Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205795.roa
File:                     AS205795.roa (raw, json)
Hash identifier:          1wuw3YDaCtzmzToZUZqIAIbaFrUy1/lWVMviHcqLeNE=
Subject key identifier:   E3:E4:63:66:27:18:4B:A3:80:0B:84:37:FF:CA:0C:6A:D5:32:BE:B0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5928805157FA92E802E956BE87B3448CA6A6608F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205795.roa
Signing time:             Fri 08 Aug 2025 12:51:27 +0000
ROA not before:           Fri 08 Aug 2025 12:46:27 +0000
ROA not after:            Fri 07 Aug 2026 12:51:27 +0000
asID:                     205795
IP address blocks:        2a0f:85c1:cdf::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:28:80:51:57:fa:92:e8:02:e9:56:be:87:b3:44:8c:a6:a6:60:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  8 12:46:27 2025 GMT
            Not After : Aug  7 12:51:27 2026 GMT
        Subject: CN=E3E4636627184BA3800B8437FFCA0C6AD532BEB0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:31:73:b8:93:e7:d8:e3:52:7d:85:da:f3:f9:
                    65:17:27:d8:9d:07:28:cf:90:22:b0:3c:c4:20:eb:
                    fd:d1:b7:40:f5:91:9d:a8:5f:75:15:1f:62:46:95:
                    a9:e1:98:b0:e7:44:e7:b4:34:8d:2e:bd:2c:69:1c:
                    91:85:9b:64:83:51:6a:c6:3e:15:a5:05:03:26:ad:
                    33:a0:78:b1:15:32:36:8f:20:17:d5:cc:df:d8:af:
                    88:19:6d:47:98:81:fd:80:39:1d:b0:25:b5:3b:f4:
                    1a:ff:6d:22:b1:f8:09:f6:02:3d:ea:ab:28:1f:3a:
                    d3:33:ce:41:d0:20:30:c4:ea:fd:f7:1b:a2:c2:e9:
                    4e:61:32:3d:8a:c9:63:bd:5d:f0:a8:9c:ef:76:26:
                    16:d3:ef:20:f3:d1:23:98:cd:eb:6c:2a:04:14:46:
                    cb:06:5f:08:16:93:a3:50:f5:d6:8f:9c:3e:25:15:
                    ed:b3:9c:9d:ae:16:0f:e4:3b:9c:44:38:06:99:3e:
                    4d:fb:46:6d:a0:61:92:5d:2c:e1:a3:1f:e4:4c:41:
                    5c:51:78:09:1c:da:d9:3f:61:d9:56:60:e2:12:f9:
                    b9:89:71:16:92:dc:e0:29:ce:a6:4c:77:e5:8a:d1:
                    96:c1:54:cd:ff:e2:1b:d4:f9:4b:49:09:d8:2b:e9:
                    29:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:E4:63:66:27:18:4B:A3:80:0B:84:37:FF:CA:0C:6A:D5:32:BE:B0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205795.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cdf::/48

    Signature Algorithm: sha256WithRSAEncryption
         d6:e4:86:e3:a8:74:c6:b2:0b:c7:3b:01:b0:17:46:12:8f:06:
         3f:9a:cc:18:14:6a:b9:31:67:a0:b6:f6:6e:37:8d:33:32:4d:
         28:0d:e1:3b:a8:74:e2:6d:31:ab:88:6e:9e:64:c6:fc:cc:1e:
         3f:b9:30:2e:1d:9d:20:18:29:24:49:6a:00:50:dd:a4:a3:0d:
         b3:dd:db:aa:49:6f:d3:85:1e:3d:30:6f:6e:1e:b0:7b:f8:b5:
         0d:8b:e2:c1:2a:1d:2e:13:73:bf:dc:18:97:f6:c6:0b:44:2a:
         a5:59:98:02:65:71:19:a6:99:33:8d:61:55:3d:e3:15:4f:7a:
         34:55:7d:4f:c4:4d:da:ea:e9:16:55:2d:37:f7:d9:63:ef:37:
         52:00:2c:dd:ed:86:97:d5:fe:57:be:46:fe:fc:3a:c9:61:10:
         99:e5:ed:b4:5e:e9:b6:27:91:86:8c:2b:8b:5c:a3:15:19:e6:
         cc:de:dd:f1:30:99:d8:1e:7f:d5:a4:dd:ce:2f:72:fc:45:4f:
         ce:50:cc:94:71:a1:9f:03:ed:48:ba:c2:65:5a:56:98:2f:3a:
         2c:99:b3:f4:79:c6:d7:30:62:cf:1d:07:4d:8a:52:7e:9a:f1:
         83:77:29:a7:67:3e:c6:8f:99:94:74:eb:35:22:9e:62:f7:7e:
         f9:70:df:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWSiAUVf6kugC6Va+h7NEjKamYI8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDgxMjQ2MjdaFw0yNjA4MDcxMjUxMjdaMDMxMTAvBgNV
BAMTKEUzRTQ2MzY2MjcxODRCQTM4MDBCODQzN0ZGQ0EwQzZBRDUzMkJFQjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDMXO4k+fY41J9hdrz+WUXJ9id
ByjPkCKwPMQg6/3Rt0D1kZ2oX3UVH2JGlanhmLDnROe0NI0uvSxpHJGFm2SDUWrG
PhWlBQMmrTOgeLEVMjaPIBfVzN/Yr4gZbUeYgf2AOR2wJbU79Br/bSKx+An2Aj3q
qygfOtMzzkHQIDDE6v33G6LC6U5hMj2KyWO9XfConO92JhbT7yDz0SOYzetsKgQU
RssGXwgWk6NQ9daPnD4lFe2znJ2uFg/kO5xEOAaZPk37Rm2gYZJdLOGjH+RMQVxR
eAkc2tk/YdlWYOIS+bmJcRaS3OApzqZMd+WK0ZbBVM3/4hvU+UtJCdgr6SlNAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4+RjZicYS6OAC4Q3/8oMatUyvrAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1Nzk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzfMA0GCSqGSIb3DQEBCwUAA4IBAQDW5IbjqHTGsgvHOwGwF0YSjwY/mswYFGq5
MWegtvZuN40zMk0oDeE7qHTibTGriG6eZMb8zB4/uTAuHZ0gGCkkSWoAUN2kow2z
3duqSW/ThR49MG9uHrB7+LUNi+LBKh0uE3O/3BiX9sYLRCqlWZgCZXEZppkzjWFV
PeMVT3o0VX1PxE3a6ukWVS0399lj7zdSACzd7YaX1f5Xvkb+/DrJYRCZ5e20Xum2
J5GGjCuLXKMVGebM3t3xMJnYHn/VpN3OL3L8RU/OUMyUcaGfA+1IusJlWlaYLzos
mbP0ecbXMGLPHQdNilJ+mvGDdymnZz7Gj5mUdOs1Ip5i9375cN9g
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:57:05 2025 by rpki-client