Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206491.roa
File:                     AS206491.roa (raw, json)
Hash identifier:          b+uqzgYT4yP8g45m5FH+v4eh+t1sQLzUvCqjQVYdwI8=
Subject key identifier:   12:A5:E7:9A:A8:A9:5E:38:38:EC:05:5A:46:5A:0D:DD:3E:A9:85:B9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       704D1DD61D2FDC8127DF0F2120E792C4EA91A095
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206491.roa
Signing time:             Sun 19 Oct 2025 04:29:02 +0000
ROA not before:           Sun 19 Oct 2025 04:24:02 +0000
ROA not after:            Sun 18 Oct 2026 04:29:02 +0000
asID:                     206491
IP address blocks:        2a14:7583:fb02::/48 maxlen: 48
                          2a14:7584:d002::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            70:4d:1d:d6:1d:2f:dc:81:27:df:0f:21:20:e7:92:c4:ea:91:a0:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct 19 04:24:02 2025 GMT
            Not After : Oct 18 04:29:02 2026 GMT
        Subject: CN=12A5E79AA8A95E3838EC055A465A0DDD3EA985B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d4:0e:c0:97:4a:68:66:cb:d6:c8:dc:c3:fb:
                    76:e1:97:8b:e4:6d:b5:5c:31:9f:c0:95:ff:68:71:
                    fa:47:44:30:26:77:ef:0f:99:d1:20:6a:af:0d:57:
                    d5:b3:08:2d:da:2d:aa:91:2e:a0:e2:f8:db:c9:ae:
                    30:32:8c:58:29:8f:e5:a4:13:7a:fd:83:ea:30:2a:
                    e2:27:ab:13:40:64:ee:3f:c8:14:c3:b3:0d:03:ad:
                    17:ea:cb:06:3e:0e:5b:46:be:98:67:bf:97:44:f5:
                    bf:b2:6e:f7:77:70:08:7c:17:d9:5f:50:f8:ff:db:
                    e7:e9:62:ec:c8:03:12:6f:14:56:b1:2d:dd:d7:64:
                    d0:fc:5c:2f:dd:a2:ed:d1:90:2c:78:ba:48:64:e5:
                    3d:12:02:75:ac:fa:cd:f1:88:8a:66:e6:5a:c5:e6:
                    15:e8:40:c4:26:5e:1a:18:a2:9e:af:81:43:5d:c6:
                    43:98:38:9a:28:65:c3:c9:d9:ef:b2:d6:e9:86:eb:
                    26:fc:f7:72:a8:db:b9:ab:bd:0d:5b:66:b8:f2:99:
                    c9:2b:40:9d:0b:bf:c2:db:bb:09:83:ad:68:96:32:
                    e2:85:fc:5c:1f:49:89:94:51:7e:6d:b5:a0:7c:ab:
                    31:ff:d2:9e:20:d2:93:b5:3b:c7:e3:56:9b:c2:d8:
                    aa:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A5:E7:9A:A8:A9:5E:38:38:EC:05:5A:46:5A:0D:DD:3E:A9:85:B9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206491.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:fb02::/48
                  2a14:7584:d002::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:95:38:f2:8f:72:65:d1:6e:18:9a:e0:1f:f9:f5:e9:4b:d7:
         0b:be:d6:aa:79:d6:aa:0b:50:bb:88:27:43:5c:d9:35:4f:ba:
         32:da:bd:3c:87:2b:20:b6:03:ec:e9:d6:d3:c1:1e:47:de:a4:
         ea:26:f4:37:17:33:35:8e:59:66:97:ea:bd:27:7c:fe:3a:2e:
         81:22:73:3f:4b:db:c0:60:ed:df:f1:8d:e1:55:dc:cd:84:7f:
         72:a5:8d:d3:65:f8:1c:d9:4d:08:5e:15:f9:2e:df:b0:f2:21:
         93:e4:fd:80:91:f4:8e:27:38:0b:e7:b7:78:e3:4e:5f:89:c2:
         7d:84:62:51:4a:fb:4b:a6:26:6e:52:7b:a0:0b:03:2b:6b:bd:
         e7:b4:24:85:40:df:a8:ec:fa:d3:c7:25:86:9f:ef:f3:70:61:
         58:00:f8:23:d9:07:4d:f3:a3:1c:b8:b1:6f:96:e6:9a:bb:d4:
         83:68:a3:f6:ad:fb:69:13:41:e5:07:04:1f:9e:75:98:bd:ca:
         14:16:92:4c:ba:8d:71:42:12:66:e8:c4:53:12:18:1c:a3:2f:
         c0:4e:35:78:ee:28:01:2b:33:08:64:19:23:b3:52:af:3b:47:
         3a:66:cf:c6:b8:c1:5c:5e:04:7c:97:c4:9e:09:95:1c:ba:f4:
         b9:59:cd:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcE0d1h0v3IEn3w8hIOeSxOqRoJUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMTkwNDI0MDJaFw0yNjEwMTgwNDI5MDJaMDMxMTAvBgNV
BAMTKDEyQTVFNzlBQThBOTVFMzgzOEVDMDU1QTQ2NUEwREREM0VBOTg1QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ1A7Al0poZsvWyNzD+3bhl4vk
bbVcMZ/Alf9ocfpHRDAmd+8PmdEgaq8NV9WzCC3aLaqRLqDi+NvJrjAyjFgpj+Wk
E3r9g+owKuInqxNAZO4/yBTDsw0DrRfqywY+DltGvphnv5dE9b+ybvd3cAh8F9lf
UPj/2+fpYuzIAxJvFFaxLd3XZND8XC/dou3RkCx4ukhk5T0SAnWs+s3xiIpm5lrF
5hXoQMQmXhoYop6vgUNdxkOYOJooZcPJ2e+y1umG6yb893Ko27mrvQ1bZrjymckr
QJ0Lv8LbuwmDrWiWMuKF/FwfSYmUUX5ttaB8qzH/0p4g0pO1O8fjVpvC2KrpAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUEqXnmqipXjg47AVaRloN3T6phbkwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA2NDkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhR1
g/sCAwcAKhR1hNACMA0GCSqGSIb3DQEBCwUAA4IBAQBnlTjyj3Jl0W4YmuAf+fXp
S9cLvtaqedaqC1C7iCdDXNk1T7oy2r08hysgtgPs6dbTwR5H3qTqJvQ3FzM1jllm
l+q9J3z+Oi6BInM/S9vAYO3f8Y3hVdzNhH9ypY3TZfgc2U0IXhX5Lt+w8iGT5P2A
kfSOJzgL57d4405ficJ9hGJRSvtLpiZuUnugCwMra73ntCSFQN+o7PrTxyWGn+/z
cGFYAPgj2QdN86McuLFvluaau9SDaKP2rftpE0HlBwQfnnWYvcoUFpJMuo1xQhJm
6MRTEhgcoy/ATjV47igBKzMIZBkjs1KvO0c6Zs/GuMFcXgR8l8SeCZUcuvS5Wc1I
-----END CERTIFICATE-----