Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205018.roa
File:                     AS205018.roa (raw, json)
Hash identifier:          LnGiV728ron57W7Sz94mqXsNoLJ6pX0T6Ze/+I1YY84=
Subject key identifier:   1A:19:82:25:61:AA:19:A8:86:07:DD:F0:43:FF:FB:61:54:C2:CC:8C
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1B4DDC06A697A41E3DB9ECBE07C2F935B84430A8
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205018.roa
Signing time:             Sun 14 Sep 2025 15:59:07 +0000
ROA not before:           Sun 14 Sep 2025 15:54:07 +0000
ROA not after:            Sun 13 Sep 2026 15:59:07 +0000
asID:                     205018
IP address blocks:        2a14:7583:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:4d:dc:06:a6:97:a4:1e:3d:b9:ec:be:07:c2:f9:35:b8:44:30:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep 14 15:54:07 2025 GMT
            Not After : Sep 13 15:59:07 2026 GMT
        Subject: CN=1A19822561AA19A88607DDF043FFFB6154C2CC8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:93:da:82:8d:fd:dd:05:e1:61:04:69:f9:aa:
                    b7:94:dc:28:6e:87:3a:84:95:b6:a6:16:76:74:cf:
                    1c:a5:98:10:a1:7e:3d:c8:e6:f9:16:35:9a:63:b0:
                    5e:92:16:36:ce:5a:35:d8:d4:d3:20:86:8b:71:07:
                    b7:75:b4:53:cc:14:79:b2:c3:67:0f:9f:43:72:f1:
                    5e:8a:60:6e:2e:c2:86:1e:78:e2:9f:3c:f6:f0:1f:
                    ab:cb:21:a8:49:c1:00:3a:15:2f:da:fe:c2:d5:08:
                    ba:7b:fc:d2:8a:28:29:16:14:1c:70:cb:e0:bd:e8:
                    68:0a:9f:89:cc:31:f8:fe:a3:e8:d7:7b:f5:a9:97:
                    f8:9a:4c:9f:e8:fa:f3:d9:7c:18:20:47:9e:cb:bf:
                    eb:12:b8:26:b0:d1:e4:10:61:93:d8:97:be:84:45:
                    c3:06:ae:ec:92:72:89:21:6d:b5:be:0a:88:66:31:
                    4a:50:d6:c3:6d:d8:76:2c:ce:06:2e:aa:10:d8:12:
                    52:96:37:04:c3:f2:23:3e:ce:c5:d7:41:14:7a:ec:
                    79:22:14:09:53:e3:33:e0:75:73:c9:3a:e2:f2:3a:
                    3d:45:63:bf:eb:44:e8:30:ae:11:ab:41:2a:b4:b2:
                    26:02:eb:b5:ff:02:ef:ae:51:04:0f:f2:2c:1f:38:
                    93:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:19:82:25:61:AA:19:A8:86:07:DD:F0:43:FF:FB:61:54:C2:CC:8C
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205018.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         62:90:b1:c3:03:f6:1e:8c:25:12:3a:3c:4b:e8:07:05:f6:ce:
         4f:d9:f4:fe:fb:41:c3:60:12:3f:4e:86:49:8d:aa:f3:08:e2:
         1b:18:0d:ef:bb:72:44:e5:74:7e:c2:d7:81:d9:5a:b6:c2:d7:
         b3:0b:23:a6:48:3d:1b:ee:ca:47:72:e0:50:0d:fe:48:46:65:
         19:e1:e0:94:b0:8a:90:cf:ca:80:95:50:18:7f:e5:8f:f8:76:
         24:d7:1f:13:f2:97:c9:af:5d:9a:63:71:4f:46:3c:83:92:b7:
         f7:1b:a7:38:d1:a4:00:54:5b:7f:d2:5b:66:f0:ec:7b:3c:dd:
         5e:63:d2:b2:bf:06:de:bc:57:94:05:23:74:99:30:4a:41:0a:
         a2:8c:31:86:56:40:e1:28:97:23:7d:d8:45:fe:a2:70:17:99:
         ff:04:c5:ed:db:c8:e7:dd:a1:6d:de:50:b9:f5:d0:65:be:31:
         c9:98:5d:0f:b0:21:0c:72:89:7b:a5:50:e0:0c:b3:94:e9:04:
         e8:23:6b:4a:16:65:92:8f:63:57:82:c9:f7:27:b9:01:79:a7:
         bf:ff:9c:74:1a:d5:36:fd:31:8e:27:80:68:b5:3a:6f:17:70:
         e1:89:e5:1c:da:35:48:92:b9:a4:db:64:eb:de:2e:11:cc:02:
         60:97:3b:f2
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUG03cBqaXpB49uey+B8L5NbhEMKgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MTQxNTU0MDdaFw0yNjA5MTMxNTU5MDdaMDMxMTAvBgNV
BAMTKDFBMTk4MjI1NjFBQTE5QTg4NjA3RERGMDQzRkZGQjYxNTRDMkNDOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSk9qCjf3dBeFhBGn5qreU3Chu
hzqElbamFnZ0zxylmBChfj3I5vkWNZpjsF6SFjbOWjXY1NMghotxB7d1tFPMFHmy
w2cPn0Ny8V6KYG4uwoYeeOKfPPbwH6vLIahJwQA6FS/a/sLVCLp7/NKKKCkWFBxw
y+C96GgKn4nMMfj+o+jXe/Wpl/iaTJ/o+vPZfBggR57Lv+sSuCaw0eQQYZPYl76E
RcMGruyScokhbbW+CohmMUpQ1sNt2HYszgYuqhDYElKWNwTD8iM+zsXXQRR67Hki
FAlT4zPgdXPJOuLyOj1FY7/rROgwrhGrQSq0siYC67X/Au+uUQQP8iwfOJN3AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUGhmCJWGqGaiGB93wQ//7YVTCzIwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1MDE4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
g4AwDQYJKoZIhvcNAQELBQADggEBAGKQscMD9h6MJRI6PEvoBwX2zk/Z9P77QcNg
Ej9OhkmNqvMI4hsYDe+7ckTldH7C14HZWrbC17MLI6ZIPRvuykdy4FAN/khGZRnh
4JSwipDPyoCVUBh/5Y/4diTXHxPyl8mvXZpjcU9GPIOSt/cbpzjRpABUW3/SW2bw
7Hs83V5j0rK/Bt68V5QFI3SZMEpBCqKMMYZWQOEolyN92EX+onAXmf8Exe3byOfd
oW3eULn10GW+McmYXQ+wIQxyiXulUOAMs5TpBOgja0oWZZKPY1eCyfcnuQF5p7//
nHQa1Tb9MY4ngGi1Om8XcOGJ5RzaNUiSuaTbZOveLhHMAmCXO/I=
-----END CERTIFICATE-----