Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206003.roa
File:                     AS206003.roa (raw, json)
Hash identifier:          VIy8iF1Dm07so2rNzQhJUXfVTkdNMvUf3i0zkFahvK4=
Subject key identifier:   03:9A:E0:C1:7F:A8:85:73:32:E8:2B:9A:A2:D2:ED:D9:14:96:E6:BE
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4F641FB2A886D5A5B6369275ABEF4982BEE3D583
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206003.roa
Signing time:             Thu 07 Aug 2025 10:17:10 +0000
ROA not before:           Thu 07 Aug 2025 10:12:10 +0000
ROA not after:            Thu 06 Aug 2026 10:17:10 +0000
asID:                     206003
IP address blocks:        2a0f:85c1:cd6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:64:1f:b2:a8:86:d5:a5:b6:36:92:75:ab:ef:49:82:be:e3:d5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:12:10 2025 GMT
            Not After : Aug  6 10:17:10 2026 GMT
        Subject: CN=039AE0C17FA8857332E82B9AA2D2EDD91496E6BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:42:33:20:d5:fd:d9:9a:f0:b8:dc:ed:e8:7c:
                    08:71:8e:fc:09:af:76:ec:98:63:08:92:4e:f5:a4:
                    02:ba:d2:cf:7d:e9:e4:74:df:ac:40:8f:2a:cf:6d:
                    5d:e0:3f:b1:96:ec:cf:c3:9a:73:9e:2b:8c:5a:9c:
                    95:c7:5b:fb:60:12:7e:7b:76:83:a4:82:7e:a2:73:
                    35:c1:13:4a:63:90:b7:5d:a7:b1:47:4e:5d:82:f1:
                    4e:1b:1a:9f:f4:16:e4:65:5e:32:31:13:84:0e:21:
                    db:74:80:54:01:97:fa:5b:8c:c1:a7:fa:59:06:e6:
                    19:c4:e2:af:7c:e3:54:11:2c:5b:4d:35:dd:8c:17:
                    80:aa:ae:c6:80:7c:56:c0:02:2c:05:84:d1:24:ab:
                    af:8e:b0:3c:af:5f:f7:57:92:39:02:5a:ea:17:98:
                    af:c5:92:4d:c9:3a:4d:30:39:63:d7:68:3c:7d:30:
                    5c:5b:33:fe:35:14:54:d0:70:51:ae:d1:1d:48:83:
                    13:df:c8:ab:1c:08:17:0d:a5:94:ad:80:8c:da:fb:
                    1f:f6:ae:08:73:e8:ca:e9:36:f0:74:72:42:21:b9:
                    99:c2:bb:8c:b2:e6:c6:1d:bd:41:c0:88:b8:c7:aa:
                    cf:a8:9b:43:ee:86:ce:b2:3f:9e:9d:4f:d0:76:13:
                    11:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:9A:E0:C1:7F:A8:85:73:32:E8:2B:9A:A2:D2:ED:D9:14:96:E6:BE
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206003.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cd6::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:c1:31:99:8f:ff:24:66:8e:eb:31:77:2d:3f:12:55:ca:4b:
         4d:97:1c:cc:45:d3:eb:a8:69:0d:57:b2:f2:bd:88:ba:21:c1:
         b3:c1:7a:64:a5:f0:49:c2:f3:21:66:9c:58:52:e1:ad:7e:7b:
         12:74:3b:d8:98:f3:71:f0:4b:32:07:0c:d4:e6:80:ae:8f:91:
         c0:6f:1a:a2:b7:09:c6:4f:f0:b2:b0:e7:0c:a5:5d:0e:1c:10:
         df:62:eb:ae:d2:e6:b5:b3:63:1a:da:2a:10:62:6f:57:27:87:
         35:ff:32:5d:26:7f:f1:0e:bd:4d:40:b2:d7:1d:d9:ab:2f:a1:
         14:59:bb:56:c0:ab:bb:c4:05:df:a3:4a:1c:af:d6:8c:73:34:
         b2:1d:85:7b:eb:23:d1:f1:82:93:f2:19:3f:77:2f:c6:85:4f:
         1b:89:fb:91:91:82:ff:92:dd:3e:10:76:93:30:fd:34:b9:34:
         87:45:ff:0e:9b:19:92:76:9b:c7:b9:7b:28:e2:ec:35:90:23:
         3e:45:f4:4c:81:31:52:39:69:2e:7e:e4:7f:73:71:0f:1b:a6:
         51:7e:da:96:02:84:a7:55:24:62:d0:a0:2b:6a:f8:d5:bf:b2:
         1b:2d:85:f7:ce:f8:25:e2:dd:4b:31:b7:1f:1c:9a:66:e5:47:
         4b:72:c7:d8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUT2QfsqiG1aW2NpJ1q+9Jgr7j1YMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDEyMTBaFw0yNjA4MDYxMDE3MTBaMDMxMTAvBgNV
BAMTKDAzOUFFMEMxN0ZBODg1NzMzMkU4MkI5QUEyRDJFREQ5MTQ5NkU2QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgQjMg1f3ZmvC43O3ofAhxjvwJ
r3bsmGMIkk71pAK60s996eR036xAjyrPbV3gP7GW7M/DmnOeK4xanJXHW/tgEn57
doOkgn6iczXBE0pjkLddp7FHTl2C8U4bGp/0FuRlXjIxE4QOIdt0gFQBl/pbjMGn
+lkG5hnE4q9841QRLFtNNd2MF4CqrsaAfFbAAiwFhNEkq6+OsDyvX/dXkjkCWuoX
mK/Fkk3JOk0wOWPXaDx9MFxbM/41FFTQcFGu0R1IgxPfyKscCBcNpZStgIza+x/2
rghz6MrpNvB0ckIhuZnCu4yy5sYdvUHAiLjHqs+om0Puhs6yP56dT9B2ExG7AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUA5rgwX+ohXMy6CuaotLt2RSW5r4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA2MDAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzWMA0GCSqGSIb3DQEBCwUAA4IBAQCvwTGZj/8kZo7rMXctPxJVyktNlxzMRdPr
qGkNV7LyvYi6IcGzwXpkpfBJwvMhZpxYUuGtfnsSdDvYmPNx8EsyBwzU5oCuj5HA
bxqitwnGT/CysOcMpV0OHBDfYuuu0ua1s2Ma2ioQYm9XJ4c1/zJdJn/xDr1NQLLX
HdmrL6EUWbtWwKu7xAXfo0ocr9aMczSyHYV76yPR8YKT8hk/dy/GhU8bifuRkYL/
kt0+EHaTMP00uTSHRf8OmxmSdpvHuXso4uw1kCM+RfRMgTFSOWkufuR/c3EPG6ZR
ftqWAoSnVSRi0KAravjVv7IbLYX3zvgl4t1LMbcfHJpm5UdLcsfY
-----END CERTIFICATE-----