Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa
File:                     AS205941.roa (raw, json)
Hash identifier:          9eVdoXZWdiK98irVXtsqZK8T2gd6w8WQU4jklU1isgw=
Subject key identifier:   86:DB:47:D2:99:1E:4F:68:DC:38:0D:D4:43:05:71:1A:0A:AD:33:D3
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6FB84ABBACE4817558FDD2479F0A02CE819F628B
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa
Signing time:             Wed 13 Aug 2025 14:08:45 +0000
ROA not before:           Wed 13 Aug 2025 14:03:45 +0000
ROA not after:            Wed 12 Aug 2026 14:08:45 +0000
asID:                     205941
IP address blocks:        2a14:7580:ff90::/44 maxlen: 48
                          2a14:7583:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:25:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:b8:4a:bb:ac:e4:81:75:58:fd:d2:47:9f:0a:02:ce:81:9f:62:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Aug 13 14:03:45 2025 GMT
            Not After : Aug 12 14:08:45 2026 GMT
        Subject: CN=86DB47D2991E4F68DC380DD44305711A0AAD33D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:93:11:bb:7a:0b:0e:25:1d:aa:3b:ba:86:53:
                    68:62:92:90:a3:b4:d8:ed:21:b7:eb:9f:be:af:5b:
                    9c:77:ca:a7:02:97:e1:34:27:40:00:f3:f4:3a:2e:
                    dc:4b:27:e9:48:48:82:52:db:8c:7b:8d:54:94:84:
                    d1:02:39:50:cc:9c:37:0a:fe:98:f5:6d:15:c7:8a:
                    27:9a:12:96:2c:d1:b7:3d:c9:bc:eb:86:ce:5b:c8:
                    88:54:b6:3b:71:e6:3c:1b:18:20:e1:83:8f:1e:85:
                    13:2f:f7:51:51:b0:04:75:6f:87:96:c9:c2:51:8a:
                    aa:de:c6:2c:d8:91:ae:ab:5e:69:34:5f:c6:99:04:
                    88:da:86:83:30:a6:f8:26:5e:fb:60:f7:24:be:3e:
                    4a:e5:47:73:1a:d7:96:d7:0d:f1:2d:48:3b:de:d0:
                    24:ae:c5:53:56:01:0a:47:dc:a9:07:52:b0:b1:b8:
                    91:e5:3a:a4:63:42:b3:2b:5b:bd:ae:10:cc:f9:55:
                    a2:52:d4:be:12:dd:cb:49:9e:4c:96:e4:11:43:35:
                    04:22:ca:06:45:5e:36:b3:94:83:a9:70:ec:3f:3d:
                    d7:de:59:38:4a:83:a5:35:08:6c:1b:82:bd:25:38:
                    4f:46:09:90:fa:14:43:4d:04:6c:94:23:53:73:2f:
                    99:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DB:47:D2:99:1E:4F:68:DC:38:0D:D4:43:05:71:1A:0A:AD:33:D3
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff90::/44
                  2a14:7583:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         00:9f:bc:40:36:d8:dd:56:01:53:ef:d6:29:0d:0c:cc:88:bb:
         6a:7a:cc:e9:4a:d9:15:c4:3c:17:92:a3:f9:a0:4c:85:82:54:
         2c:6c:99:e4:2e:5b:79:37:e8:da:c3:8c:a4:9d:de:c3:31:7f:
         01:96:70:be:82:cb:f4:91:b3:e2:c4:49:fe:52:af:3d:1c:16:
         cb:57:b8:cd:85:60:75:a2:44:c0:64:72:8c:6c:d6:b4:2b:20:
         19:e8:6c:21:58:05:24:d7:1f:0b:f6:82:95:75:dc:4c:00:af:
         27:f4:3f:f9:74:0f:33:5e:cf:c1:19:20:ba:50:cb:e5:08:4e:
         8e:4f:af:f7:55:b0:bd:f2:6d:34:34:5f:88:0e:64:d0:a2:41:
         68:c5:19:ad:7d:f7:0d:06:79:e0:a3:db:4a:e8:e9:46:42:a3:
         58:56:e4:9a:e6:b1:ad:db:94:1f:8c:fa:b4:78:f4:ef:84:e1:
         ca:ba:38:15:23:90:6e:2d:2b:09:c6:56:6a:ed:f6:cb:2e:dc:
         ba:c4:ff:57:6a:20:85:44:97:86:13:26:54:0f:52:4f:d5:92:
         0f:17:6e:ea:3c:aa:bf:2e:14:3b:b4:1d:b1:91:fe:53:c3:e2:
         11:03:db:fa:7d:63:29:f7:e1:d9:aa:64:ef:66:04:b4:5d:5b:
         97:aa:7e:ee
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUb7hKu6zkgXVY/dJHnwoCzoGfYoswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA4MTMxNDAzNDVaFw0yNjA4MTIxNDA4NDVaMDMxMTAvBgNV
BAMTKDg2REI0N0QyOTkxRTRGNjhEQzM4MERENDQzMDU3MTFBMEFBRDMzRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFkxG7egsOJR2qO7qGU2hikpCj
tNjtIbfrn76vW5x3yqcCl+E0J0AA8/Q6LtxLJ+lISIJS24x7jVSUhNECOVDMnDcK
/pj1bRXHiieaEpYs0bc9ybzrhs5byIhUtjtx5jwbGCDhg48ehRMv91FRsAR1b4eW
ycJRiqrexizYka6rXmk0X8aZBIjahoMwpvgmXvtg9yS+PkrlR3Ma15bXDfEtSDve
0CSuxVNWAQpH3KkHUrCxuJHlOqRjQrMrW72uEMz5VaJS1L4S3ctJnkyW5BFDNQQi
ygZFXjazlIOpcOw/PdfeWThKg6U1CGwbgr0lOE9GCZD6FENNBGyUI1NzL5n7AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUhttH0pkeT2jcOA3UQwVxGgqtM9MwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1OTQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhR1
gP+QAwYEKhR1gyAwDQYJKoZIhvcNAQELBQADggEBAACfvEA22N1WAVPv1ikNDMyI
u2p6zOlK2RXEPBeSo/mgTIWCVCxsmeQuW3k36NrDjKSd3sMxfwGWcL6Cy/SRs+LE
Sf5Srz0cFstXuM2FYHWiRMBkcoxs1rQrIBnobCFYBSTXHwv2gpV13EwAryf0P/l0
DzNez8EZILpQy+UITo5Pr/dVsL3ybTQ0X4gOZNCiQWjFGa199w0GeeCj20ro6UZC
o1hW5Jrmsa3blB+M+rR49O+E4cq6OBUjkG4tKwnGVmrt9ssu3LrE/1dqIIVEl4YT
JlQPUk/Vkg8Xbuo8qr8uFDu0HbGR/lPD4hED2/p9Yyn34dmqZO9mBLRdW5eqfu4=
-----END CERTIFICATE-----