Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207940.roa
File:                     AS207940.roa (raw, json)
Hash identifier:          xPvR0DYHigk3BB3BqGWb1KBvdREgWIISMRX1ojpgRL0=
Subject key identifier:   40:9B:83:73:83:BE:57:99:9E:34:A6:8B:76:89:2C:8C:F1:7A:A1:55
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4D0AB0DBD042CC3BE2A1046B389224E9DABD905C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207940.roa
Signing time:             Wed 15 Oct 2025 01:46:41 +0000
ROA not before:           Wed 15 Oct 2025 01:41:41 +0000
ROA not after:            Wed 14 Oct 2026 01:46:41 +0000
asID:                     207940
IP address blocks:        2a0f:85c1:d67::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:0a:b0:db:d0:42:cc:3b:e2:a1:04:6b:38:92:24:e9:da:bd:90:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 15 01:41:41 2025 GMT
            Not After : Oct 14 01:46:41 2026 GMT
        Subject: CN=409B837383BE57999E34A68B76892C8CF17AA155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:7d:05:73:d9:ea:8f:fd:ff:f1:b7:79:bf:ea:
                    03:44:97:64:b6:26:bd:5c:8c:50:99:2d:1e:ce:fb:
                    9d:23:f8:4f:d7:14:9f:b4:8c:7d:6d:75:82:5b:e7:
                    04:a3:4d:f0:61:2a:55:35:70:4f:e3:57:60:47:8e:
                    8c:01:3f:ea:d9:76:97:56:13:aa:1e:df:8a:84:c3:
                    6b:72:3c:38:4f:da:b8:e9:9e:12:42:d5:85:d7:f4:
                    ac:d0:a3:0f:92:9b:72:0e:01:ab:c7:33:75:dc:44:
                    91:cd:8c:ce:33:b6:0c:b0:d8:13:a7:24:77:3f:18:
                    1f:0e:21:51:45:47:a3:e5:0d:9e:c4:a9:8f:7a:ac:
                    a0:94:e1:bf:28:4a:88:47:57:a6:77:c8:ad:39:75:
                    e8:3a:9a:9c:01:40:87:58:7f:67:4e:eb:58:24:fa:
                    a2:b3:79:9a:12:5a:da:a1:bc:01:b4:40:bd:2f:50:
                    87:72:af:a7:ce:cf:d5:e3:89:83:e9:9c:55:b4:57:
                    3d:63:86:05:6b:f7:1f:db:f3:11:53:7d:06:a9:40:
                    76:27:a6:a7:cd:07:46:60:aa:df:1e:7d:cf:d6:76:
                    63:a0:ba:48:e1:51:b6:b9:3f:5c:6b:5b:79:a0:3a:
                    e1:88:91:c2:b1:04:dc:28:de:c7:ba:0e:be:f3:f4:
                    cf:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:9B:83:73:83:BE:57:99:9E:34:A6:8B:76:89:2C:8C:F1:7A:A1:55
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207940.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d67::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:30:c1:90:3c:39:f0:9d:26:4c:cb:28:81:d3:8f:bb:21:c7:
         f4:33:39:e8:1c:34:65:5c:40:22:5c:de:79:11:2f:e8:ec:12:
         2f:9d:6f:68:d0:df:de:bc:db:3b:ea:d7:6b:48:fe:f5:dc:de:
         ef:71:1a:59:ad:4e:f0:e1:96:e2:03:ce:d6:02:7c:1d:79:97:
         d8:dc:ad:7d:e1:dc:94:67:ca:d4:31:62:c9:07:48:18:f3:ec:
         31:e0:f7:75:cb:37:c1:6a:7d:91:b7:85:ff:0c:53:36:e1:a9:
         a0:70:a7:e5:45:ad:4d:a1:84:f9:34:a2:ea:1b:49:fd:ef:65:
         35:f9:c6:10:50:b3:e8:b8:2a:6a:23:32:a0:7f:66:83:74:29:
         1f:1a:71:6a:09:fc:11:b9:14:a1:97:65:21:c3:d5:86:b9:0f:
         ee:28:c5:6f:a2:7e:fa:45:52:18:a6:3f:8b:85:bd:a2:f4:b9:
         4f:a2:2d:19:da:00:6c:b5:b1:cc:5e:9a:99:8c:01:5e:fa:06:
         42:a9:98:e7:5e:b1:43:df:0d:49:a7:20:26:20:ee:40:9c:86:
         1b:0f:71:e7:70:db:ed:ca:5a:19:06:a9:f2:3f:e4:6f:ff:74:
         ec:41:c2:e6:7d:1c:f6:a1:20:74:1c:99:cc:8d:60:cc:5b:15:
         04:84:95:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTQqw29BCzDvioQRrOJIk6dq9kFwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMTUwMTQxNDFaFw0yNjEwMTQwMTQ2NDFaMDMxMTAvBgNV
BAMTKDQwOUI4MzczODNCRTU3OTk5RTM0QTY4Qjc2ODkyQzhDRjE3QUExNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPfQVz2eqP/f/xt3m/6gNEl2S2
Jr1cjFCZLR7O+50j+E/XFJ+0jH1tdYJb5wSjTfBhKlU1cE/jV2BHjowBP+rZdpdW
E6oe34qEw2tyPDhP2rjpnhJC1YXX9KzQow+Sm3IOAavHM3XcRJHNjM4ztgyw2BOn
JHc/GB8OIVFFR6PlDZ7EqY96rKCU4b8oSohHV6Z3yK05deg6mpwBQIdYf2dO61gk
+qKzeZoSWtqhvAG0QL0vUIdyr6fOz9XjiYPpnFW0Vz1jhgVr9x/b8xFTfQapQHYn
pqfNB0Zgqt8efc/WdmOgukjhUba5P1xrW3mgOuGIkcKxBNwo3se6Dr7z9M+VAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQJuDc4O+V5meNKaLdoksjPF6oVUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3OTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ1nMA0GCSqGSIb3DQEBCwUAA4IBAQA/MMGQPDnwnSZMyyiB04+7Icf0MznoHDRl
XEAiXN55ES/o7BIvnW9o0N/evNs76tdrSP713N7vcRpZrU7w4ZbiA87WAnwdeZfY
3K194dyUZ8rUMWLJB0gY8+wx4Pd1yzfBan2Rt4X/DFM24amgcKflRa1NoYT5NKLq
G0n972U1+cYQULPouCpqIzKgf2aDdCkfGnFqCfwRuRShl2Uhw9WGuQ/uKMVvon76
RVIYpj+Lhb2i9LlPoi0Z2gBstbHMXpqZjAFe+gZCqZjnXrFD3w1JpyAmIO5AnIYb
D3HncNvtyloZBqnyP+Rv/3TsQcLmfRz2oSB0HJnMjWDMWxUEhJVO
-----END CERTIFICATE-----