Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa
File:                     AS207992.roa (raw, json)
Hash identifier:          0G/jlDZoaT1v7pbUfFdxCsiDKut6ygRjuMUG6uS+36Q=
Subject key identifier:   09:EA:BE:D5:43:6A:1C:5A:D9:A3:58:7E:D1:D6:96:11:97:2E:FC:E7
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       06917AB6B50654046884ED50EEDCD16A4570FAAA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa
Signing time:             Thu 11 Sep 2025 23:55:07 +0000
ROA not before:           Thu 11 Sep 2025 23:50:07 +0000
ROA not after:            Thu 10 Sep 2026 23:55:07 +0000
asID:                     207992
IP address blocks:        181.214.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:91:7a:b6:b5:06:54:04:68:84:ed:50:ee:dc:d1:6a:45:70:fa:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 11 23:50:07 2025 GMT
            Not After : Sep 10 23:55:07 2026 GMT
        Subject: CN=09EABED5436A1C5AD9A3587ED1D69611972EFCE7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:21:c2:da:b3:5d:75:31:d4:f6:e1:53:ba:03:
                    f3:dc:0e:9c:3e:e9:40:68:70:11:4e:cd:63:b2:6b:
                    86:02:8e:a6:fd:2d:9b:c4:bb:c3:9d:65:75:7e:3b:
                    21:c9:8c:15:82:3c:c2:f3:fc:eb:43:f3:77:d9:f4:
                    ce:ff:7a:3f:a2:43:87:38:cd:05:c3:36:cc:cb:20:
                    6c:5b:87:79:a4:ef:23:9e:0a:97:ae:12:fb:88:b0:
                    04:de:e1:be:76:e3:75:7f:31:22:13:f0:c7:77:58:
                    ad:61:09:b8:c9:ad:a3:40:aa:fe:f7:03:af:3e:a5:
                    28:3f:1d:5c:3c:14:82:d9:1b:b7:9c:97:7b:23:81:
                    b5:c5:7c:f7:55:a3:0c:6f:c0:c3:00:6d:1d:a7:35:
                    03:9d:32:70:9b:28:37:50:7c:78:82:d9:75:1c:57:
                    5d:6f:dc:2c:c0:09:ac:c6:50:cd:47:d6:a7:f0:ab:
                    2e:ce:40:24:66:07:c5:0a:85:7f:83:89:0b:49:6a:
                    5c:f5:6d:21:5b:4a:d4:78:b7:ee:99:41:e0:bc:78:
                    55:18:d1:ba:41:79:5a:96:5b:a8:fe:fd:79:f7:a2:
                    9d:48:e3:31:35:8a:85:e8:1d:42:2b:4c:80:73:3a:
                    6c:aa:b2:14:69:c7:87:59:c6:2c:3c:37:d9:30:d6:
                    e0:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:EA:BE:D5:43:6A:1C:5A:D9:A3:58:7E:D1:D6:96:11:97:2E:FC:E7
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS207992.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:fd:be:f5:2f:3d:dc:a1:2e:85:b4:a9:78:d3:21:36:83:9e:
         94:d6:15:5c:f2:22:52:e4:cc:fd:6a:c5:19:97:5a:49:56:5b:
         92:ef:98:8c:22:d3:4d:56:fe:f9:a7:11:42:8f:68:ea:59:5d:
         18:20:16:ec:6f:0f:2a:eb:7d:c9:7e:cb:fc:4a:e5:aa:d4:68:
         d5:97:31:15:0e:0f:63:ce:b7:ff:8b:a1:e1:5e:02:ab:c2:84:
         66:b1:74:25:16:27:44:e4:cc:db:e7:67:bb:72:cb:04:fc:66:
         53:35:ea:90:5b:7e:8c:09:ba:d9:47:eb:9b:af:f6:fa:09:6b:
         8a:a6:f2:cc:74:74:fc:88:6f:24:f4:7d:90:5b:c4:b8:29:ca:
         0d:34:45:20:0b:65:b6:b5:f1:26:16:63:51:1f:4f:2f:b3:60:
         a1:78:4f:8c:a4:70:95:2d:c3:ff:17:ec:9c:7b:5b:07:8b:e8:
         c9:bf:3f:75:24:c1:97:03:21:8e:37:cc:b4:b5:d5:bf:14:65:
         b1:eb:01:7d:66:6f:da:5b:12:9c:18:1b:da:d2:58:eb:25:b4:
         f6:05:77:35:48:c9:d2:0b:64:3d:78:22:6e:a8:cf:9a:35:d9:
         62:27:0c:68:81:ff:be:0b:01:78:ca:6e:9e:9c:84:cd:00:e7:
         b3:b1:98:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBpF6trUGVARohO1Q7tzRakVw+qowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MTEyMzUwMDdaFw0yNjA5MTAyMzU1MDdaMDMxMTAvBgNV
BAMTKDA5RUFCRUQ1NDM2QTFDNUFEOUEzNTg3RUQxRDY5NjExOTcyRUZDRTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3IcLas111MdT24VO6A/PcDpw+
6UBocBFOzWOya4YCjqb9LZvEu8OdZXV+OyHJjBWCPMLz/OtD83fZ9M7/ej+iQ4c4
zQXDNszLIGxbh3mk7yOeCpeuEvuIsATe4b5243V/MSIT8Md3WK1hCbjJraNAqv73
A68+pSg/HVw8FILZG7ecl3sjgbXFfPdVowxvwMMAbR2nNQOdMnCbKDdQfHiC2XUc
V11v3CzACazGUM1H1qfwqy7OQCRmB8UKhX+DiQtJalz1bSFbStR4t+6ZQeC8eFUY
0bpBeVqWW6j+/Xn3op1I4zE1ioXoHUIrTIBzOmyqshRpx4dZxiw8N9kw1uB9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCeq+1UNqHFrZo1h+0daWEZcu/OcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA3OTkyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtda9
MA0GCSqGSIb3DQEBCwUAA4IBAQCm/b71Lz3coS6FtKl40yE2g56U1hVc8iJS5Mz9
asUZl1pJVluS75iMItNNVv75pxFCj2jqWV0YIBbsbw8q633Jfsv8SuWq1GjVlzEV
Dg9jzrf/i6HhXgKrwoRmsXQlFidE5Mzb52e7cssE/GZTNeqQW36MCbrZR+ubr/b6
CWuKpvLMdHT8iG8k9H2QW8S4KcoNNEUgC2W2tfEmFmNRH08vs2CheE+MpHCVLcP/
F+yce1sHi+jJvz91JMGXAyGON8y0tdW/FGWx6wF9Zm/aWxKcGBva0ljrJbT2BXc1
SMnSC2Q9eCJuqM+aNdliJwxogf++CwF4ym6enITNAOezsZgv
-----END CERTIFICATE-----