Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205271.roa
File:                     AS205271.roa (raw, json)
Hash identifier:          hSsKUfGV2DgyRklp0tjJc0ddaB+7S6KtcoGoEkkSDy8=
Subject key identifier:   C7:8F:50:39:7C:D0:F6:88:60:EE:77:27:96:39:08:F6:68:4C:14:42
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6C2C0583104C51E8D300A002A9E031158F40553D
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205271.roa
Signing time:             Wed 20 Aug 2025 12:14:44 +0000
ROA not before:           Wed 20 Aug 2025 12:09:44 +0000
ROA not after:            Wed 19 Aug 2026 12:14:44 +0000
asID:                     205271
IP address blocks:        2a14:7580:fff9::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:2c:05:83:10:4c:51:e8:d3:00:a0:02:a9:e0:31:15:8f:40:55:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Aug 20 12:09:44 2025 GMT
            Not After : Aug 19 12:14:44 2026 GMT
        Subject: CN=C78F50397CD0F68860EE7727963908F6684C1442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:6c:df:0e:c4:eb:ef:c5:1d:e1:e4:a2:a7:fa:
                    e3:94:76:98:f2:14:13:98:16:ec:e0:52:38:be:43:
                    21:ea:f1:59:d6:cc:61:c2:e7:8f:8a:4e:38:ff:df:
                    6e:32:af:01:ab:87:5c:a1:96:7a:e7:fd:49:8b:1d:
                    6b:53:03:78:a6:92:19:e4:fd:0c:33:87:13:56:9d:
                    b7:d7:cb:70:92:40:d5:26:e1:76:bd:b7:61:e6:f1:
                    e4:c2:47:71:18:c3:d2:f5:93:c5:a4:1d:da:46:2f:
                    ba:7e:89:37:30:07:0d:7b:bb:53:ed:70:61:e5:1c:
                    17:d9:dd:1a:f2:2f:97:73:b0:17:5a:2f:4d:a6:ed:
                    09:b2:e5:ba:f2:8f:7e:6f:73:93:57:68:70:36:68:
                    7d:c1:9d:d6:b1:7a:c8:05:d0:72:a9:3d:d0:71:b9:
                    ac:34:14:6c:dc:51:18:4f:52:73:fb:3b:c9:e2:aa:
                    4c:24:e2:14:71:d9:1a:ff:72:32:ab:bb:a1:18:41:
                    3b:0c:b1:34:02:71:a8:16:83:f4:ca:10:24:4f:09:
                    a1:58:23:d4:6f:96:27:ed:55:e9:ae:13:f9:2d:2d:
                    ac:ae:1c:67:2e:c3:3d:bf:a8:ed:17:02:c0:57:5e:
                    4b:0f:e6:f6:45:5a:a9:62:0d:e9:bd:9f:a4:6b:d1:
                    13:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:8F:50:39:7C:D0:F6:88:60:EE:77:27:96:39:08:F6:68:4C:14:42
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205271.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff9::/48

    Signature Algorithm: sha256WithRSAEncryption
         8d:a8:a3:5a:68:9f:4b:ac:12:c6:c8:9c:a4:bd:06:00:9e:f3:
         48:17:c4:fa:db:e9:97:c4:fb:ce:17:99:1e:41:73:d6:3d:1f:
         65:9d:83:ec:11:88:8b:45:29:c5:44:f3:2e:f5:8d:ca:9d:ee:
         7e:5c:8c:5c:33:64:1b:a8:73:b4:64:f3:6b:40:72:16:28:12:
         58:95:b4:b3:01:2c:7f:00:de:47:75:5e:f3:04:db:21:4c:90:
         30:a1:4c:ca:56:b4:58:f3:7d:71:d2:6b:a9:36:e6:aa:32:74:
         af:07:14:84:08:67:3e:fe:ff:61:dc:72:35:44:02:74:9b:23:
         eb:2c:94:3b:19:f6:5c:2d:6c:14:7b:ab:c3:d2:f5:18:7d:bb:
         92:e7:f2:f4:be:b5:69:ff:22:98:c9:e6:01:8f:e3:0e:98:64:
         8f:e3:1e:87:1d:2a:e9:e2:00:eb:21:09:21:0f:a6:4e:d2:04:
         03:14:0a:5e:06:f0:eb:54:1d:6b:00:ad:4a:48:aa:06:d5:f9:
         d6:fc:83:a3:96:f7:3e:2b:a7:e4:c4:4d:af:8e:50:22:31:1f:
         e8:06:ae:e5:53:7f:d4:37:6b:a1:be:24:a6:ba:c7:15:48:37:
         ce:e9:e6:4f:9c:ff:b4:23:38:11:9e:66:67:3d:17:ea:79:f8:
         db:27:08:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUbCwFgxBMUejTAKACqeAxFY9AVT0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA4MjAxMjA5NDRaFw0yNjA4MTkxMjE0NDRaMDMxMTAvBgNV
BAMTKEM3OEY1MDM5N0NEMEY2ODg2MEVFNzcyNzk2MzkwOEY2Njg0QzE0NDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvbN8OxOvvxR3h5KKn+uOUdpjy
FBOYFuzgUji+QyHq8VnWzGHC54+KTjj/324yrwGrh1yhlnrn/UmLHWtTA3imkhnk
/QwzhxNWnbfXy3CSQNUm4Xa9t2Hm8eTCR3EYw9L1k8WkHdpGL7p+iTcwBw17u1Pt
cGHlHBfZ3RryL5dzsBdaL02m7Qmy5bryj35vc5NXaHA2aH3BndaxesgF0HKpPdBx
uaw0FGzcURhPUnP7O8niqkwk4hRx2Rr/cjKru6EYQTsMsTQCcagWg/TKECRPCaFY
I9RvliftVemuE/ktLayuHGcuwz2/qO0XAsBXXksP5vZFWqliDem9n6Rr0RPbAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUx49QOXzQ9ohg7ncnljkI9mhMFEIwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1MjcxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gP/5MA0GCSqGSIb3DQEBCwUAA4IBAQCNqKNaaJ9LrBLGyJykvQYAnvNIF8T62+mX
xPvOF5keQXPWPR9lnYPsEYiLRSnFRPMu9Y3Kne5+XIxcM2QbqHO0ZPNrQHIWKBJY
lbSzASx/AN5HdV7zBNshTJAwoUzKVrRY831x0mupNuaqMnSvBxSECGc+/v9h3HI1
RAJ0myPrLJQ7GfZcLWwUe6vD0vUYfbuS5/L0vrVp/yKYyeYBj+MOmGSP4x6HHSrp
4gDrIQkhD6ZO0gQDFApeBvDrVB1rAK1KSKoG1fnW/IOjlvc+K6fkxE2vjlAiMR/o
Bq7lU3/UN2uhviSmuscVSDfO6eZPnP+0IzgRnmZnPRfqefjbJwik
-----END CERTIFICATE-----