Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206300.roa
File:                     AS206300.roa (raw, json)
Hash identifier:          AU0FEWCbn2JOMuKEikK+IlKd7riOIjS5wpSN73RopUY=
Subject key identifier:   90:6A:89:7F:A9:1E:9F:B8:E8:A4:14:0A:54:3F:F5:85:1E:26:27:5C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       6BB0C095844B4879F97FD551F4D8105046559EA3
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206300.roa
Signing time:             Thu 07 Aug 2025 10:15:31 +0000
ROA not before:           Thu 07 Aug 2025 10:10:31 +0000
ROA not after:            Thu 06 Aug 2026 10:15:31 +0000
asID:                     206300
IP address blocks:        2a0f:85c1:cc2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:b0:c0:95:84:4b:48:79:f9:7f:d5:51:f4:d8:10:50:46:55:9e:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:10:31 2025 GMT
            Not After : Aug  6 10:15:31 2026 GMT
        Subject: CN=906A897FA91E9FB8E8A4140A543FF5851E26275C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a6:37:c3:fa:31:de:75:e8:33:20:e3:e7:32:
                    c0:37:a9:dc:6b:1f:4d:4b:62:03:07:e2:ab:fc:da:
                    47:7c:85:d3:53:2c:9e:52:f8:34:26:e6:16:4b:07:
                    be:75:24:0f:f7:d7:90:16:5a:9e:da:96:c1:90:1f:
                    9b:bf:05:1d:a1:c4:58:cd:83:4b:f9:18:14:bb:25:
                    82:4a:88:5f:a9:4f:0d:0e:ee:ee:ec:42:cf:53:58:
                    eb:ce:c4:a5:0b:84:a7:cc:13:8f:d9:5a:e7:ce:e5:
                    d2:06:8b:b4:85:ac:7e:e7:51:ea:f6:d3:c7:e0:33:
                    ca:8e:38:c9:29:d0:06:d1:d3:94:03:43:d0:ac:dd:
                    91:70:ea:f8:a6:9f:ac:cb:be:cd:a6:c7:10:6d:20:
                    00:9f:c3:d4:36:dd:93:95:47:a1:d4:ba:49:d3:fc:
                    77:b8:f6:74:d9:60:4f:cc:86:5a:44:c3:ab:4c:93:
                    59:87:e1:c2:ed:58:0a:e3:0b:31:ad:7b:3e:cb:3c:
                    12:cf:01:54:44:28:41:77:1a:39:99:61:51:91:89:
                    1e:3f:d2:43:cc:f5:2a:49:9f:cb:15:6e:38:d6:dd:
                    77:b7:72:91:a1:ab:89:eb:7e:e9:2e:10:c2:c5:6f:
                    6b:78:ae:63:79:01:fe:2b:14:3c:54:26:bb:2a:27:
                    e0:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:6A:89:7F:A9:1E:9F:B8:E8:A4:14:0A:54:3F:F5:85:1E:26:27:5C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206300.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cc2::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:76:28:ed:4f:3c:91:24:e6:82:ac:9f:2a:9e:5e:4f:09:cb:
         b8:fb:07:ce:8f:52:b1:91:71:9b:50:2f:68:6b:b4:ed:81:e6:
         ca:12:8b:82:81:ba:bf:e9:68:4a:18:cf:f2:57:ba:64:10:84:
         c9:f4:f6:a1:ab:a5:15:79:d5:e3:59:75:7b:89:3f:63:ec:e6:
         87:ff:44:3d:81:c7:cd:b7:fa:b3:9d:dd:90:4e:6c:58:1d:78:
         e0:0e:7c:75:3d:93:62:f5:27:8c:18:e5:ff:2f:b0:66:e6:fd:
         74:6f:8b:23:ee:99:77:30:82:e8:99:e3:40:be:b1:01:6d:35:
         99:a3:86:b3:cc:75:b0:f2:b2:1e:d6:bb:fd:6a:13:93:c1:b0:
         b5:ba:dc:62:89:79:ea:0a:b2:53:5f:35:6f:ed:55:0b:f9:ba:
         f3:31:36:93:76:88:89:f8:5c:4b:1c:79:7a:e5:04:90:d2:8b:
         60:94:a2:7b:cb:70:ae:9d:5a:d1:6c:88:5e:20:ba:5b:ca:6d:
         63:6c:23:08:be:a9:25:33:7e:40:90:c2:5e:11:f3:76:80:23:
         e6:c7:ff:0c:e5:01:02:75:51:f5:46:09:67:f8:64:9e:c7:b0:
         82:db:f4:1a:fe:80:f5:79:16:81:54:6d:bf:9e:55:78:8b:93:
         27:89:eb:c0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUa7DAlYRLSHn5f9VR9NgQUEZVnqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDEwMzFaFw0yNjA4MDYxMDE1MzFaMDMxMTAvBgNV
BAMTKDkwNkE4OTdGQTkxRTlGQjhFOEE0MTQwQTU0M0ZGNTg1MUUyNjI3NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9pjfD+jHedegzIOPnMsA3qdxr
H01LYgMH4qv82kd8hdNTLJ5S+DQm5hZLB751JA/315AWWp7alsGQH5u/BR2hxFjN
g0v5GBS7JYJKiF+pTw0O7u7sQs9TWOvOxKULhKfME4/ZWufO5dIGi7SFrH7nUer2
08fgM8qOOMkp0AbR05QDQ9Cs3ZFw6vimn6zLvs2mxxBtIACfw9Q23ZOVR6HUuknT
/He49nTZYE/MhlpEw6tMk1mH4cLtWArjCzGtez7LPBLPAVREKEF3GjmZYVGRiR4/
0kPM9SpJn8sVbjjW3Xe3cpGhq4nrfukuEMLFb2t4rmN5Af4rFDxUJrsqJ+BrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUkGqJf6ken7jopBQKVD/1hR4mJ1wwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA2MzAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzCMA0GCSqGSIb3DQEBCwUAA4IBAQAGdijtTzyRJOaCrJ8qnl5PCcu4+wfOj1Kx
kXGbUC9oa7TtgebKEouCgbq/6WhKGM/yV7pkEITJ9Pahq6UVedXjWXV7iT9j7OaH
/0Q9gcfNt/qznd2QTmxYHXjgDnx1PZNi9SeMGOX/L7Bm5v10b4sj7pl3MILomeNA
vrEBbTWZo4azzHWw8rIe1rv9ahOTwbC1utxiiXnqCrJTXzVv7VUL+brzMTaTdoiJ
+FxLHHl65QSQ0otglKJ7y3CunVrRbIheILpbym1jbCMIvqklM35AkMJeEfN2gCPm
x/8M5QECdVH1Rgln+GSex7CC2/Qa/oD1eRaBVG2/nlV4i5MnievA
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:56:52 2025 by rpki-client