Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207695.roa
File:                     AS207695.roa (raw, json)
Hash identifier:          2SsoCSPJjhecxdcSF5d+VO7nM+IHE5RwO5QnWyTtmOg=
Subject key identifier:   28:5E:FE:7D:C5:E0:BB:6D:B3:53:0F:04:DA:FA:4E:C4:10:79:13:8A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       45A385C1465844E6ADDB3D24A3F112BEBDF0AFC4
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207695.roa
Signing time:             Wed 11 Jun 2025 19:20:54 +0000
ROA not before:           Wed 11 Jun 2025 19:15:54 +0000
ROA not after:            Wed 10 Jun 2026 19:20:54 +0000
asID:                     207695
IP address blocks:        45.152.240.0/24 maxlen: 24
                          45.152.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 14:55:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a3:85:c1:46:58:44:e6:ad:db:3d:24:a3:f1:12:be:bd:f0:af:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 11 19:15:54 2025 GMT
            Not After : Jun 10 19:20:54 2026 GMT
        Subject: CN=285EFE7DC5E0BB6DB3530F04DAFA4EC41079138A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5f:90:2a:46:f5:ee:c2:a3:cd:e9:d3:d8:f2:
                    cd:47:d6:29:23:ac:56:f1:b3:91:4f:41:de:5b:a1:
                    68:1d:87:9d:40:7e:23:d1:9b:c2:f5:f1:32:12:be:
                    10:88:d4:6a:70:ea:0e:45:b9:e1:20:5c:4d:2d:84:
                    df:bb:7f:52:b7:9d:bf:e6:ff:79:4f:c3:48:58:48:
                    f2:f5:21:7e:ff:7e:d2:aa:7d:79:2b:66:21:57:9b:
                    13:b2:02:80:b6:d5:e6:5b:71:a8:27:5f:86:f8:9b:
                    aa:fb:58:c9:24:30:c8:e2:47:b2:85:fe:f8:99:f7:
                    9e:66:ea:a7:8e:b3:ba:ce:02:5d:47:49:25:3a:ee:
                    d2:03:77:9c:f7:60:29:d4:04:c7:fd:59:92:76:ef:
                    ee:7c:a5:fc:8a:4e:02:9b:e1:35:88:73:59:ad:62:
                    11:c2:45:8b:a4:3a:99:23:ab:ea:47:98:2b:53:85:
                    6f:ba:5b:ea:80:f2:45:a5:87:df:51:00:96:3c:a3:
                    10:0a:2d:4a:ac:8e:9c:a8:3b:d7:00:a7:a8:29:4e:
                    44:d9:3a:cb:49:d0:ba:90:08:10:73:d4:51:21:5b:
                    49:e7:12:9b:b6:aa:3b:42:b5:f7:4c:9e:e2:d4:eb:
                    ad:3d:10:31:57:01:cb:82:13:cc:59:4e:8c:12:85:
                    57:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:5E:FE:7D:C5:E0:BB:6D:B3:53:0F:04:DA:FA:4E:C4:10:79:13:8A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207695.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         11:1b:12:b5:a5:6a:2b:19:f2:7e:d7:6b:67:75:c7:9c:05:b1:
         67:5c:c5:88:17:f6:34:42:37:67:8e:a3:d9:92:86:f1:8d:a4:
         45:e8:ce:c7:4f:3d:60:97:61:24:56:8f:eb:13:e4:77:e3:a3:
         f5:21:80:41:be:09:e4:05:2d:43:c6:b8:60:0f:db:46:96:e7:
         e7:ca:51:ad:f4:05:62:94:bb:55:e4:41:c1:81:9e:59:d8:12:
         36:c8:5e:23:fc:7c:3e:3f:e9:fb:4e:6b:db:77:67:e6:dd:ff:
         f4:08:59:75:91:09:14:07:fb:62:fd:c4:27:db:a1:23:1c:2e:
         34:21:d0:2f:f8:6b:9c:42:44:96:18:0b:14:d5:0f:81:96:59:
         1d:e5:a4:d9:66:7c:03:91:20:fd:22:56:e4:ac:87:85:d2:27:
         17:65:4b:86:60:f8:e7:0b:b5:2f:07:19:e3:00:4c:07:18:2d:
         a9:35:24:41:85:c7:56:12:92:21:f0:0f:bd:95:3b:f7:9c:f3:
         7b:4c:d3:c7:ea:d9:54:6c:13:47:55:b4:7a:85:65:fc:e1:2e:
         ba:b4:01:d2:2e:82:fc:97:2c:e2:9f:e3:87:14:94:be:30:d5:
         02:03:79:fc:1f:d6:88:6a:4d:ab:21:0d:bf:02:61:7d:7a:89:
         4d:bc:b2:2c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURaOFwUZYROat2z0ko/ESvr3wr8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA2MTExOTE1NTRaFw0yNjA2MTAxOTIwNTRaMDMxMTAvBgNV
BAMTKDI4NUVGRTdEQzVFMEJCNkRCMzUzMEYwNERBRkE0RUM0MTA3OTEzOEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDX5AqRvXuwqPN6dPY8s1H1ikj
rFbxs5FPQd5boWgdh51AfiPRm8L18TISvhCI1Gpw6g5FueEgXE0thN+7f1K3nb/m
/3lPw0hYSPL1IX7/ftKqfXkrZiFXmxOyAoC21eZbcagnX4b4m6r7WMkkMMjiR7KF
/viZ955m6qeOs7rOAl1HSSU67tIDd5z3YCnUBMf9WZJ27+58pfyKTgKb4TWIc1mt
YhHCRYukOpkjq+pHmCtThW+6W+qA8kWlh99RAJY8oxAKLUqsjpyoO9cAp6gpTkTZ
OstJ0LqQCBBz1FEhW0nnEpu2qjtCtfdMnuLU6609EDFXAcuCE8xZTowShVfTAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKF7+fcXgu22zUw8E2vpOxBB5E4owHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA3Njk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZjw
MA0GCSqGSIb3DQEBCwUAA4IBAQARGxK1pWorGfJ+12tndcecBbFnXMWIF/Y0Qjdn
jqPZkobxjaRF6M7HTz1gl2EkVo/rE+R346P1IYBBvgnkBS1DxrhgD9tGlufnylGt
9AVilLtV5EHBgZ5Z2BI2yF4j/Hw+P+n7Tmvbd2fm3f/0CFl1kQkUB/ti/cQn26Ej
HC40IdAv+GucQkSWGAsU1Q+Bllkd5aTZZnwDkSD9IlbkrIeF0icXZUuGYPjnC7Uv
BxnjAEwHGC2pNSRBhcdWEpIh8A+9lTv3nPN7TNPH6tlUbBNHVbR6hWX84S66tAHS
LoL8lyzin+OHFJS+MNUCA3n8H9aIak2rIQ2/AmF9eolNvLIs
-----END CERTIFICATE-----