Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206540.roa
File:                     AS206540.roa (raw, json)
Hash identifier:          MyJ/vmK8++FCn5DDC7PYHB0lgzDX72+5Z8Us7Q+K0+c=
Subject key identifier:   C2:7C:31:44:26:90:42:B8:C1:A4:14:0A:3E:D0:F4:CF:18:2C:30:75
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       300283ED5C1DC8A64CE5A756458BAA0548B43FFB
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206540.roa
Signing time:             Thu 02 Oct 2025 09:44:06 +0000
ROA not before:           Thu 02 Oct 2025 09:39:06 +0000
ROA not after:            Thu 01 Oct 2026 09:44:06 +0000
asID:                     206540
IP address blocks:        2a14:7580:ffb0::/44 maxlen: 48
                          2a14:7580:ffc0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:02:83:ed:5c:1d:c8:a6:4c:e5:a7:56:45:8b:aa:05:48:b4:3f:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Oct  2 09:39:06 2025 GMT
            Not After : Oct  1 09:44:06 2026 GMT
        Subject: CN=C27C3144269042B8C1A4140A3ED0F4CF182C3075
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:63:fd:91:0e:55:1f:80:a7:ee:be:e5:fa:5c:
                    87:a3:b0:98:0b:e3:f8:29:9b:71:92:d5:fc:32:fb:
                    d0:07:b1:b6:41:ff:a2:13:c7:d0:7a:b9:e8:3e:04:
                    56:9c:94:0f:d0:cb:ef:45:a6:df:3b:9e:85:e2:a9:
                    85:2b:e0:41:b3:a6:51:5b:da:90:51:ab:60:30:21:
                    4d:3e:a9:91:ee:25:5f:79:13:47:22:a6:33:76:76:
                    22:85:28:86:80:df:46:ac:62:02:c3:e2:6d:d3:28:
                    d7:ef:74:d9:36:53:9a:99:ae:1d:28:09:d7:67:d3:
                    60:fc:90:cb:de:91:36:39:f9:90:96:69:14:4f:b9:
                    71:9b:78:d8:24:58:72:fc:5f:26:81:9e:e1:1f:40:
                    7d:d7:d6:ab:c6:c9:fa:5c:70:02:c5:3a:fc:32:a7:
                    fb:65:a5:52:62:d4:9d:d7:ba:ac:f7:15:00:a4:c9:
                    ed:b7:17:22:d7:ac:5a:21:75:c2:29:e8:48:06:34:
                    21:33:96:35:0a:81:ca:55:bd:ee:12:87:a2:7d:06:
                    0f:de:b7:4f:95:65:dc:5b:c4:cb:e8:af:63:18:59:
                    35:93:05:47:c9:ad:eb:1d:cc:a2:95:34:34:0d:81:
                    f1:e7:b1:7c:28:c4:59:55:0f:5f:da:fd:83:3d:a4:
                    56:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:7C:31:44:26:90:42:B8:C1:A4:14:0A:3E:D0:F4:CF:18:2C:30:75
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206540.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:ffb0::-2a14:7580:ffcf:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6e:3c:d7:81:29:fc:aa:02:74:3e:00:3e:64:15:c8:b9:74:04:
         4f:b0:58:3c:28:cd:73:a9:02:8a:49:eb:03:1b:8f:e6:2b:c6:
         32:86:9f:74:c5:19:dc:0b:b4:2d:ec:5d:1b:88:91:d5:38:4a:
         95:78:9f:58:54:af:ed:c4:f3:26:de:bf:fe:a4:82:27:3a:e6:
         48:61:d8:7f:5a:bd:d5:05:f3:c6:39:b2:a4:68:de:fe:a2:b0:
         51:e8:9e:b6:47:d7:bc:a1:9c:db:1e:3e:7a:0c:5d:10:d9:2c:
         12:de:c9:c1:78:c7:61:e6:fe:3f:75:a9:a5:59:31:a9:0d:bd:
         63:70:09:a2:69:0d:a9:a9:8d:b4:87:c2:9d:2e:ad:2d:74:71:
         2e:33:f6:84:3c:57:b9:dc:38:20:cc:39:1c:bc:3e:19:11:ee:
         31:b7:f5:11:d8:e7:9d:03:c1:1d:9a:60:a2:8e:52:a3:57:3f:
         b4:c8:b9:6c:3c:e8:95:cd:82:0c:fc:e4:3d:dd:d1:45:3e:c0:
         4a:bc:fb:1a:dc:5c:34:02:a2:b0:fe:4c:86:65:27:04:db:a3:
         1a:2c:9d:fb:85:a1:6d:46:ae:32:cf:56:3e:fc:ed:9f:af:96:
         9f:d0:df:b3:4f:06:e6:dd:fc:13:b8:c5:a0:da:85:fc:d3:8b:
         34:18:49:bf
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgIUMAKD7VwdyKZM5adWRYuqBUi0P/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTEwMDIwOTM5MDZaFw0yNjEwMDEwOTQ0MDZaMDMxMTAvBgNV
BAMTKEMyN0MzMTQ0MjY5MDQyQjhDMUE0MTQwQTNFRDBGNENGMTgyQzMwNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfY/2RDlUfgKfuvuX6XIejsJgL
4/gpm3GS1fwy+9AHsbZB/6ITx9B6ueg+BFaclA/Qy+9Fpt87noXiqYUr4EGzplFb
2pBRq2AwIU0+qZHuJV95E0cipjN2diKFKIaA30asYgLD4m3TKNfvdNk2U5qZrh0o
Cddn02D8kMvekTY5+ZCWaRRPuXGbeNgkWHL8XyaBnuEfQH3X1qvGyfpccALFOvwy
p/tlpVJi1J3Xuqz3FQCkye23FyLXrFohdcIp6EgGNCEzljUKgcpVve4Sh6J9Bg/e
t0+VZdxbxMvor2MYWTWTBUfJresdzKKVNDQNgfHnsXwoxFlVD1/a/YM9pFZjAgMB
AAGjggIYMIICFDAdBgNVHQ4EFgQUwnwxRCaQQrjBpBQKPtD0zxgsMHUwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA2NTQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQq
FHWA/7ADBwQqFHWA/8AwDQYJKoZIhvcNAQELBQADggEBAG4814Ep/KoCdD4APmQV
yLl0BE+wWDwozXOpAopJ6wMbj+YrxjKGn3TFGdwLtC3sXRuIkdU4SpV4n1hUr+3E
8ybev/6kgic65khh2H9avdUF88Y5sqRo3v6isFHonrZH17yhnNsePnoMXRDZLBLe
ycF4x2Hm/j91qaVZMakNvWNwCaJpDampjbSHwp0urS10cS4z9oQ8V7ncOCDMORy8
PhkR7jG39RHY550DwR2aYKKOUqNXP7TIuWw86JXNggz85D3d0UU+wEq8+xrcXDQC
orD+TIZlJwTboxosnfuFoW1GrjLPVj787Z+vlp/Q37NPBubd/BO4xaDahfzTizQY
Sb8=
-----END CERTIFICATE-----