Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa
File:                     AS205941.roa (raw, json)
Hash identifier:          1f6XHvvasNa5aozPvsJKjbWdRaGLabaqutRH5UnVCjw=
Subject key identifier:   15:45:B6:F2:A3:18:4F:30:74:5D:86:51:48:4F:67:76:B9:26:50:A4
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       20E8061F02048987F7FFCA71DE5029E340485F4F
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa
Signing time:             Mon 20 Apr 2026 14:29:49 +0000
ROA not before:           Mon 20 Apr 2026 14:24:49 +0000
ROA not after:            Mon 19 Apr 2027 14:29:49 +0000
asID:                     205941
IP address blocks:        2a14:7580:ff9e::/48 maxlen: 48
                          2a14:7580:ff9f::/48 maxlen: 48
                          2a14:7585:b00b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:e8:06:1f:02:04:89:87:f7:ff:ca:71:de:50:29:e3:40:48:5f:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 20 14:24:49 2026 GMT
            Not After : Apr 19 14:29:49 2027 GMT
        Subject: CN=1545B6F2A3184F30745D8651484F6776B92650A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:ba:7d:73:f2:30:c6:cd:c1:55:8e:f2:fa:a3:
                    ff:84:86:f4:a8:03:30:51:2c:10:38:a2:32:3f:35:
                    2c:cb:76:5f:a7:ca:b2:fa:77:f0:56:d0:20:0f:ac:
                    b0:8a:fc:cd:ee:01:15:b8:2f:11:08:a6:85:e7:e4:
                    ef:17:10:4d:98:fd:e4:8e:41:99:ad:3f:0c:d5:ef:
                    cc:b3:58:f0:8d:2c:4c:7e:0d:c8:6b:bd:89:d5:4d:
                    54:ad:9c:e1:c6:c8:df:d9:58:3f:4f:61:5d:7a:51:
                    3b:5e:2e:2c:f4:1d:33:7b:b5:14:19:7b:9a:b4:c8:
                    da:13:5e:a3:f2:5d:c6:65:ea:bb:3e:86:39:0f:eb:
                    72:3c:f4:c8:ec:a8:15:9e:0d:6a:67:ec:06:0c:a8:
                    d9:3b:cf:ba:f6:bb:e2:32:ae:17:93:d4:e9:7e:bc:
                    66:5d:4d:ec:c3:d6:7b:74:76:44:a7:68:a7:aa:99:
                    cb:1d:33:4d:24:d9:55:75:04:37:ad:4c:c1:4f:7e:
                    dd:ca:24:12:04:8b:59:88:1a:09:93:26:f1:f7:56:
                    9d:2a:23:05:14:63:87:93:73:b8:0e:d7:34:00:18:
                    ab:bc:2f:f6:d8:96:19:e7:13:68:4b:4c:b4:2e:14:
                    3e:bc:d3:8d:3f:42:9b:5b:b4:f1:67:4e:21:24:60:
                    bb:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:45:B6:F2:A3:18:4F:30:74:5D:86:51:48:4F:67:76:B9:26:50:A4
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205941.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ff9e::/47
                  2a14:7585:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         1d:36:f6:69:60:9d:1b:7c:74:ff:c8:9b:8c:4c:f9:e7:0a:9d:
         5c:d3:3b:a0:ef:e4:e1:89:5c:79:5a:ce:84:9e:83:2c:c3:a3:
         16:43:e3:02:d5:bf:8f:6f:0d:2f:d3:5a:c6:63:1a:40:07:64:
         9e:7d:19:e1:27:5d:ec:45:f3:21:80:94:35:02:b4:9f:e9:64:
         0b:c3:bc:48:26:12:fc:66:96:50:32:b5:45:ee:13:90:88:ec:
         4c:bd:f4:84:01:61:51:86:90:ee:32:8e:a9:46:3f:5f:4d:59:
         82:5e:d3:5a:b4:36:45:54:ac:b7:d4:30:37:8c:fd:d5:bf:0e:
         42:cc:93:34:09:8b:dc:5f:d9:e3:a5:0d:a6:9f:c5:5f:aa:ad:
         20:f7:97:4c:04:16:84:c8:36:7f:d3:72:53:56:81:8e:04:b3:
         d4:b7:01:76:7d:0c:2e:31:54:ac:ab:cc:92:7d:b3:a8:f6:f5:
         62:c0:da:f9:73:df:46:b8:86:b3:43:80:ec:e8:cd:15:6e:5e:
         41:6b:4b:d7:56:33:2b:b7:0c:d2:26:9c:4a:78:77:eb:bd:27:
         65:09:7d:af:3f:b1:3d:05:4b:2b:7e:ca:50:94:b2:98:f6:0a:
         4b:ef:e5:c5:af:ca:b9:1f:73:bb:cc:ea:9a:2e:cc:b7:35:0c:
         5b:7f:38:d4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUIOgGHwIEiYf3/8px3lAp40BIX08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MjAxNDI0NDlaFw0yNzA0MTkxNDI5NDlaMDMxMTAvBgNV
BAMTKDE1NDVCNkYyQTMxODRGMzA3NDVEODY1MTQ4NEY2Nzc2QjkyNjUwQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeun1z8jDGzcFVjvL6o/+EhvSo
AzBRLBA4ojI/NSzLdl+nyrL6d/BW0CAPrLCK/M3uARW4LxEIpoXn5O8XEE2Y/eSO
QZmtPwzV78yzWPCNLEx+DchrvYnVTVStnOHGyN/ZWD9PYV16UTteLiz0HTN7tRQZ
e5q0yNoTXqPyXcZl6rs+hjkP63I89MjsqBWeDWpn7AYMqNk7z7r2u+IyrheT1Ol+
vGZdTezD1nt0dkSnaKeqmcsdM00k2VV1BDetTMFPft3KJBIEi1mIGgmTJvH3Vp0q
IwUUY4eTc7gO1zQAGKu8L/bYlhnnE2hLTLQuFD68040/QptbtPFnTiEkYLvRAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUFUW28qMYTzB0XYZRSE9ndrkmUKQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1OTQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcBKhR1
gP+eAwcAKhR1hbALMA0GCSqGSIb3DQEBCwUAA4IBAQAdNvZpYJ0bfHT/yJuMTPnn
Cp1c0zug7+ThiVx5Ws6EnoMsw6MWQ+MC1b+Pbw0v01rGYxpAB2SefRnhJ13sRfMh
gJQ1ArSf6WQLw7xIJhL8ZpZQMrVF7hOQiOxMvfSEAWFRhpDuMo6pRj9fTVmCXtNa
tDZFVKy31DA3jP3Vvw5CzJM0CYvcX9njpQ2mn8Vfqq0g95dMBBaEyDZ/03JTVoGO
BLPUtwF2fQwuMVSsq8ySfbOo9vViwNr5c99GuIazQ4Ds6M0Vbl5Ba0vXVjMrtwzS
JpxKeHfrvSdlCX2vP7E9BUsrfspQlLKY9gpL7+XFr8q5H3O7zOqaLsy3NQxbfzjU
-----END CERTIFICATE-----