Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa
File:                     AS205648.roa (raw, json)
Hash identifier:          PXbpBHduM7baxE5b3lu4EF9psBS0nfzWjQ3wBcRI6/U=
Subject key identifier:   39:81:64:65:97:13:5E:4A:82:65:33:E9:8A:BB:F1:DD:AC:CD:7E:DC
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6A76E05FFF15476F632184D1891463364F1C3193
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa
Signing time:             Thu 25 Sep 2025 03:10:26 +0000
ROA not before:           Thu 25 Sep 2025 03:05:26 +0000
ROA not after:            Thu 24 Sep 2026 03:10:26 +0000
asID:                     205648
IP address blocks:        2a14:7580:fff8::/48 maxlen: 48
                          2a14:7581:3c00::/40 maxlen: 48
                          2a14:7583:f900::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 21:16:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:76:e0:5f:ff:15:47:6f:63:21:84:d1:89:14:63:36:4f:1c:31:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep 25 03:05:26 2025 GMT
            Not After : Sep 24 03:10:26 2026 GMT
        Subject: CN=3981646597135E4A826533E98ABBF1DDACCD7EDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:3c:25:f5:db:4d:25:02:84:13:dc:6b:a5:ac:
                    e1:8c:64:53:f2:81:ed:c0:9f:78:a2:c0:8a:73:98:
                    f1:e6:96:f3:7b:4e:f7:d0:b5:43:5d:c7:12:cb:7f:
                    d9:5d:0b:6a:4b:f2:e8:4f:74:6a:ed:b6:a2:9c:80:
                    c8:6a:69:0a:03:19:f8:8c:8c:af:ca:39:94:f0:85:
                    2a:98:0f:27:9d:78:10:76:62:00:52:75:8a:b6:8a:
                    3b:b5:3f:37:1a:a6:93:5b:60:de:9d:f9:6d:30:4e:
                    10:a0:c2:a0:80:25:e7:c0:f1:4f:cd:ea:38:f6:fc:
                    36:31:ce:e7:65:88:5f:86:d0:1a:64:12:83:96:93:
                    12:ca:fb:ad:f7:0a:fa:57:dc:b6:6e:4c:66:e4:4c:
                    4f:16:1e:c9:6e:c0:e1:1e:2a:52:53:77:f3:53:e7:
                    bf:27:f2:71:f9:eb:fb:0e:88:64:fb:a5:13:cb:02:
                    db:f1:d0:e9:51:05:92:45:5d:b1:9b:c9:61:fc:84:
                    7a:29:8b:7d:66:f3:9d:46:9e:70:6d:9d:49:26:e7:
                    cc:ed:21:0a:43:96:49:2e:3c:e9:05:a6:89:04:fb:
                    6f:b3:7c:75:8b:8d:45:c0:97:65:1e:d3:27:42:3b:
                    36:ee:9e:46:e5:bf:00:07:9e:4d:1d:db:12:5e:14:
                    58:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:81:64:65:97:13:5E:4A:82:65:33:E9:8A:BB:F1:DD:AC:CD:7E:DC
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff8::/48
                  2a14:7581:3c00::/40
                  2a14:7583:f900::/40

    Signature Algorithm: sha256WithRSAEncryption
         06:7b:2d:3e:f0:12:3b:2a:04:3d:de:7b:40:41:32:06:b6:31:
         20:72:be:2f:d8:2f:71:13:25:47:d4:59:f0:54:d0:e2:f4:0f:
         13:6e:79:70:5e:a6:58:ab:96:9e:d2:ae:03:43:02:eb:ef:6a:
         bf:dd:56:bd:6f:30:57:a6:c9:4c:6d:3f:1a:07:22:58:63:ce:
         68:48:c4:cf:e6:e9:af:09:9d:25:ce:77:10:ee:96:70:7c:6c:
         c8:fd:8e:29:1d:c0:20:a4:36:9f:8b:6d:37:99:48:ad:74:5a:
         c8:af:08:65:00:28:9f:cb:bb:9d:a5:e0:ab:e7:56:6d:3b:c2:
         63:b4:d9:ed:1e:1d:82:df:97:aa:96:ee:97:d2:78:53:ee:45:
         d1:24:b3:20:74:88:9a:f8:40:dd:88:a1:0a:f6:41:62:79:0b:
         49:62:d6:57:9a:61:3a:32:f5:0e:77:fa:9b:7d:0a:73:a4:9b:
         96:6a:16:4d:18:e8:f4:80:a8:2b:b7:e1:e4:78:97:70:cd:c8:
         ba:cd:7a:25:89:26:7f:13:b2:57:78:d4:9f:c4:27:21:c4:3f:
         a5:e6:b3:ae:9d:d2:58:86:d9:37:b5:ae:b8:bd:fc:bb:de:a6:
         3d:ee:61:ce:63:38:9b:88:e2:e9:ef:07:33:a2:49:25:0d:db:
         1d:a1:c9:81
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgIUanbgX/8VR29jIYTRiRRjNk8cMZMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MjUwMzA1MjZaFw0yNjA5MjQwMzEwMjZaMDMxMTAvBgNV
BAMTKDM5ODE2NDY1OTcxMzVFNEE4MjY1MzNFOThBQkJGMUREQUNDRDdFREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcPCX1200lAoQT3GulrOGMZFPy
ge3An3iiwIpzmPHmlvN7TvfQtUNdxxLLf9ldC2pL8uhPdGrttqKcgMhqaQoDGfiM
jK/KOZTwhSqYDyedeBB2YgBSdYq2iju1PzcappNbYN6d+W0wThCgwqCAJefA8U/N
6jj2/DYxzudliF+G0BpkEoOWkxLK+633CvpX3LZuTGbkTE8WHsluwOEeKlJTd/NT
578n8nH56/sOiGT7pRPLAtvx0OlRBZJFXbGbyWH8hHopi31m851GnnBtnUkm58zt
IQpDlkkuPOkFpokE+2+zfHWLjUXAl2Ue0ydCOzbunkblvwAHnk0d2xJeFFjbAgMB
AAGjggIdMIICGTAdBgNVHQ4EFgQUOYFkZZcTXkqCZTPpirvx3azNftwwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAAjAZAwcAKhR1
gP/4AwYAKhR1gTwDBgAqFHWD+TANBgkqhkiG9w0BAQsFAAOCAQEABnstPvASOyoE
Pd57QEEyBrYxIHK+L9gvcRMlR9RZ8FTQ4vQPE255cF6mWKuWntKuA0MC6+9qv91W
vW8wV6bJTG0/GgciWGPOaEjEz+bprwmdJc53EO6WcHxsyP2OKR3AIKQ2n4ttN5lI
rXRayK8IZQAon8u7naXgq+dWbTvCY7TZ7R4dgt+Xqpbul9J4U+5F0SSzIHSImvhA
3YihCvZBYnkLSWLWV5phOjL1Dnf6m30Kc6SblmoWTRjo9ICoK7fh5HiXcM3Ius16
JYkmfxOyV3jUn8QnIcQ/peazrp3SWIbZN7WuuL38u96mPe5hzmM4m4ji6e8HM6JJ
JQ3bHaHJgQ==
-----END CERTIFICATE-----
Generated at Mon Oct 20 09:49:32 2025 by rpki-client