pqWI9wcfJ
-----END CERTIFICATE-----