Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa
File:                     AS207427.roa (raw, json)
Hash identifier:          9rzsxdP1TA7CcY5yqS7nAVsjati6ytWK1uMbxhIfP10=
Subject key identifier:   05:A3:4E:58:ED:93:75:AB:BD:EF:6C:63:9E:D4:D3:B3:9E:C4:81:8B
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       20A9EF5790698BCF6054932154F775137A315257
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa
Signing time:             Thu 07 May 2026 17:16:03 +0000
ROA not before:           Thu 07 May 2026 17:11:03 +0000
ROA not after:            Thu 06 May 2027 17:16:03 +0000
asID:                     207427
IP address blocks:        2a14:7580:300::/40 maxlen: 48
                          2a14:7580:fff2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:a9:ef:57:90:69:8b:cf:60:54:93:21:54:f7:75:13:7a:31:52:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May  7 17:11:03 2026 GMT
            Not After : May  6 17:16:03 2027 GMT
        Subject: CN=05A34E58ED9375ABBDEF6C639ED4D3B39EC4818B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:61:43:c4:fc:cf:88:c9:4e:75:fa:cc:90:5c:
                    1b:ec:b7:37:00:01:cd:4b:e8:de:09:13:a7:42:9c:
                    d9:9a:62:ad:27:d0:4a:de:a9:c6:48:11:f3:fc:9c:
                    cf:57:d8:f1:62:ab:15:9f:28:89:7a:35:db:84:fb:
                    32:f6:2b:38:59:60:36:79:7d:f0:68:3b:48:76:c3:
                    ac:14:d9:6e:47:1f:39:1e:6b:e5:a5:fb:1e:77:05:
                    6d:24:ed:2e:7c:d5:dc:2b:92:b1:27:db:89:8c:ea:
                    e7:52:41:d8:92:b0:ec:23:39:ff:2d:0d:8f:cd:da:
                    8e:41:14:17:d2:4d:b4:cc:e0:39:54:87:2e:8e:48:
                    2f:f8:e6:6d:21:e7:c2:85:e6:f3:f5:17:8d:6a:a7:
                    6d:01:0d:3c:68:71:d3:78:df:26:1b:7d:b6:5e:0c:
                    1a:f2:d7:93:0b:dd:a5:c7:07:d4:53:ba:c0:e8:32:
                    0c:78:1d:ce:b1:a9:b0:ad:df:0d:73:8c:c8:a3:75:
                    13:8b:eb:57:f9:33:de:0e:80:55:cc:59:f9:db:43:
                    50:9b:91:f9:fb:bd:10:f9:a6:97:33:2a:8e:89:2d:
                    c0:c1:a1:d3:92:41:33:05:0a:95:fc:f1:01:a8:98:
                    40:16:e3:60:a3:44:24:a3:95:5c:f5:62:ed:c2:1d:
                    cd:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:A3:4E:58:ED:93:75:AB:BD:EF:6C:63:9E:D4:D3:B3:9E:C4:81:8B
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:300::/40
                  2a14:7580:fff2::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:77:87:aa:33:92:67:3b:c2:da:e9:07:26:dd:2c:4d:e1:ab:
         96:9e:98:0e:7c:9d:cd:d6:6f:13:5b:67:1e:56:da:e6:33:de:
         79:9c:cd:06:5b:90:79:7e:c7:8d:ac:c5:bf:b7:b2:22:74:c6:
         e8:86:c5:7d:1b:bf:a2:7d:8e:d4:49:90:d3:8d:50:3e:4a:6b:
         81:16:72:13:81:0a:df:0a:d8:21:2c:cc:4c:df:f8:d3:9a:2a:
         54:1e:9b:58:50:00:a1:78:04:86:91:1a:83:cd:81:b6:7d:d5:
         3b:22:a2:73:46:48:24:23:45:72:d3:89:3e:d9:6d:36:29:14:
         8e:07:90:e1:86:6b:40:42:9b:bb:4c:09:a9:aa:39:47:88:9a:
         d6:86:a3:51:fc:da:b0:f0:88:53:96:1e:55:f7:85:41:be:98:
         dc:74:15:dc:e7:ca:86:1c:07:61:eb:92:eb:ff:16:d7:7b:70:
         fc:d3:c0:f9:dd:d6:68:06:d0:49:20:b5:54:50:01:a2:36:5d:
         f1:47:fa:b0:5f:cf:0d:fd:84:a3:be:4f:b0:91:e4:7f:06:b4:
         ef:db:7d:57:40:47:f5:94:0c:4c:6b:0e:10:ac:ba:f2:d4:c4:
         2c:c7:70:f2:4c:ee:72:22:d3:8b:bf:be:4b:28:e2:d4:be:45:
         3a:96:cc:82
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIKnvV5Bpi89gVJMhVPd1E3oxUlcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MDcxNzExMDNaFw0yNzA1MDYxNzE2MDNaMDMxMTAvBgNV
BAMTKDA1QTM0RTU4RUQ5Mzc1QUJCREVGNkM2MzlFRDREM0IzOUVDNDgxOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2YUPE/M+IyU51+syQXBvstzcA
Ac1L6N4JE6dCnNmaYq0n0EreqcZIEfP8nM9X2PFiqxWfKIl6NduE+zL2KzhZYDZ5
ffBoO0h2w6wU2W5HHzkea+Wl+x53BW0k7S581dwrkrEn24mM6udSQdiSsOwjOf8t
DY/N2o5BFBfSTbTM4DlUhy6OSC/45m0h58KF5vP1F41qp20BDTxocdN43yYbfbZe
DBry15ML3aXHB9RTusDoMgx4Hc6xqbCt3w1zjMijdROL61f5M94OgFXMWfnbQ1Cb
kfn7vRD5ppczKo6JLcDBodOSQTMFCpX88QGomEAW42CjRCSjlVz1Yu3CHc2tAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUBaNOWO2Tdau972xjntTTs57EgYswHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3NDI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhR1
gAMDBwAqFHWA//IwDQYJKoZIhvcNAQELBQADggEBAH93h6ozkmc7wtrpBybdLE3h
q5aemA58nc3WbxNbZx5W2uYz3nmczQZbkHl+x42sxb+3siJ0xuiGxX0bv6J9jtRJ
kNONUD5Ka4EWchOBCt8K2CEszEzf+NOaKlQem1hQAKF4BIaRGoPNgbZ91TsionNG
SCQjRXLTiT7ZbTYpFI4HkOGGa0BCm7tMCamqOUeImtaGo1H82rDwiFOWHlX3hUG+
mNx0FdznyoYcB2Hrkuv/Ftd7cPzTwPnd1mgG0EkgtVRQAaI2XfFH+rBfzw39hKO+
T7CR5H8GtO/bfVdAR/WUDExrDhCsuvLUxCzHcPJM7nIi04u/vkso4tS+RTqWzII=
-----END CERTIFICATE-----