Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa
File:                     AS207427.roa (raw, json)
Hash identifier:          pqb20ksKq+dGmB6937/zButjqTmkm/zbxt36lx5b/3I=
Subject key identifier:   FE:03:70:47:47:EE:BD:D5:26:4E:BE:33:32:FC:F5:9B:DE:38:6A:F8
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       29C35B809DAD14E6BE08583944B59977FF4DD3EB
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa
Signing time:             Thu 05 Jun 2025 16:19:38 +0000
ROA not before:           Thu 05 Jun 2025 16:14:38 +0000
ROA not after:            Thu 04 Jun 2026 16:19:38 +0000
asID:                     207427
IP address blocks:        2a14:7580:300::/40 maxlen: 48
                          2a14:7580:fff2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:c3:5b:80:9d:ad:14:e6:be:08:58:39:44:b5:99:77:ff:4d:d3:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  5 16:14:38 2025 GMT
            Not After : Jun  4 16:19:38 2026 GMT
        Subject: CN=FE03704747EEBDD5264EBE3332FCF59BDE386AF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3e:0d:56:89:17:b0:9b:4f:e1:fb:cd:a6:33:
                    0b:5c:10:7d:e3:ac:e7:44:4c:9c:4b:f8:8c:c0:75:
                    71:53:db:38:6b:15:82:51:a8:8f:bb:c4:e3:4c:ab:
                    6f:bc:89:ec:8a:c2:55:e5:77:a6:02:7a:df:f3:44:
                    e7:04:8f:39:44:44:c9:bd:64:3f:8b:ad:49:3d:00:
                    5e:a9:c4:aa:08:80:fe:f3:02:3d:77:d1:1f:e4:c9:
                    ef:f5:f6:d5:ac:42:21:0a:7f:9b:34:78:2a:0b:5f:
                    2d:27:ec:63:2a:91:7d:49:dc:db:4d:26:91:36:98:
                    e6:bd:37:16:72:2b:58:76:b5:ad:68:02:89:53:6b:
                    ce:cd:7b:af:ee:b2:d7:81:5d:b3:b2:a7:13:b8:5d:
                    89:24:ce:d8:31:e4:c1:42:8f:42:62:8f:34:1e:84:
                    e1:1b:50:61:a5:d4:d2:b2:35:9b:76:69:13:ba:75:
                    61:ef:cb:cd:81:11:c4:42:fc:93:3d:35:84:ff:0c:
                    1b:18:a5:8f:75:6d:db:0d:c3:ff:d0:db:11:f3:8f:
                    b6:ef:d1:2e:3d:3e:fc:b6:9d:83:47:ba:4c:77:8d:
                    6b:87:8e:48:52:97:4a:30:d6:73:30:69:65:b6:a6:
                    a1:49:d1:2f:03:f7:80:0d:ef:c4:f9:fc:17:ca:a0:
                    84:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:03:70:47:47:EE:BD:D5:26:4E:BE:33:32:FC:F5:9B:DE:38:6A:F8
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:300::/40
                  2a14:7580:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:04:7a:dc:21:09:30:e8:c2:dd:e5:90:c3:b1:8c:b9:bd:bf:
         d2:a1:ec:aa:f9:97:17:c9:ec:37:65:cf:73:a3:17:97:f4:7e:
         38:84:97:8d:88:55:9d:3a:91:e1:dd:db:e4:79:8d:8a:04:b4:
         01:64:8c:6a:86:b6:26:6b:40:6f:12:cc:1c:b6:b1:95:3b:0f:
         87:b3:8b:7e:78:cb:6b:d9:a8:38:10:b9:be:01:bf:10:d6:70:
         49:fc:d3:8e:af:97:11:d7:af:7a:5e:6c:c0:75:3f:20:d4:fd:
         64:7c:b6:0b:a1:9f:26:d2:ff:1d:59:c8:18:5e:2f:ad:05:3e:
         4d:72:b4:d8:f3:ef:6d:67:54:c1:34:58:ae:3c:b2:a3:76:15:
         5b:ef:40:c2:99:c0:dc:9b:f7:a1:a7:02:e3:d3:07:19:0c:86:
         36:20:2c:ee:7c:4e:9f:fe:63:92:08:28:0d:eb:db:96:86:23:
         45:22:b6:8d:c2:9b:0e:d6:72:17:80:fd:66:7f:fc:a2:64:17:
         1d:38:d7:e0:fa:7d:61:03:9d:ec:82:5a:2d:da:19:db:84:cf:
         28:9b:d0:68:76:0b:90:95:db:21:54:8a:ef:2a:de:2c:7c:80:
         2c:fc:e9:db:63:96:cf:d0:e4:cf:bd:6c:ca:e1:08:5f:c6:af:
         b9:62:22:6b
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUKcNbgJ2tFOa+CFg5RLWZd/9N0+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MDUxNjE0MzhaFw0yNjA2MDQxNjE5MzhaMDMxMTAvBgNV
BAMTKEZFMDM3MDQ3NDdFRUJERDUyNjRFQkUzMzMyRkNGNTlCREUzODZBRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Pg1WiRewm0/h+82mMwtcEH3j
rOdETJxL+IzAdXFT2zhrFYJRqI+7xONMq2+8ieyKwlXld6YCet/zROcEjzlERMm9
ZD+LrUk9AF6pxKoIgP7zAj130R/kye/19tWsQiEKf5s0eCoLXy0n7GMqkX1J3NtN
JpE2mOa9NxZyK1h2ta1oAolTa87Ne6/usteBXbOypxO4XYkkztgx5MFCj0JijzQe
hOEbUGGl1NKyNZt2aRO6dWHvy82BEcRC/JM9NYT/DBsYpY91bdsNw//Q2xHzj7bv
0S49Pvy2nYNHukx3jWuHjkhSl0ow1nMwaWW2pqFJ0S8D94AN78T5/BfKoIQLAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU/gNwR0fuvdUmTr4zMvz1m944avgwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3NDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhR1
gAMDBwAqFHWA//IwDQYJKoZIhvcNAQELBQADggEBAH8EetwhCTDowt3lkMOxjLm9
v9Kh7Kr5lxfJ7Ddlz3OjF5f0fjiEl42IVZ06keHd2+R5jYoEtAFkjGqGtiZrQG8S
zBy2sZU7D4ezi354y2vZqDgQub4BvxDWcEn8046vlxHXr3pebMB1PyDU/WR8tguh
nybS/x1ZyBheL60FPk1ytNjz721nVME0WK48sqN2FVvvQMKZwNyb96GnAuPTBxkM
hjYgLO58Tp/+Y5IIKA3r25aGI0Uito3Cmw7WcheA/WZ//KJkFx041+D6fWEDneyC
Wi3aGduEzyib0Gh2C5CV2yFUiu8q3ix8gCz86dtjls/Q5M+9bMrhCF/Gr7liIms=
-----END CERTIFICATE-----