Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS207121.roa
File:                     AS207121.roa (raw, json)
Hash identifier:          S1QkBkuJqIW0Alj9X5uDT+iOv0FKf64hTrYQwMRQdiA=
Subject key identifier:   58:DE:15:43:D4:E4:E9:E5:10:86:D2:4F:78:71:73:FA:D8:86:E8:B7
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       501CBE5014E5C839198F0E37C7080B8A80797B6E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS207121.roa
Signing time:             Wed 25 Jun 2025 19:03:33 +0000
ROA not before:           Wed 25 Jun 2025 18:58:33 +0000
ROA not after:            Wed 24 Jun 2026 19:03:33 +0000
asID:                     207121
IP address blocks:        193.38.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:1c:be:50:14:e5:c8:39:19:8f:0e:37:c7:08:0b:8a:80:79:7b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jun 25 18:58:33 2025 GMT
            Not After : Jun 24 19:03:33 2026 GMT
        Subject: CN=58DE1543D4E4E9E51086D24F787173FAD886E8B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:94:24:f0:66:80:fe:85:ee:b1:7d:4c:cb:00:
                    45:a9:08:40:35:bc:1c:b6:d9:ac:0d:87:23:18:8a:
                    62:b0:fd:0a:b1:77:c0:a5:9a:e0:46:f0:92:96:ad:
                    9d:0a:96:27:fb:4d:a7:d6:ad:fc:87:1a:44:76:df:
                    94:a3:7b:35:a2:a2:ab:c0:f8:20:31:00:2c:a5:76:
                    bf:99:4f:7e:c4:a3:32:44:37:fb:99:3a:da:1c:75:
                    62:95:44:52:e9:92:94:7c:6e:69:93:ef:c3:3d:6f:
                    8d:c9:3e:e3:36:00:94:60:84:79:23:31:bb:c3:b9:
                    d7:7d:c0:e1:3c:b2:64:eb:7e:46:fb:80:3b:f6:af:
                    74:3a:15:ae:9c:2e:00:c3:76:10:f8:3c:f3:89:c9:
                    5e:36:d4:eb:e9:50:5f:ba:27:65:eb:5b:63:61:a2:
                    68:04:76:27:a0:97:47:45:7a:8b:b1:4e:35:0c:bb:
                    c0:3e:aa:b8:f1:38:62:3e:89:34:97:7d:89:26:20:
                    d0:42:f6:ed:f7:a3:b6:98:12:1f:76:9c:71:fa:aa:
                    54:fb:c9:e0:25:6f:ee:ec:4b:30:61:fe:7d:31:5b:
                    55:9f:0e:a8:e9:b0:25:2f:0d:fb:43:32:28:7d:e0:
                    28:6d:da:14:68:79:f5:e0:1e:90:db:08:f6:7b:62:
                    d2:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:DE:15:43:D4:E4:E9:E5:10:86:D2:4F:78:71:73:FA:D8:86:E8:B7
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS207121.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.38.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:af:7c:48:a1:58:0c:90:aa:2b:69:14:a0:62:6b:6e:c3:f8:
         61:f6:33:82:6f:33:89:6b:d0:cf:64:1a:89:02:96:68:b4:65:
         c4:bb:56:8a:1f:8e:a0:0a:18:68:f3:8b:b6:1f:14:4d:51:92:
         40:cb:e7:2c:f6:07:c2:ea:44:4c:4b:08:00:fb:65:52:a8:b9:
         35:8b:d3:51:44:4b:09:3e:c9:ec:c0:bb:0c:d5:d0:7e:3e:42:
         c3:da:f1:5b:25:60:cf:3c:f6:2f:cb:2f:0b:26:bb:6e:37:dc:
         34:45:5e:a7:e8:87:5f:bc:f6:66:8f:75:bb:64:44:52:90:23:
         f7:b4:62:27:0b:aa:05:d7:be:60:7f:ab:e0:02:8f:a7:b8:1c:
         8f:49:c7:b3:31:67:42:ac:3d:e7:ac:01:b6:0c:25:61:54:ba:
         58:e1:c6:1e:42:bb:df:ea:a5:2b:e4:e8:bf:18:63:74:d9:9d:
         95:03:e6:4f:4e:8a:4d:d6:49:8d:cb:56:8d:c3:e6:e5:d6:b2:
         7c:08:c0:21:37:26:c0:e8:24:46:3a:0a:6a:1b:19:28:55:2a:
         31:df:51:2b:9e:ba:d6:0c:13:85:d8:ae:03:76:7b:de:64:fc:
         54:f8:37:f6:c5:07:63:2e:0d:a2:71:59:35:c3:d6:23:30:4a:
         f3:4b:90:5b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUBy+UBTlyDkZjw43xwgLioB5e24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA2MjUxODU4MzNaFw0yNjA2MjQxOTAzMzNaMDMxMTAvBgNV
BAMTKDU4REUxNTQzRDRFNEU5RTUxMDg2RDI0Rjc4NzE3M0ZBRDg4NkU4QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwlCTwZoD+he6xfUzLAEWpCEA1
vBy22awNhyMYimKw/Qqxd8ClmuBG8JKWrZ0Klif7TafWrfyHGkR235SjezWioqvA
+CAxACyldr+ZT37EozJEN/uZOtocdWKVRFLpkpR8bmmT78M9b43JPuM2AJRghHkj
MbvDudd9wOE8smTrfkb7gDv2r3Q6Fa6cLgDDdhD4PPOJyV421OvpUF+6J2XrW2Nh
omgEdiegl0dFeouxTjUMu8A+qrjxOGI+iTSXfYkmINBC9u33o7aYEh92nHH6qlT7
yeAlb+7sSzBh/n0xW1WfDqjpsCUvDftDMih94Cht2hRoefXgHpDbCPZ7YtJHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWN4VQ9Tk6eUQhtJPeHFz+tiG6LcwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA3MTIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSYu
MA0GCSqGSIb3DQEBCwUAA4IBAQCHr3xIoVgMkKoraRSgYmtuw/hh9jOCbzOJa9DP
ZBqJApZotGXEu1aKH46gChho84u2HxRNUZJAy+cs9gfC6kRMSwgA+2VSqLk1i9NR
REsJPsnswLsM1dB+PkLD2vFbJWDPPPYvyy8LJrtuN9w0RV6n6IdfvPZmj3W7ZERS
kCP3tGInC6oF175gf6vgAo+nuByPScezMWdCrD3nrAG2DCVhVLpY4cYeQrvf6qUr
5Oi/GGN02Z2VA+ZPTopN1kmNy1aNw+bl1rJ8CMAhNybA6CRGOgpqGxkoVSox31Er
nrrWDBOF2K4DdnveZPxU+Df2xQdjLg2icVk1w9YjMErzS5Bb
-----END CERTIFICATE-----