Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa
File:                     AS208302.roa (raw, json)
Hash identifier:          xZyteg2Xx2jXkoQ0+3LIhUXlufaVYjm86wNPB7wzElE=
Subject key identifier:   68:D5:19:79:1F:4A:84:06:07:AB:02:29:11:E8:81:45:1B:CC:47:D8
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4127B2BE0F98CE1B1E8A19B9FD90A394025C9874
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa
Signing time:             Sat 25 Apr 2026 13:08:33 +0000
ROA not before:           Sat 25 Apr 2026 13:03:33 +0000
ROA not after:            Sat 24 Apr 2027 13:08:33 +0000
asID:                     208302
IP address blocks:        2a0f:85c1:c45::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:27:b2:be:0f:98:ce:1b:1e:8a:19:b9:fd:90:a3:94:02:5c:98:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 25 13:03:33 2026 GMT
            Not After : Apr 24 13:08:33 2027 GMT
        Subject: CN=68D519791F4A840607AB022911E881451BCC47D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:bf:65:9e:f6:d0:fc:4c:ee:56:58:6a:53:44:
                    c5:d9:8b:90:e5:e4:1f:b2:1d:3c:4d:57:66:5c:6a:
                    9f:e7:35:84:6c:9a:30:b9:cb:2d:cb:0d:db:cd:4e:
                    19:42:63:38:0f:85:6f:35:5c:7b:f1:75:17:5e:00:
                    96:fc:3d:9f:bb:b8:a2:88:fe:b0:b6:d0:77:6a:14:
                    c1:de:fc:48:6d:04:2c:64:07:ca:08:e1:2c:6d:7a:
                    5d:d0:33:8e:c2:80:e5:d2:41:23:4f:62:da:ab:6c:
                    ac:23:06:82:f5:48:41:9e:e5:5d:48:df:42:29:c4:
                    e8:76:ac:50:4e:16:cf:14:65:cd:4c:76:e5:ab:c9:
                    ba:de:61:eb:40:64:63:fe:e3:6f:f5:79:57:54:50:
                    e9:4d:61:7c:08:81:ea:b7:14:b9:dc:db:ad:f1:24:
                    85:59:63:32:59:73:ce:bb:ad:d6:41:b8:2d:25:84:
                    73:4b:ab:a6:3e:6f:89:9a:c4:81:e6:0a:a6:4d:bf:
                    a8:b9:5c:f4:21:1a:7e:ec:08:ff:e5:c7:c5:af:15:
                    86:c5:21:c0:0a:e7:ed:d8:51:34:00:cf:02:42:36:
                    46:b6:fb:71:6b:3a:34:31:20:34:85:54:87:df:9a:
                    56:3b:77:64:c0:bd:36:d5:1e:55:b8:cf:d9:16:69:
                    4d:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:D5:19:79:1F:4A:84:06:07:AB:02:29:11:E8:81:45:1B:CC:47:D8
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208302.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c45::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:e5:7d:7b:33:ac:54:aa:c1:66:92:bf:4b:28:31:82:f2:f8:
         7b:16:d0:ed:34:d1:51:f7:31:b7:dd:c0:bd:05:68:fb:ac:d7:
         5a:d3:a2:5c:48:6d:16:f2:74:23:4d:13:bd:77:b0:c3:71:ae:
         76:31:2c:72:df:15:80:55:37:66:50:0f:5b:10:ff:5c:4b:46:
         fb:f6:d1:f8:9b:1b:86:3d:91:8b:ce:d1:5f:25:32:72:3f:8c:
         14:51:25:66:41:21:ef:d7:bd:f4:7d:34:df:ac:b0:6d:3d:a8:
         10:d5:e0:d2:ee:07:0b:97:44:19:ce:99:7a:2a:98:45:54:c9:
         ed:11:b3:66:84:b7:f0:73:40:7a:ab:d9:14:50:bd:35:70:c1:
         1b:95:c2:e5:f8:be:c8:29:26:62:e5:c6:ba:6c:f0:21:11:bb:
         7c:9a:51:80:ce:3f:15:6a:36:24:21:07:b1:f8:25:82:38:22:
         0d:dc:46:bd:23:fd:be:44:61:5b:e0:0d:90:37:50:51:31:65:
         da:06:d9:b7:6a:d3:31:5d:bb:af:22:69:c2:63:b1:e7:4d:35:
         3c:07:ca:43:9c:cf:ab:d8:df:3e:a2:09:01:29:2b:a2:eb:6c:
         91:95:f4:e3:e7:fe:b9:fb:ce:bc:3b:38:fe:1b:9f:79:75:96:
         e9:c7:77:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQSeyvg+Yzhseihm5/ZCjlAJcmHQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MjUxMzAzMzNaFw0yNzA0MjQxMzA4MzNaMDMxMTAvBgNV
BAMTKDY4RDUxOTc5MUY0QTg0MDYwN0FCMDIyOTExRTg4MTQ1MUJDQzQ3RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsv2We9tD8TO5WWGpTRMXZi5Dl
5B+yHTxNV2Zcap/nNYRsmjC5yy3LDdvNThlCYzgPhW81XHvxdRdeAJb8PZ+7uKKI
/rC20HdqFMHe/EhtBCxkB8oI4Sxtel3QM47CgOXSQSNPYtqrbKwjBoL1SEGe5V1I
30IpxOh2rFBOFs8UZc1MduWrybreYetAZGP+42/1eVdUUOlNYXwIgeq3FLnc263x
JIVZYzJZc867rdZBuC0lhHNLq6Y+b4maxIHmCqZNv6i5XPQhGn7sCP/lx8WvFYbF
IcAK5+3YUTQAzwJCNka2+3FrOjQxIDSFVIffmlY7d2TAvTbVHlW4z9kWaU0LAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaNUZeR9KhAYHqwIpEeiBRRvMR9gwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4MzAyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxFMA0GCSqGSIb3DQEBCwUAA4IBAQA45X17M6xUqsFmkr9LKDGC8vh7FtDtNNFR
9zG33cC9BWj7rNda06JcSG0W8nQjTRO9d7DDca52MSxy3xWAVTdmUA9bEP9cS0b7
9tH4mxuGPZGLztFfJTJyP4wUUSVmQSHv1730fTTfrLBtPagQ1eDS7gcLl0QZzpl6
KphFVMntEbNmhLfwc0B6q9kUUL01cMEblcLl+L7IKSZi5ca6bPAhEbt8mlGAzj8V
ajYkIQex+CWCOCIN3Ea9I/2+RGFb4A2QN1BRMWXaBtm3atMxXbuvImnCY7HnTTU8
B8pDnM+r2N8+ogkBKSui62yRlfTj5/65+868Ozj+G595dZbpx3dY
-----END CERTIFICATE-----