Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207043.roa
File:                     AS207043.roa (raw, json)
Hash identifier:          DGZq2+ao7X06ytLDjUSMg89ln8Au2HcwiiYp+rK2RJ0=
Subject key identifier:   12:9B:0A:0A:E6:65:41:78:D0:89:FC:79:2B:99:29:FC:18:E1:9C:52
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       21B958E2FB794C04E1394CFA2EE218314B28DCE6
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207043.roa
Signing time:             Sat 14 Jun 2025 22:58:12 +0000
ROA not before:           Sat 14 Jun 2025 22:53:12 +0000
ROA not after:            Sat 13 Jun 2026 22:58:12 +0000
asID:                     207043
IP address blocks:        193.111.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 14:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:b9:58:e2:fb:79:4c:04:e1:39:4c:fa:2e:e2:18:31:4b:28:dc:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 14 22:53:12 2025 GMT
            Not After : Jun 13 22:58:12 2026 GMT
        Subject: CN=129B0A0AE6654178D089FC792B9929FC18E19C52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a6:31:ee:b0:20:7a:88:22:90:6c:12:74:3f:
                    f6:a3:d6:3d:e0:e1:b3:a0:a6:c5:3b:e0:9c:56:b4:
                    d6:20:d8:d4:90:1f:bd:7e:4c:ec:9c:25:bd:4e:cb:
                    93:aa:3c:5c:59:6b:14:03:85:96:26:8d:e8:01:4f:
                    32:30:18:84:51:da:12:97:66:a1:32:f5:63:3d:a3:
                    78:89:76:3b:30:27:c2:72:b9:24:2d:0a:33:63:b1:
                    9e:e6:4b:20:23:51:cd:6b:b9:88:74:e4:82:bb:2a:
                    5c:9e:47:08:72:3c:c5:01:09:e3:fc:4f:cd:f4:b0:
                    ca:4c:bd:f9:eb:61:02:dc:40:3a:73:a5:35:f8:6f:
                    30:07:c3:99:02:96:82:b9:77:bc:76:e4:0d:71:0f:
                    81:c7:7a:6c:b3:a8:a4:7b:c3:47:6b:d5:00:cb:47:
                    f7:d3:a2:6b:f8:0c:f4:88:b1:d2:c5:f1:41:fd:d6:
                    46:b7:aa:4e:f7:a8:e9:3a:bc:62:5f:01:9e:fa:b5:
                    8e:e1:7a:6c:13:6e:47:a4:06:bc:d1:84:c6:8a:e2:
                    da:32:7d:79:e5:4f:16:05:88:76:fb:99:7e:29:4c:
                    1c:22:3e:10:79:2f:aa:82:dc:64:38:4d:ca:72:19:
                    33:33:4a:85:90:60:01:92:8f:35:36:cb:85:d0:09:
                    31:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:9B:0A:0A:E6:65:41:78:D0:89:FC:79:2B:99:29:FC:18:E1:9C:52
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d3:9a:0c:56:29:b1:8b:09:c9:9b:be:0e:10:18:d5:2e:f9:b6:
         29:88:b9:97:1e:4c:06:e9:1b:56:82:cf:6b:ec:9f:01:63:a9:
         f8:df:a3:63:bd:4d:3f:75:81:b3:5f:90:0e:1a:e3:3a:72:4f:
         c9:85:ff:8f:43:1c:85:30:14:ff:93:0c:f2:f9:92:d6:1e:39:
         a6:95:29:a5:b4:c5:6f:83:ce:4e:7b:d5:11:a5:6a:62:f8:84:
         76:49:12:77:fd:b3:73:8c:22:07:83:56:c7:88:a5:db:cb:36:
         67:d0:22:23:cc:8e:f0:9c:23:0d:d0:63:6a:e4:c9:56:25:fe:
         ae:3b:4a:be:be:d0:76:ba:e1:de:8b:8f:95:ff:d8:75:e1:25:
         f0:33:f1:1c:84:71:90:f5:27:30:cb:d4:a7:7b:55:86:37:3e:
         9b:0b:a0:d9:91:6e:df:5c:24:d7:50:f9:dd:d0:ef:a4:2e:3a:
         ee:1d:92:f4:33:8f:75:6e:48:3f:4a:9b:a0:ce:8f:9c:cb:39:
         a0:6f:d7:f8:66:a3:2a:94:aa:02:85:eb:21:0f:8e:6d:f3:f5:
         96:46:1e:2d:fd:e0:d3:56:47:8d:db:56:7b:01:e4:08:01:9b:
         03:1b:2c:07:f3:6f:26:ee:45:c7:13:be:a3:b1:8e:20:9e:c9:
         89:e3:37:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIblY4vt5TAThOUz6LuIYMUso3OYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MTQyMjUzMTJaFw0yNjA2MTMyMjU4MTJaMDMxMTAvBgNV
BAMTKDEyOUIwQTBBRTY2NTQxNzhEMDg5RkM3OTJCOTkyOUZDMThFMTlDNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0pjHusCB6iCKQbBJ0P/aj1j3g
4bOgpsU74JxWtNYg2NSQH71+TOycJb1Oy5OqPFxZaxQDhZYmjegBTzIwGIRR2hKX
ZqEy9WM9o3iJdjswJ8JyuSQtCjNjsZ7mSyAjUc1ruYh05IK7KlyeRwhyPMUBCeP8
T830sMpMvfnrYQLcQDpzpTX4bzAHw5kCloK5d7x25A1xD4HHemyzqKR7w0dr1QDL
R/fTomv4DPSIsdLF8UH91ka3qk73qOk6vGJfAZ76tY7hemwTbkekBrzRhMaK4toy
fXnlTxYFiHb7mX4pTBwiPhB5L6qC3GQ4TcpyGTMzSoWQYAGSjzU2y4XQCTELAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEpsKCuZlQXjQifx5K5kp/BjhnFIwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA3MDQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW91
MA0GCSqGSIb3DQEBCwUAA4IBAQDTmgxWKbGLCcmbvg4QGNUu+bYpiLmXHkwG6RtW
gs9r7J8BY6n436NjvU0/dYGzX5AOGuM6ck/Jhf+PQxyFMBT/kwzy+ZLWHjmmlSml
tMVvg85Oe9URpWpi+IR2SRJ3/bNzjCIHg1bHiKXbyzZn0CIjzI7wnCMN0GNq5MlW
Jf6uO0q+vtB2uuHei4+V/9h14SXwM/EchHGQ9Scwy9Sne1WGNz6bC6DZkW7fXCTX
UPnd0O+kLjruHZL0M491bkg/Spugzo+cyzmgb9f4ZqMqlKoCheshD45t8/WWRh4t
/eDTVkeN21Z7AeQIAZsDGywH828m7kXHE76jsY4gnsmJ4zfJ
-----END CERTIFICATE-----