Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206115.roa
File:                     AS206115.roa (raw, json)
Hash identifier:          GRv+BhxaqD6vwWBs6oZDgTT/TyeuK1JwLGTcDiuvUSQ=
Subject key identifier:   5E:21:BC:6D:67:88:0B:6B:B8:D4:B4:F0:B1:A8:E4:26:8F:95:10:7A
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       697C66D250856E7AD13B9CE690D48AD1C5CAB9F8
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206115.roa
Signing time:             Thu 07 Aug 2025 10:15:12 +0000
ROA not before:           Thu 07 Aug 2025 10:10:12 +0000
ROA not after:            Thu 06 Aug 2026 10:15:12 +0000
asID:                     206115
IP address blocks:        2a0f:85c1:cce::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:7c:66:d2:50:85:6e:7a:d1:3b:9c:e6:90:d4:8a:d1:c5:ca:b9:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:10:12 2025 GMT
            Not After : Aug  6 10:15:12 2026 GMT
        Subject: CN=5E21BC6D67880B6BB8D4B4F0B1A8E4268F95107A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3c:a5:5f:a8:81:f5:77:a5:c0:17:c2:30:fa:
                    a1:a9:b4:cf:68:81:62:76:5d:b5:b6:92:08:c5:71:
                    8e:d4:da:48:27:58:04:75:25:64:64:26:37:e5:3a:
                    d5:50:c5:06:4d:f1:4b:6c:80:a6:da:26:a3:eb:cc:
                    88:42:66:dc:9b:bf:74:12:4e:00:d3:9e:8e:74:64:
                    65:98:d0:8e:65:35:a4:48:fa:3b:e9:45:74:2d:4c:
                    fa:c6:37:26:0a:35:e3:54:13:6d:a6:b7:b8:9d:47:
                    af:33:8e:e9:d3:cb:b6:13:38:00:00:67:0d:d7:f8:
                    a2:9d:77:26:d4:5d:62:63:f8:6a:83:71:4d:93:9e:
                    9d:5a:d6:7c:fd:ba:a0:4a:8c:96:51:59:90:34:a0:
                    7f:4a:c0:0a:d9:c6:83:ac:2a:8d:ad:49:b9:55:ca:
                    d5:27:73:c2:bb:c2:6e:c4:cc:0e:ee:71:32:bb:32:
                    ef:ff:22:da:ac:07:12:54:e1:2a:40:7e:f4:3b:99:
                    26:9f:f3:47:6c:a5:2a:f8:b2:a3:64:ed:7c:83:3c:
                    4e:bc:5e:ca:bd:2a:cc:8f:bb:b7:c6:b8:9a:32:00:
                    f5:27:55:3b:c1:53:f7:0b:2e:81:4c:76:07:26:fa:
                    7e:3d:5a:ee:10:c1:b1:01:12:d5:e8:62:98:f1:81:
                    f7:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:21:BC:6D:67:88:0B:6B:B8:D4:B4:F0:B1:A8:E4:26:8F:95:10:7A
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206115.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cce::/48

    Signature Algorithm: sha256WithRSAEncryption
         de:2f:cc:36:76:d7:e1:01:32:23:eb:04:92:95:dd:26:4d:c8:
         5e:41:fe:96:20:2d:1a:bb:8e:d4:75:6b:53:c0:f0:ae:4b:c2:
         84:a9:47:33:03:75:c2:68:5b:cc:a6:b0:9c:aa:18:12:47:58:
         20:4d:54:85:83:45:b2:25:96:d5:c8:43:ad:01:7d:1b:f5:04:
         a8:7c:20:30:fb:65:b4:7b:d2:51:fd:03:88:db:a8:04:35:d3:
         e7:2c:1e:54:f2:c7:21:29:70:2c:5c:6b:8d:34:1f:e0:ad:92:
         52:97:26:56:d9:21:07:ac:bb:85:a1:25:ed:2f:bc:86:9d:d7:
         55:1d:1e:88:73:11:07:7d:8e:28:ba:30:62:02:8a:59:0a:be:
         33:5a:5c:ec:4f:1e:e3:1d:6b:13:1f:18:6a:a9:7c:21:6c:9e:
         f6:b8:82:2e:b8:43:a4:eb:2c:70:2e:66:30:31:64:ad:b4:09:
         cb:00:bc:3f:40:7d:60:a0:08:26:a6:e6:bb:50:ab:51:9c:d8:
         d0:2b:bf:36:f0:96:4b:7f:0b:37:85:ff:53:cb:60:af:81:d7:
         87:df:42:20:d7:2d:cc:61:bb:93:7f:ec:c7:89:3d:ea:6a:c8:
         98:ba:0d:34:70:2a:f7:66:03:25:a6:3b:8a:6c:7b:c1:82:a7:
         92:27:13:f9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaXxm0lCFbnrRO5zmkNSK0cXKufgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDEwMTJaFw0yNjA4MDYxMDE1MTJaMDMxMTAvBgNV
BAMTKDVFMjFCQzZENjc4ODBCNkJCOEQ0QjRGMEIxQThFNDI2OEY5NTEwN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMPKVfqIH1d6XAF8Iw+qGptM9o
gWJ2XbW2kgjFcY7U2kgnWAR1JWRkJjflOtVQxQZN8UtsgKbaJqPrzIhCZtybv3QS
TgDTno50ZGWY0I5lNaRI+jvpRXQtTPrGNyYKNeNUE22mt7idR68zjunTy7YTOAAA
Zw3X+KKddybUXWJj+GqDcU2Tnp1a1nz9uqBKjJZRWZA0oH9KwArZxoOsKo2tSblV
ytUnc8K7wm7EzA7ucTK7Mu//ItqsBxJU4SpAfvQ7mSaf80dspSr4sqNk7XyDPE68
Xsq9KsyPu7fGuJoyAPUnVTvBU/cLLoFMdgcm+n49Wu4QwbEBEtXoYpjxgfcTAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUXiG8bWeIC2u41LTwsajkJo+VEHowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA2MTE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzOMA0GCSqGSIb3DQEBCwUAA4IBAQDeL8w2dtfhATIj6wSSld0mTcheQf6WIC0a
u47UdWtTwPCuS8KEqUczA3XCaFvMprCcqhgSR1ggTVSFg0WyJZbVyEOtAX0b9QSo
fCAw+2W0e9JR/QOI26gENdPnLB5U8schKXAsXGuNNB/grZJSlyZW2SEHrLuFoSXt
L7yGnddVHR6IcxEHfY4oujBiAopZCr4zWlzsTx7jHWsTHxhqqXwhbJ72uIIuuEOk
6yxwLmYwMWSttAnLALw/QH1goAgmpua7UKtRnNjQK7828JZLfws3hf9Ty2CvgdeH
30Ig1y3MYbuTf+zHiT3qasiYug00cCr3ZgMlpjuKbHvBgqeSJxP5
-----END CERTIFICATE-----