Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa
File:                     AS206092.roa (raw, json)
Hash identifier:          cxvuSF5pW4GfZ/S/tCpZ5nU6U5+rN2x/wOjgJu2Emlc=
Subject key identifier:   A1:7C:1D:15:1D:8E:97:AD:CE:3A:5E:2B:D7:C0:56:F2:16:F5:4F:A7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5DFEB0A149AA8C5100EFD431BB024CB785E7E2B3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa
Signing time:             Tue 12 May 2026 06:49:41 +0000
ROA not before:           Tue 12 May 2026 06:44:41 +0000
ROA not after:            Tue 11 May 2027 06:49:41 +0000
asID:                     206092
IP address blocks:        45.137.124.0/24 maxlen: 24
                          191.96.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:fe:b0:a1:49:aa:8c:51:00:ef:d4:31:bb:02:4c:b7:85:e7:e2:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 12 06:44:41 2026 GMT
            Not After : May 11 06:49:41 2027 GMT
        Subject: CN=A17C1D151D8E97ADCE3A5E2BD7C056F216F54FA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:15:42:14:88:35:a6:6b:94:e9:b3:e0:c1:d3:
                    8e:53:3e:8b:5c:c3:fb:5a:73:d4:84:45:ef:5a:f7:
                    c7:11:2a:5d:21:4c:67:f4:e6:80:41:a8:77:c9:d2:
                    e2:6b:c7:6c:54:69:6d:1e:97:f4:8d:f3:9e:d3:72:
                    de:1e:42:a8:0a:57:51:3d:73:b9:91:50:a6:58:aa:
                    60:87:f2:c5:3d:24:7e:cf:0f:24:a6:03:ba:2b:b7:
                    de:27:2f:3c:c2:19:da:04:10:7c:2f:7f:d1:fd:b8:
                    da:25:f9:b2:34:a9:04:bd:48:89:19:1f:68:e8:1f:
                    00:71:cf:d0:7c:75:bb:70:01:c3:8c:51:77:3f:13:
                    f7:72:e6:d8:53:43:8a:82:e2:78:a1:30:ab:b9:d2:
                    d3:83:45:b9:b7:1d:76:71:11:ac:ce:11:24:28:01:
                    05:49:87:23:a9:08:4f:32:d8:50:03:0f:3e:f4:79:
                    13:dd:98:95:fd:06:33:8b:06:df:2c:1f:5b:a6:1e:
                    88:86:bb:bf:c8:63:13:9e:b5:bf:41:dd:52:c8:e1:
                    2b:66:c4:42:bd:14:df:40:c3:32:8a:f5:d6:5f:7b:
                    a2:19:c1:0a:f0:b0:e0:5c:d6:46:d5:01:59:d1:a2:
                    f7:5e:27:b4:6e:33:20:c6:fc:0e:69:cc:22:b4:18:
                    c1:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:7C:1D:15:1D:8E:97:AD:CE:3A:5E:2B:D7:C0:56:F2:16:F5:4F:A7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206092.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.124.0/24
                  191.96.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:e2:ee:45:f3:01:7a:1d:1d:95:23:2d:15:11:0c:8e:43:1d:
         d0:a7:da:cf:41:89:09:2b:ca:7c:c6:1f:30:0f:c9:77:c2:cd:
         c4:00:d9:e0:30:7d:0e:00:3c:82:21:05:2d:ff:7b:db:79:29:
         86:60:bd:e3:b2:cd:c4:2a:06:34:b3:c4:41:f1:17:b5:44:9a:
         39:fb:ef:9e:c0:44:36:a7:16:f8:b6:40:79:d8:b5:3d:1b:c9:
         b4:c3:6c:cd:c3:d4:9e:1a:4c:cd:d0:a8:8d:e6:a9:eb:f6:33:
         95:64:12:eb:b4:46:51:ce:99:46:51:46:05:11:1b:1f:85:72:
         f3:59:d1:47:be:ba:e5:5c:28:cb:f0:44:b3:a0:b4:13:f8:68:
         e3:55:9c:e3:d5:99:2d:ae:4e:da:94:8c:e4:73:be:77:7c:0f:
         e9:ca:25:0c:06:97:d7:ca:57:a5:8e:3b:d9:ec:e4:7a:0d:c9:
         a4:b7:2a:f6:d1:c6:05:a0:70:5a:11:7a:a8:c3:8e:96:41:2a:
         2d:23:79:33:b5:e0:d0:00:fd:59:e6:23:61:c4:81:83:11:d9:
         52:6e:df:27:14:b4:68:b4:18:ff:12:67:79:a0:ea:ff:3d:ad:
         ea:e1:38:02:e0:31:be:7a:37:5b:41:9d:89:e2:14:47:21:5f:
         08:86:50:56
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUXf6woUmqjFEA79QxuwJMt4Xn4rMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MTIwNjQ0NDFaFw0yNzA1MTEwNjQ5NDFaMDMxMTAvBgNV
BAMTKEExN0MxRDE1MUQ4RTk3QURDRTNBNUUyQkQ3QzA1NkYyMTZGNTRGQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDFUIUiDWma5Tps+DB045TPotc
w/tac9SERe9a98cRKl0hTGf05oBBqHfJ0uJrx2xUaW0el/SN857Tct4eQqgKV1E9
c7mRUKZYqmCH8sU9JH7PDySmA7ort94nLzzCGdoEEHwvf9H9uNol+bI0qQS9SIkZ
H2joHwBxz9B8dbtwAcOMUXc/E/dy5thTQ4qC4nihMKu50tODRbm3HXZxEazOESQo
AQVJhyOpCE8y2FADDz70eRPdmJX9BjOLBt8sH1umHoiGu7/IYxOetb9B3VLI4Stm
xEK9FN9AwzKK9dZfe6IZwQrwsOBc1kbVAVnRovdeJ7RuMyDG/A5pzCK0GMEjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUoXwdFR2Ol63OOl4r18BW8hb1T6cwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2MDkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYl8
AwQAv2BZMA0GCSqGSIb3DQEBCwUAA4IBAQBd4u5F8wF6HR2VIy0VEQyOQx3Qp9rP
QYkJK8p8xh8wD8l3ws3EANngMH0OADyCIQUt/3vbeSmGYL3jss3EKgY0s8RB8Re1
RJo5+++ewEQ2pxb4tkB52LU9G8m0w2zNw9SeGkzN0KiN5qnr9jOVZBLrtEZRzplG
UUYFERsfhXLzWdFHvrrlXCjL8ESzoLQT+GjjVZzj1Zktrk7alIzkc753fA/pyiUM
BpfXyleljjvZ7OR6Dcmktyr20cYFoHBaEXqow46WQSotI3kzteDQAP1Z5iNhxIGD
EdlSbt8nFLRotBj/Emd5oOr/Pa3q4TgC4DG+ejdbQZ2J4hRHIV8IhlBW
-----END CERTIFICATE-----