Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208790.roa
File:                     AS208790.roa (raw, json)
Hash identifier:          ++SCKU3IWvJklTeXy2jManeZ5uROQ6iGEI1R0JWnSJ4=
Subject key identifier:   09:8E:BF:96:C3:8E:65:51:65:C9:F4:B2:CD:EB:03:67:32:97:17:13
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       136BFF7891B57230BB088C300E1CAB53CB1ACD69
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208790.roa
Signing time:             Mon 18 Aug 2025 20:55:23 +0000
ROA not before:           Mon 18 Aug 2025 20:50:23 +0000
ROA not after:            Mon 17 Aug 2026 20:55:23 +0000
asID:                     208790
IP address blocks:        2a0f:85c1:c1a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:6b:ff:78:91:b5:72:30:bb:08:8c:30:0e:1c:ab:53:cb:1a:cd:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 18 20:50:23 2025 GMT
            Not After : Aug 17 20:55:23 2026 GMT
        Subject: CN=098EBF96C38E655165C9F4B2CDEB036732971713
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7f:a3:d2:b2:eb:59:22:60:f1:f5:c6:34:b1:
                    8d:84:21:bd:38:a5:28:3d:89:09:20:11:46:ab:c0:
                    a2:71:ab:cf:80:69:d4:40:ab:17:22:f2:fd:a2:af:
                    05:70:f0:0e:6a:50:71:b3:28:55:75:8a:68:8c:ca:
                    f6:d4:44:b0:61:f6:6b:2e:59:db:34:d3:2c:f2:6b:
                    9c:9f:63:1d:a2:e9:f2:3a:df:0e:a7:59:01:8a:82:
                    c4:8a:c9:8a:c0:5f:9c:97:a3:13:f0:51:70:8c:97:
                    ea:1d:3b:52:34:52:8a:8c:a8:c8:a0:ef:b4:ff:4c:
                    a9:ea:29:f5:35:e0:cb:a1:11:47:42:72:96:2a:48:
                    1e:4e:cd:a6:d5:dc:ef:91:9d:32:cb:d2:15:68:4d:
                    ff:7f:b1:85:a8:e3:fc:56:db:f6:d1:c7:89:46:cc:
                    cd:00:8d:c0:ec:7d:46:bc:6a:ef:8d:37:51:a1:4b:
                    ba:7c:5c:02:47:98:93:a5:49:92:b3:64:7d:d8:67:
                    ee:ca:8b:cc:f8:9a:99:1e:cd:83:de:47:07:3e:ff:
                    a6:c4:7e:ca:15:6e:72:91:7a:db:4e:47:76:16:24:
                    3e:a8:a7:5d:1e:2e:d4:83:89:01:0c:04:83:fd:49:
                    46:86:1c:14:96:d3:0a:b3:d7:78:bb:a3:60:2e:d2:
                    44:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:8E:BF:96:C3:8E:65:51:65:C9:F4:B2:CD:EB:03:67:32:97:17:13
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208790.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c1a::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:33:09:d7:dd:80:18:6a:cb:4d:dc:f4:15:f1:ae:2d:04:17:
         54:19:97:3f:c6:51:24:a6:b5:18:53:da:4d:f9:87:18:3d:03:
         76:00:f3:04:4c:3b:94:f5:d8:b5:94:ba:c3:06:96:f2:ca:02:
         df:cd:76:01:04:d2:c5:c6:02:62:36:8c:67:ee:65:e6:12:fe:
         24:d0:39:86:9c:a8:cc:38:93:86:e0:32:85:5a:ca:48:49:9a:
         7b:43:53:6b:86:ff:14:84:2b:97:3f:14:26:0e:08:eb:87:af:
         63:02:b3:87:7a:51:44:c0:a7:8f:f2:8d:29:64:36:ee:0d:40:
         1f:0f:26:4f:56:7f:c0:17:4b:c7:ab:6f:06:a8:6c:cf:e0:19:
         0d:01:93:62:83:e9:cf:b5:d9:1e:c8:96:dc:d7:3c:c9:37:49:
         2f:63:3f:23:21:63:7f:85:58:91:36:1f:98:84:0b:39:9a:b4:
         a6:e7:50:6e:3c:e1:e6:5f:7a:83:65:7b:57:87:0b:d0:f3:ba:
         a4:32:b4:79:ec:91:ea:05:1e:9c:04:3c:58:e0:40:01:01:cc:
         6a:36:55:d9:02:25:35:46:5b:b3:af:7e:d4:c8:da:33:65:52:
         f3:eb:2a:74:22:c2:73:09:ba:56:18:b3:a3:a9:10:91:bd:e2:
         44:96:a9:77
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUE2v/eJG1cjC7CIwwDhyrU8sazWkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MTgyMDUwMjNaFw0yNjA4MTcyMDU1MjNaMDMxMTAvBgNV
BAMTKDA5OEVCRjk2QzM4RTY1NTE2NUM5RjRCMkNERUIwMzY3MzI5NzE3MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnf6PSsutZImDx9cY0sY2EIb04
pSg9iQkgEUarwKJxq8+AadRAqxci8v2irwVw8A5qUHGzKFV1imiMyvbURLBh9msu
Wds00yzya5yfYx2i6fI63w6nWQGKgsSKyYrAX5yXoxPwUXCMl+odO1I0UoqMqMig
77T/TKnqKfU14MuhEUdCcpYqSB5OzabV3O+RnTLL0hVoTf9/sYWo4/xW2/bRx4lG
zM0AjcDsfUa8au+NN1GhS7p8XAJHmJOlSZKzZH3YZ+7Ki8z4mpkezYPeRwc+/6bE
fsoVbnKRettOR3YWJD6op10eLtSDiQEMBIP9SUaGHBSW0wqz13i7o2Au0kRHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCY6/lsOOZVFlyfSyzesDZzKXFxMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4NzkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwaMA0GCSqGSIb3DQEBCwUAA4IBAQAfMwnX3YAYastN3PQV8a4tBBdUGZc/xlEk
prUYU9pN+YcYPQN2APMETDuU9di1lLrDBpbyygLfzXYBBNLFxgJiNoxn7mXmEv4k
0DmGnKjMOJOG4DKFWspISZp7Q1Nrhv8UhCuXPxQmDgjrh69jArOHelFEwKeP8o0p
ZDbuDUAfDyZPVn/AF0vHq28GqGzP4BkNAZNig+nPtdkeyJbc1zzJN0kvYz8jIWN/
hViRNh+YhAs5mrSm51BuPOHmX3qDZXtXhwvQ87qkMrR57JHqBR6cBDxY4EABAcxq
NlXZAiU1Rluzr37UyNozZVLz6yp0IsJzCbpWGLOjqRCRveJElql3
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:57:11 2025 by rpki-client