Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205305.roa
File:                     AS205305.roa (raw, json)
Hash identifier:          yowVRedMMdGT8uzaNsJEKgbcY2oJKXFM46fY8zEGZVo=
Subject key identifier:   29:DA:B2:2F:E3:27:80:21:C7:6E:66:22:92:49:D6:98:DD:76:C7:DD
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4B04A84F4469F8BC4222392AF22E4E161D9CBDE3
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205305.roa
Signing time:             Fri 01 May 2026 14:08:49 +0000
ROA not before:           Fri 01 May 2026 14:03:49 +0000
ROA not after:            Fri 30 Apr 2027 14:08:49 +0000
asID:                     205305
IP address blocks:        2a14:7584:a001::/48 maxlen: 48
                          2a14:7587:b000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:04:a8:4f:44:69:f8:bc:42:22:39:2a:f2:2e:4e:16:1d:9c:bd:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May  1 14:03:49 2026 GMT
            Not After : Apr 30 14:08:49 2027 GMT
        Subject: CN=29DAB22FE3278021C76E66229249D698DD76C7DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:82:8f:b0:a5:16:f6:db:80:b5:b1:57:76:ed:
                    fd:17:60:88:af:9f:c0:d8:5b:93:09:97:00:30:ae:
                    69:bb:41:46:41:75:0b:4f:5e:14:cf:53:86:bc:f6:
                    ad:10:27:47:3b:a8:8f:b2:00:55:ad:c4:8e:30:0b:
                    0e:88:67:25:b3:b6:cc:07:1a:cc:18:52:cc:83:e7:
                    be:8a:f7:ee:c1:a0:15:bd:19:e2:45:b1:e1:0b:53:
                    b3:26:8a:93:1a:fa:ad:eb:c3:40:9d:2a:09:8e:f1:
                    ae:50:33:25:11:9f:cc:ba:bd:fc:64:c9:91:6f:e5:
                    cd:a9:44:c7:27:2a:1e:b9:32:94:d3:bc:ac:f2:02:
                    22:c4:c1:c4:89:8a:fa:70:95:49:c6:1d:25:79:b6:
                    74:45:e3:94:4e:fa:4b:9f:92:4c:c4:7e:86:12:7f:
                    98:d9:b1:ee:f6:d6:f5:1e:07:c8:52:2d:0c:18:bc:
                    ef:e1:a7:41:fc:99:3d:fd:19:26:2e:ac:55:42:d9:
                    92:b8:35:03:14:a1:6d:5e:3e:a1:30:0a:c9:fd:f5:
                    95:0b:f4:25:28:f1:9b:4e:d0:dc:76:f3:86:e6:b2:
                    84:63:8f:37:9c:47:3d:0d:a1:ad:5e:79:d7:ee:88:
                    cc:32:e9:8d:4e:20:68:92:00:ca:ba:7e:3d:93:22:
                    24:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:DA:B2:2F:E3:27:80:21:C7:6E:66:22:92:49:D6:98:DD:76:C7:DD
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205305.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:a001::/48
                  2a14:7587:b000::/36

    Signature Algorithm: sha256WithRSAEncryption
         56:ac:61:86:1e:49:04:5a:a9:b6:2b:4c:1e:55:11:4e:64:9e:
         bb:d0:23:ad:fd:ca:7a:0c:28:dd:3b:88:b5:e2:0a:27:2b:4a:
         cb:9b:00:96:39:de:23:87:d5:56:3a:c2:a4:73:d7:40:c5:54:
         63:d7:12:72:ff:9b:ad:03:90:4f:69:4b:3c:9d:47:52:91:ae:
         78:58:2d:9b:e6:77:b7:78:7b:9f:0c:c9:f2:11:2b:78:b9:5e:
         9f:fc:17:a6:ef:a1:fc:fa:f3:74:4f:f2:1a:ff:0c:6e:2d:ba:
         b4:fa:ec:5b:7a:e6:6e:63:4c:92:19:88:a3:ab:e8:ce:9e:5d:
         86:7f:55:e8:75:c4:b8:93:c4:39:78:36:13:b4:69:3c:c9:56:
         62:d1:7a:b5:98:a3:94:ba:ed:f2:f9:23:4e:f9:74:b2:d3:23:
         04:65:4d:4e:59:2f:1e:68:62:63:72:45:95:1c:22:6f:9b:41:
         eb:36:8c:a9:6f:09:4b:80:d4:91:cc:e0:fa:71:86:c7:3e:ff:
         fa:98:48:cd:1b:5d:4c:93:5b:4c:78:a4:ec:06:9d:76:2f:2c:
         44:fa:8e:7b:80:dd:61:6d:29:b8:a8:bd:42:e3:5d:72:dc:18:
         8b:44:99:22:80:56:21:7c:d2:93:55:24:84:7b:e8:b3:59:99:
         53:fa:4e:16
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUSwSoT0Rp+LxCIjkq8i5OFh2cveMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MDExNDAzNDlaFw0yNzA0MzAxNDA4NDlaMDMxMTAvBgNV
BAMTKDI5REFCMjJGRTMyNzgwMjFDNzZFNjYyMjkyNDlENjk4REQ3NkM3REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrgo+wpRb224C1sVd27f0XYIiv
n8DYW5MJlwAwrmm7QUZBdQtPXhTPU4a89q0QJ0c7qI+yAFWtxI4wCw6IZyWztswH
GswYUsyD576K9+7BoBW9GeJFseELU7MmipMa+q3rw0CdKgmO8a5QMyURn8y6vfxk
yZFv5c2pRMcnKh65MpTTvKzyAiLEwcSJivpwlUnGHSV5tnRF45RO+kufkkzEfoYS
f5jZse721vUeB8hSLQwYvO/hp0H8mT39GSYurFVC2ZK4NQMUoW1ePqEwCsn99ZUL
9CUo8ZtO0Nx284bmsoRjjzecRz0Noa1eedfuiMwy6Y1OIGiSAMq6fj2TIiSvAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUKdqyL+MngCHHbmYikknWmN12x90wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1MzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhR1
hKABAwYEKhR1h7AwDQYJKoZIhvcNAQELBQADggEBAFasYYYeSQRaqbYrTB5VEU5k
nrvQI639ynoMKN07iLXiCicrSsubAJY53iOH1VY6wqRz10DFVGPXEnL/m60DkE9p
SzydR1KRrnhYLZvmd7d4e58MyfIRK3i5Xp/8F6bvofz683RP8hr/DG4turT67Ft6
5m5jTJIZiKOr6M6eXYZ/Veh1xLiTxDl4NhO0aTzJVmLRerWYo5S67fL5I075dLLT
IwRlTU5ZLx5oYmNyRZUcIm+bQes2jKlvCUuA1JHM4Ppxhsc+//qYSM0bXUyTW0x4
pOwGnXYvLET6jnuA3WFtKbiovULjXXLcGItEmSKAViF80pNVJIR76LNZmVP6ThY=
-----END CERTIFICATE-----