Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa
File:                     AS207317.roa (raw, json)
Hash identifier:          oaRLh+KTajsdlivhboSmGbBtxnSBn194owunUskbA4k=
Subject key identifier:   62:09:FE:98:7D:C8:BF:3F:87:49:EF:C4:4F:79:B2:39:EA:9D:05:74
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7E343CCC86E54305059B84004343BBD49B56E424
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa
Signing time:             Thu 19 Jun 2025 05:46:47 +0000
ROA not before:           Thu 19 Jun 2025 05:41:47 +0000
ROA not after:            Thu 18 Jun 2026 05:46:47 +0000
asID:                     207317
IP address blocks:        2a14:7580:fff4::/48 maxlen: 48
                          2a14:7581:3400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:55:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:34:3c:cc:86:e5:43:05:05:9b:84:00:43:43:bb:d4:9b:56:e4:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 19 05:41:47 2025 GMT
            Not After : Jun 18 05:46:47 2026 GMT
        Subject: CN=6209FE987DC8BF3F8749EFC44F79B239EA9D0574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:8b:a3:32:96:a4:c9:a3:81:83:a0:ab:4e:30:
                    a1:74:83:a6:aa:93:74:29:48:ed:5b:6b:33:e4:4a:
                    ad:b0:86:88:ed:b6:84:8c:0a:f6:5b:fd:f6:56:9a:
                    19:c5:01:8b:fd:31:cc:b0:2d:45:a9:04:ec:24:30:
                    38:4d:fa:ae:2b:35:86:31:86:aa:63:7c:fd:35:c8:
                    51:eb:1e:f3:44:b1:be:1c:88:c2:dc:93:eb:59:c8:
                    b3:cd:cd:10:e4:04:c8:4c:c6:2e:91:ef:0e:41:ee:
                    1c:ea:3e:89:3e:6b:2f:58:7d:5c:da:3b:af:01:76:
                    6d:0a:35:b4:0c:b9:74:d5:0b:95:9f:7f:b7:4c:59:
                    90:a3:52:b3:7c:46:66:6a:21:ac:21:b0:2c:5e:25:
                    2a:95:b7:6f:05:d6:e1:c2:05:29:4b:50:a0:92:37:
                    eb:79:c8:4b:75:b7:8e:3d:e5:ef:e0:e3:0a:70:ea:
                    3b:ca:ad:d2:6c:41:3b:e9:82:74:ce:64:aa:7e:29:
                    14:4a:ad:bf:b5:5a:50:27:23:0f:90:98:db:11:f9:
                    6d:cf:f1:bd:23:a1:3b:e8:ad:a7:be:4c:17:70:49:
                    cd:76:69:27:67:55:da:d8:48:a9:20:66:6e:ac:a9:
                    d0:b3:72:4e:07:a2:62:c2:d9:fc:68:1c:90:d4:58:
                    19:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:09:FE:98:7D:C8:BF:3F:87:49:EF:C4:4F:79:B2:39:EA:9D:05:74
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff4::/48
                  2a14:7581:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         8b:2d:3d:20:7b:97:de:01:b1:89:06:6a:84:bd:63:bc:6a:0f:
         04:6d:64:88:ea:79:80:11:a6:fa:08:04:d3:18:2d:72:4f:18:
         35:6c:5f:d5:b9:7c:c1:cb:93:f8:60:ed:45:d5:a4:af:30:07:
         46:01:80:35:f2:a6:7a:a7:85:c2:36:fd:39:d0:85:72:2c:48:
         c6:bf:50:6c:f8:de:b2:1a:d1:36:85:f8:54:9f:0f:98:f9:90:
         a0:7c:ae:92:2e:e5:69:72:86:57:4b:75:01:44:d0:83:42:96:
         6d:4d:82:37:b7:30:ba:5d:11:56:dd:d7:b1:01:02:cc:63:25:
         84:3a:39:ef:f3:a4:90:de:6c:4d:29:d7:97:4d:35:c8:ed:c9:
         76:02:73:b9:a0:50:f9:29:35:94:3f:e6:ab:0b:dd:b9:3b:55:
         80:6e:13:6d:25:cc:88:41:4d:5b:92:22:56:4e:a1:fe:19:2a:
         f9:86:be:26:17:d5:1c:0b:b4:03:34:f4:35:24:8a:07:e0:3f:
         32:84:4c:e6:10:2a:72:4c:03:da:24:a0:90:a9:1c:b2:bb:fb:
         47:ac:73:5b:60:5c:7d:33:74:89:64:c7:49:1e:a6:37:2e:c4:
         06:92:0b:0c:a7:7e:80:c1:c5:75:1f:7c:b7:ba:b0:38:03:24:
         93:5c:ad:a2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUfjQ8zIblQwUFm4QAQ0O71JtW5CQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MTkwNTQxNDdaFw0yNjA2MTgwNTQ2NDdaMDMxMTAvBgNV
BAMTKDYyMDlGRTk4N0RDOEJGM0Y4NzQ5RUZDNDRGNzlCMjM5RUE5RDA1NzQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMi6MylqTJo4GDoKtOMKF0g6aq
k3QpSO1bazPkSq2whojttoSMCvZb/fZWmhnFAYv9McywLUWpBOwkMDhN+q4rNYYx
hqpjfP01yFHrHvNEsb4ciMLck+tZyLPNzRDkBMhMxi6R7w5B7hzqPok+ay9YfVza
O68Bdm0KNbQMuXTVC5Wff7dMWZCjUrN8RmZqIawhsCxeJSqVt28F1uHCBSlLUKCS
N+t5yEt1t4495e/g4wpw6jvKrdJsQTvpgnTOZKp+KRRKrb+1WlAnIw+QmNsR+W3P
8b0joTvorae+TBdwSc12aSdnVdrYSKkgZm6sqdCzck4HomLC2fxoHJDUWBl1AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUYgn+mH3Ivz+HSe/ET3myOeqdBXQwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3MzE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhR1
gP/0AwYAKhR1gTQwDQYJKoZIhvcNAQELBQADggEBAIstPSB7l94BsYkGaoS9Y7xq
DwRtZIjqeYARpvoIBNMYLXJPGDVsX9W5fMHLk/hg7UXVpK8wB0YBgDXypnqnhcI2
/TnQhXIsSMa/UGz43rIa0TaF+FSfD5j5kKB8rpIu5WlyhldLdQFE0INClm1Ngje3
MLpdEVbd17EBAsxjJYQ6Oe/zpJDebE0p15dNNcjtyXYCc7mgUPkpNZQ/5qsL3bk7
VYBuE20lzIhBTVuSIlZOof4ZKvmGviYX1RwLtAM09DUkigfgPzKETOYQKnJMA9ok
oJCpHLK7+0esc1tgXH0zdIlkx0kepjcuxAaSCwynfoDBxXUffLe6sDgDJJNcraI=
-----END CERTIFICATE-----