Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207835.roa
File:                     AS207835.roa (raw, json)
Hash identifier:          NJ6L1RK8+wWWpYJeMg0rU6ng3qXEI4hwxBFY8tqnQt8=
Subject key identifier:   EF:DF:C8:D2:BE:CC:4A:B5:7D:26:4F:74:6F:BC:AC:01:05:9E:95:1D
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0163830C591EA532A12A8A496FAB4A32D1DB07EB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207835.roa
Signing time:             Thu 30 Apr 2026 22:08:35 +0000
ROA not before:           Thu 30 Apr 2026 22:03:35 +0000
ROA not after:            Thu 29 Apr 2027 22:08:35 +0000
asID:                     207835
IP address blocks:        2a0f:85c1:c61::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:63:83:0c:59:1e:a5:32:a1:2a:8a:49:6f:ab:4a:32:d1:db:07:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 30 22:03:35 2026 GMT
            Not After : Apr 29 22:08:35 2027 GMT
        Subject: CN=EFDFC8D2BECC4AB57D264F746FBCAC01059E951D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e1:17:41:4a:21:c2:40:a0:63:b2:21:2c:1a:
                    72:8a:be:54:da:21:9a:56:99:57:3a:bd:70:ee:22:
                    9e:4e:09:7b:86:d0:21:a0:f0:11:c0:7d:27:20:66:
                    41:18:06:c1:7d:55:a9:88:2b:bd:00:d7:a0:27:ca:
                    2b:cf:e3:d1:72:66:85:5d:5e:b3:9f:9c:af:61:0e:
                    fb:c8:67:59:b6:3e:ec:b7:7e:25:d0:c4:1f:2b:6d:
                    e8:6d:b3:d4:93:13:74:5b:a2:80:3b:5b:85:99:3d:
                    2b:90:a4:81:8a:12:47:c0:e7:98:ba:a2:90:af:c6:
                    f5:3c:63:e1:fd:87:b0:5d:92:62:2e:8c:ff:4e:77:
                    70:91:27:05:18:8a:44:62:b7:9c:c5:c4:68:04:ef:
                    c3:ec:46:b0:29:12:ac:e9:94:e1:12:8e:d5:58:72:
                    18:3c:97:75:3a:32:99:e9:8d:31:60:b4:11:0f:34:
                    58:5e:36:ba:3b:ff:5a:de:24:2b:96:8f:54:85:31:
                    d3:23:da:55:bd:61:10:21:24:a8:82:cf:df:70:30:
                    65:91:30:15:40:91:c2:32:c5:50:06:3b:a3:f7:b3:
                    f1:28:23:4d:0b:27:5d:e5:48:c4:24:11:ab:00:8d:
                    60:7c:11:d8:3f:af:09:ce:58:bc:b2:8d:49:95:17:
                    b2:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:DF:C8:D2:BE:CC:4A:B5:7D:26:4F:74:6F:BC:AC:01:05:9E:95:1D
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207835.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c61::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:3f:4f:e6:5f:f1:8d:aa:e8:41:e0:d8:39:38:f6:16:e7:15:
         48:01:35:f4:29:d9:93:f3:c2:55:a8:c9:87:09:82:ab:35:90:
         5d:01:70:f2:43:8c:dd:b4:1a:f0:c2:09:9b:df:28:ac:f0:b3:
         23:89:6d:1d:02:ea:3b:1c:7f:51:7f:b2:2c:c6:1b:fb:92:79:
         a0:6f:7a:39:d4:36:43:a6:2f:36:99:e3:f0:c2:b2:8c:29:88:
         8a:d2:a9:d9:64:b9:59:d8:0d:d5:4e:b9:b8:c4:9c:11:f5:4c:
         a2:16:11:76:a7:84:7e:8a:9d:ea:f6:b9:15:01:61:db:7a:a3:
         9a:cb:ed:bb:5d:a7:02:3a:1c:fa:73:c6:78:d9:f7:20:f9:db:
         32:6c:48:d0:ec:e5:ef:5a:07:05:b3:d4:cc:b3:e1:af:91:e1:
         a6:a1:55:7f:e6:7f:63:d9:e3:d7:e5:d5:b1:2a:a0:60:bc:30:
         b4:96:69:f4:d8:c1:56:1a:7c:3f:c7:83:67:59:9c:2d:51:c9:
         28:8d:d2:eb:4b:c6:af:4f:ff:67:bb:6d:1f:fb:52:44:ce:70:
         ab:d4:9f:97:f4:e1:7a:2a:6c:78:6c:ad:6a:26:7f:b5:82:5a:
         8a:f1:2c:51:17:0d:0d:9d:46:e5:d9:27:66:91:5d:4d:6f:37:
         c4:79:50:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUAWODDFkepTKhKopJb6tKMtHbB+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MzAyMjAzMzVaFw0yNzA0MjkyMjA4MzVaMDMxMTAvBgNV
BAMTKEVGREZDOEQyQkVDQzRBQjU3RDI2NEY3NDZGQkNBQzAxMDU5RTk1MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC34RdBSiHCQKBjsiEsGnKKvlTa
IZpWmVc6vXDuIp5OCXuG0CGg8BHAfScgZkEYBsF9VamIK70A16AnyivP49FyZoVd
XrOfnK9hDvvIZ1m2Puy3fiXQxB8rbehts9STE3RbooA7W4WZPSuQpIGKEkfA55i6
opCvxvU8Y+H9h7BdkmIujP9Od3CRJwUYikRit5zFxGgE78PsRrApEqzplOESjtVY
chg8l3U6MpnpjTFgtBEPNFheNro7/1reJCuWj1SFMdMj2lW9YRAhJKiCz99wMGWR
MBVAkcIyxVAGO6P3s/EoI00LJ13lSMQkEasAjWB8Edg/rwnOWLyyjUmVF7JdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU79/I0r7MSrV9Jk90b7ysAQWelR0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3ODM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxhMA0GCSqGSIb3DQEBCwUAA4IBAQBXP0/mX/GNquhB4Ng5OPYW5xVIATX0KdmT
88JVqMmHCYKrNZBdAXDyQ4zdtBrwwgmb3yis8LMjiW0dAuo7HH9Rf7Isxhv7knmg
b3o51DZDpi82mePwwrKMKYiK0qnZZLlZ2A3VTrm4xJwR9UyiFhF2p4R+ip3q9rkV
AWHbeqOay+27XacCOhz6c8Z42fcg+dsybEjQ7OXvWgcFs9TMs+GvkeGmoVV/5n9j
2ePX5dWxKqBgvDC0lmn02MFWGnw/x4NnWZwtUckojdLrS8avT/9nu20f+1JEznCr
1J+X9OF6Kmx4bK1qJn+1glqK8SxRFw0NnUbl2SdmkV1NbzfEeVB9
-----END CERTIFICATE-----