Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206215.roa
File:                     AS206215.roa (raw, json)
Hash identifier:          R4xuBuOqHx+8Q+qoaJpEmx6WYOHhHvPfXvMxFUZcVbI=
Subject key identifier:   9F:F6:A2:C5:CA:E4:58:CA:C8:B7:56:E9:E7:BD:47:0D:98:93:AA:CC
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0FD7BB572586947FCF4BE0953E3F07D21E33DD43
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206215.roa
Signing time:             Thu 07 Aug 2025 10:16:32 +0000
ROA not before:           Thu 07 Aug 2025 10:11:32 +0000
ROA not after:            Thu 06 Aug 2026 10:16:32 +0000
asID:                     206215
IP address blocks:        2a0f:85c1:cc5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:d7:bb:57:25:86:94:7f:cf:4b:e0:95:3e:3f:07:d2:1e:33:dd:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:11:32 2025 GMT
            Not After : Aug  6 10:16:32 2026 GMT
        Subject: CN=9FF6A2C5CAE458CAC8B756E9E7BD470D9893AACC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:86:8f:99:c0:76:84:6e:2f:62:9c:74:dc:4c:
                    c6:a3:cc:6e:5c:36:ab:c4:55:8e:c9:c5:33:ee:77:
                    47:b4:c1:10:4c:10:11:68:91:f9:d7:d5:c7:11:1d:
                    2d:bb:82:dd:ee:84:4e:07:2a:b4:13:5b:0b:f1:a0:
                    22:9b:64:e0:6c:60:84:19:d8:fc:00:e5:6e:ae:09:
                    f1:b2:64:9b:9b:6d:c7:40:08:99:d7:7a:9f:0c:de:
                    78:eb:d2:40:a0:03:db:a9:cc:19:f5:db:bd:ac:4d:
                    9d:fd:cc:69:90:17:42:f8:3b:10:e1:61:bd:bb:47:
                    87:7f:6e:93:8a:81:0f:36:01:ef:4d:53:88:20:02:
                    d9:ce:0c:a3:81:33:2b:5e:48:36:cc:44:fc:1a:ca:
                    5e:e0:99:02:6a:c2:4f:d2:c7:3e:b0:b2:bb:72:09:
                    04:02:5f:df:cb:ad:4a:94:78:3b:e1:2c:97:20:d2:
                    11:3c:0b:9b:73:a6:f4:f9:a1:a9:04:ce:24:38:f4:
                    47:27:c9:c6:84:e1:b3:2b:08:b6:ef:e7:c5:69:cc:
                    52:e3:4a:44:01:44:08:d0:5c:00:ed:05:c6:8f:c7:
                    0f:4c:65:b8:01:31:6c:b5:8b:a2:7c:b8:f0:73:51:
                    73:a1:88:d8:a0:86:47:5f:93:4c:07:9e:89:45:1f:
                    d6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:F6:A2:C5:CA:E4:58:CA:C8:B7:56:E9:E7:BD:47:0D:98:93:AA:CC
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cc5::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:19:72:2d:60:45:1c:f0:4a:b1:dd:33:5a:6b:b1:39:30:cb:
         c5:c3:ef:ea:c3:3f:87:e9:bd:d6:24:15:cc:69:14:e1:b8:4f:
         1d:c8:6a:89:e8:6a:93:2e:a5:42:a9:4c:69:71:1c:44:ac:fa:
         bf:00:5d:d6:18:b7:49:26:d6:23:2d:1a:36:5f:c4:8f:bf:c0:
         5c:c9:d5:b5:d4:84:43:c1:06:06:38:b3:8e:06:87:25:1a:f5:
         87:26:f3:78:6c:7c:5b:26:cb:a2:cd:60:98:4d:38:66:d4:2d:
         f8:50:1f:99:db:47:ba:6d:1e:10:17:44:e5:8f:67:0d:f0:3e:
         78:e8:fe:70:d9:45:b9:79:33:93:80:6e:1e:21:67:e6:ed:4a:
         05:83:9c:cc:d5:20:33:b7:5d:78:ba:27:4b:e6:7b:67:47:ad:
         1b:05:aa:5b:7f:c7:8d:b7:f4:58:ab:58:96:94:d7:c9:01:63:
         a8:fd:71:52:f6:57:5e:ff:2c:cb:43:7d:ec:da:94:0c:3a:19:
         bd:fc:7a:fb:47:91:00:0b:fe:35:2a:f8:08:b1:ec:0a:4a:31:
         0a:43:5d:e3:62:5f:a4:4a:4d:6d:c9:1b:d7:f9:6d:57:9a:15:
         83:34:0e:d4:e9:fb:9d:91:b5:d8:b1:03:8f:90:e0:87:28:38:
         03:5b:39:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUD9e7VyWGlH/PS+CVPj8H0h4z3UMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDExMzJaFw0yNjA4MDYxMDE2MzJaMDMxMTAvBgNV
BAMTKDlGRjZBMkM1Q0FFNDU4Q0FDOEI3NTZFOUU3QkQ0NzBEOTg5M0FBQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLho+ZwHaEbi9inHTcTMajzG5c
NqvEVY7JxTPud0e0wRBMEBFokfnX1ccRHS27gt3uhE4HKrQTWwvxoCKbZOBsYIQZ
2PwA5W6uCfGyZJubbcdACJnXep8M3njr0kCgA9upzBn1272sTZ39zGmQF0L4OxDh
Yb27R4d/bpOKgQ82Ae9NU4ggAtnODKOBMyteSDbMRPwayl7gmQJqwk/Sxz6wsrty
CQQCX9/LrUqUeDvhLJcg0hE8C5tzpvT5oakEziQ49EcnycaE4bMrCLbv58VpzFLj
SkQBRAjQXADtBcaPxw9MZbgBMWy1i6J8uPBzUXOhiNighkdfk0wHnolFH9YxAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUn/aixcrkWMrIt1bp571HDZiTqswwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA2MjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzFMA0GCSqGSIb3DQEBCwUAA4IBAQCNGXItYEUc8Eqx3TNaa7E5MMvFw+/qwz+H
6b3WJBXMaRThuE8dyGqJ6GqTLqVCqUxpcRxErPq/AF3WGLdJJtYjLRo2X8SPv8Bc
ydW11IRDwQYGOLOOBoclGvWHJvN4bHxbJsuizWCYTThm1C34UB+Z20e6bR4QF0Tl
j2cN8D546P5w2UW5eTOTgG4eIWfm7UoFg5zM1SAzt114uidL5ntnR60bBapbf8eN
t/RYq1iWlNfJAWOo/XFS9lde/yzLQ33s2pQMOhm9/Hr7R5EAC/41KvgIsewKSjEK
Q13jYl+kSk1tyRvX+W1XmhWDNA7U6fudkbXYsQOPkOCHKDgDWzlg
-----END CERTIFICATE-----