Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208301.roa
File:                     AS208301.roa (raw, json)
Hash identifier:          ivMWKE6GpESnUzlY5vzveDPpmI03wcsFEJ5GJvW6Eic=
Subject key identifier:   B2:9A:12:BB:7D:E0:AC:80:A1:46:42:70:68:B0:13:06:98:74:84:68
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       14AE313EFBC17E643D6C4B2C789F607D60887EDF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208301.roa
Signing time:             Thu 07 Aug 2025 10:16:54 +0000
ROA not before:           Thu 07 Aug 2025 10:11:54 +0000
ROA not after:            Thu 06 Aug 2026 10:16:54 +0000
asID:                     208301
IP address blocks:        2a0f:85c1:c46::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:ae:31:3e:fb:c1:7e:64:3d:6c:4b:2c:78:9f:60:7d:60:88:7e:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:11:54 2025 GMT
            Not After : Aug  6 10:16:54 2026 GMT
        Subject: CN=B29A12BB7DE0AC80A146427068B0130698748468
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a8:2e:4d:ca:00:fc:9c:1c:e0:21:64:74:9f:
                    66:ce:da:3e:a8:77:0c:99:86:dc:0d:7e:d0:a1:0c:
                    2d:b6:72:2a:9b:1f:fa:1b:6e:7d:6f:87:29:b2:53:
                    b5:cb:81:d6:63:b6:e8:3b:cb:2e:ca:c8:e3:e1:e6:
                    68:9d:da:1e:be:8d:23:88:ae:bd:a9:b6:21:26:56:
                    51:f2:47:ba:9a:fc:74:e9:16:df:d9:34:d1:ed:23:
                    89:a6:c7:c2:a4:ee:a5:e7:fd:ba:6d:92:1d:2a:9e:
                    a6:0a:bb:da:e9:16:06:e9:06:3f:8c:dd:18:da:ac:
                    71:34:4d:e2:89:5a:d8:28:d6:1a:fa:b6:07:45:57:
                    cf:02:65:a8:8f:d7:6e:0a:2b:94:43:32:44:b8:03:
                    94:42:c6:9d:50:53:ff:48:3d:9a:50:88:a2:35:30:
                    16:52:b6:b0:8c:31:75:e9:8b:dd:aa:b0:45:64:88:
                    06:3b:64:ed:ed:1f:de:98:87:4a:aa:5f:24:3f:47:
                    ae:07:05:7f:cf:c9:e7:dd:68:66:00:5f:19:c7:77:
                    31:2e:e8:fd:4f:8e:fa:79:07:82:85:64:2e:2d:79:
                    bb:03:30:60:37:76:8c:08:9f:ce:35:c4:20:d6:57:
                    b5:b2:86:6d:00:ff:be:05:0d:b8:c9:ff:28:29:97:
                    3d:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:9A:12:BB:7D:E0:AC:80:A1:46:42:70:68:B0:13:06:98:74:84:68
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208301.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c46::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:c7:2b:6a:3b:5b:04:ec:e2:fb:09:01:5a:86:86:7a:80:93:
         fa:10:4e:93:e6:4e:5d:93:60:3e:a9:a8:01:71:14:58:44:40:
         c5:8a:e2:86:39:b7:3c:2b:7e:a5:8b:22:a3:c5:22:16:63:f2:
         3d:01:ea:81:a1:59:d0:b3:79:61:59:e1:ef:8f:8f:17:90:08:
         5f:7d:29:22:04:c6:44:cc:83:c1:e7:1a:a7:53:80:0b:7c:99:
         88:5d:9b:57:af:19:29:59:44:cd:8a:f4:cc:82:9d:e9:b3:a3:
         40:5f:8d:57:fc:c8:cf:b0:e2:75:16:c4:30:d2:51:c9:49:c0:
         d9:eb:f4:2d:a7:7e:93:a8:13:51:0e:3c:24:d7:78:2c:5e:8b:
         55:92:09:cd:39:a5:69:d5:f0:fa:d1:1a:c3:90:e6:11:ea:3c:
         5f:30:b9:a9:27:28:2e:c4:dd:62:f5:a6:30:6f:87:4a:1c:f7:
         1c:4a:1f:b9:db:d4:0e:cf:64:86:67:67:d3:1e:cc:17:30:a1:
         5e:3e:5f:f8:18:f7:5f:6b:b4:a2:55:20:28:de:08:ec:73:db:
         43:a8:f9:19:9f:33:3d:50:6c:30:22:71:f8:2c:d5:e5:0e:da:
         d3:86:30:ea:a6:ed:be:6c:db:df:99:97:63:2a:51:92:61:9f:
         bb:c2:0b:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFK4xPvvBfmQ9bEsseJ9gfWCIft8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDExNTRaFw0yNjA4MDYxMDE2NTRaMDMxMTAvBgNV
BAMTKEIyOUExMkJCN0RFMEFDODBBMTQ2NDI3MDY4QjAxMzA2OTg3NDg0NjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6qC5NygD8nBzgIWR0n2bO2j6o
dwyZhtwNftChDC22ciqbH/obbn1vhymyU7XLgdZjtug7yy7KyOPh5mid2h6+jSOI
rr2ptiEmVlHyR7qa/HTpFt/ZNNHtI4mmx8Kk7qXn/bptkh0qnqYKu9rpFgbpBj+M
3RjarHE0TeKJWtgo1hr6tgdFV88CZaiP124KK5RDMkS4A5RCxp1QU/9IPZpQiKI1
MBZStrCMMXXpi92qsEVkiAY7ZO3tH96Yh0qqXyQ/R64HBX/PyefdaGYAXxnHdzEu
6P1Pjvp5B4KFZC4tebsDMGA3dowIn841xCDWV7Wyhm0A/74FDbjJ/ygplz2BAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUspoSu33grIChRkJwaLATBph0hGgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4MzAxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxGMA0GCSqGSIb3DQEBCwUAA4IBAQAhxytqO1sE7OL7CQFahoZ6gJP6EE6T5k5d
k2A+qagBcRRYREDFiuKGObc8K36liyKjxSIWY/I9AeqBoVnQs3lhWeHvj48XkAhf
fSkiBMZEzIPB5xqnU4ALfJmIXZtXrxkpWUTNivTMgp3ps6NAX41X/MjPsOJ1FsQw
0lHJScDZ6/Qtp36TqBNRDjwk13gsXotVkgnNOaVp1fD60RrDkOYR6jxfMLmpJygu
xN1i9aYwb4dKHPccSh+529QOz2SGZ2fTHswXMKFePl/4GPdfa7SiVSAo3gjsc9tD
qPkZnzM9UGwwInH4LNXlDtrThjDqpu2+bNvfmZdjKlGSYZ+7wgtz
-----END CERTIFICATE-----