Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa
File:                     AS205648.roa (raw, json)
Hash identifier:          P5CilI2JKm3tCCO7jQzY62JeKE71M3UeBTn8JlcIla8=
Subject key identifier:   D1:05:EE:E4:4E:4B:F9:49:78:E0:F2:4F:01:6A:EF:80:02:D7:12:98
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6A361F3BA7D9840149C5E5AC8BA74358B54D6699
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa
Signing time:             Sat 09 Aug 2025 03:11:03 +0000
ROA not before:           Sat 09 Aug 2025 03:06:03 +0000
ROA not after:            Sat 08 Aug 2026 03:11:03 +0000
asID:                     205648
IP address blocks:        2a14:7580:fff8::/48 maxlen: 48
                          2a14:7581:3c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:36:1f:3b:a7:d9:84:01:49:c5:e5:ac:8b:a7:43:58:b5:4d:66:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Aug  9 03:06:03 2025 GMT
            Not After : Aug  8 03:11:03 2026 GMT
        Subject: CN=D105EEE44E4BF94978E0F24F016AEF8002D71298
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:c9:63:ff:49:80:5d:32:a2:0e:9e:89:c7:e4:
                    fd:4a:a7:4f:47:69:30:00:fe:6e:b1:6b:60:c8:a1:
                    dc:79:ba:c3:0b:eb:52:44:43:ab:67:69:00:50:86:
                    1d:8a:07:3b:06:f7:f0:18:23:70:9b:9f:3d:c3:c5:
                    e8:00:9c:f5:a6:b0:42:c3:bc:ea:ef:72:9c:d2:4a:
                    96:a1:15:d5:f6:17:04:d5:67:bd:a1:b5:f6:05:91:
                    92:6b:ae:d0:0e:9c:c7:27:e5:a4:35:77:22:e5:ef:
                    1e:01:4a:e2:6a:be:10:42:41:22:ae:68:1a:66:e7:
                    ff:eb:0a:b4:f3:8a:4c:80:f4:40:cb:84:78:2b:9a:
                    c5:eb:35:d8:b0:3a:dd:d4:d4:a8:2d:e9:fc:38:62:
                    1a:a4:9f:db:f7:a6:3c:aa:87:b0:88:1d:25:cc:68:
                    36:71:b4:8d:b6:3a:74:fe:2c:ee:6e:2b:87:8c:3f:
                    34:5c:eb:16:37:13:2d:5a:c2:7d:2d:bf:ad:2a:5a:
                    fe:89:85:b2:a3:3d:32:95:47:8a:73:2d:86:65:62:
                    e8:ba:bd:e6:11:5a:f0:09:78:97:80:31:0c:db:a0:
                    19:1a:1e:c4:4a:79:3e:85:dd:8c:28:11:9e:cb:69:
                    23:ae:72:36:28:47:fa:cc:0b:f3:60:31:4f:e3:92:
                    79:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:05:EE:E4:4E:4B:F9:49:78:E0:F2:4F:01:6A:EF:80:02:D7:12:98
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205648.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff8::/48
                  2a14:7581:3c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         90:a9:12:39:2f:68:ef:9c:8c:56:25:9e:49:0f:85:b5:cf:85:
         2f:74:14:76:74:b3:5e:3a:57:ee:62:98:bf:7e:10:f7:f2:22:
         b5:12:48:92:0a:f1:24:5c:91:ff:82:9f:6b:bc:b0:07:e3:fc:
         2d:25:50:d8:07:9a:fd:74:93:9b:f2:87:ad:c7:83:b6:12:09:
         5b:62:f3:65:98:a1:3c:0e:ff:44:e8:2d:b0:2a:f1:fb:d0:65:
         5e:63:10:8c:dd:92:9d:7f:ae:1a:05:0f:93:04:3c:7c:ca:96:
         2a:a9:83:e3:6d:48:8b:1a:99:74:c2:31:ca:64:41:dd:d7:7a:
         c9:29:23:c7:8b:52:96:05:60:db:aa:0c:6b:57:c2:8e:50:82:
         98:50:d4:7b:89:bf:38:b1:2c:97:f2:db:90:66:95:9b:9c:d7:
         39:10:50:8c:ae:99:bd:e5:49:0d:fa:13:75:74:a6:e2:9e:49:
         cc:29:da:c6:70:e0:e1:05:32:92:5a:fd:03:77:c7:cb:2a:52:
         04:5c:f6:9c:57:84:80:02:95:79:12:0e:11:7c:95:dc:43:68:
         c8:b4:64:ae:2b:4b:c5:60:85:a3:fb:9d:e2:0f:1e:c4:ec:59:
         44:10:cf:5a:73:bb:a6:22:d4:91:ff:9e:8f:73:4a:52:03:78:
         6f:c2:01:b1
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUajYfO6fZhAFJxeWsi6dDWLVNZpkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA4MDkwMzA2MDNaFw0yNjA4MDgwMzExMDNaMDMxMTAvBgNV
BAMTKEQxMDVFRUU0NEU0QkY5NDk3OEUwRjI0RjAxNkFFRjgwMDJENzEyOTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdyWP/SYBdMqIOnonH5P1Kp09H
aTAA/m6xa2DIodx5usML61JEQ6tnaQBQhh2KBzsG9/AYI3Cbnz3DxegAnPWmsELD
vOrvcpzSSpahFdX2FwTVZ72htfYFkZJrrtAOnMcn5aQ1dyLl7x4BSuJqvhBCQSKu
aBpm5//rCrTzikyA9EDLhHgrmsXrNdiwOt3U1Kgt6fw4Yhqkn9v3pjyqh7CIHSXM
aDZxtI22OnT+LO5uK4eMPzRc6xY3Ey1awn0tv60qWv6JhbKjPTKVR4pzLYZlYui6
veYRWvAJeJeAMQzboBkaHsRKeT6F3YwoEZ7LaSOucjYoR/rMC/NgMU/jknmfAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU0QXu5E5L+Ul44PJPAWrvgALXEpgwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1NjQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhR1
gP/4AwYAKhR1gTwwDQYJKoZIhvcNAQELBQADggEBAJCpEjkvaO+cjFYlnkkPhbXP
hS90FHZ0s146V+5imL9+EPfyIrUSSJIK8SRckf+Cn2u8sAfj/C0lUNgHmv10k5vy
h63Hg7YSCVti82WYoTwO/0ToLbAq8fvQZV5jEIzdkp1/rhoFD5MEPHzKliqpg+Nt
SIsamXTCMcpkQd3XeskpI8eLUpYFYNuqDGtXwo5QgphQ1HuJvzixLJfy25BmlZuc
1zkQUIyumb3lSQ36E3V0puKeScwp2sZw4OEFMpJa/QN3x8sqUgRc9pxXhIAClXkS
DhF8ldxDaMi0ZK4rS8VghaP7neIPHsTsWUQQz1pzu6Yi1JH/no9zSlIDeG/CAbE=
-----END CERTIFICATE-----