Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205489.roa
File:                     AS205489.roa (raw, json)
Hash identifier:          6+D7ZlhH18xkxSQlmHcOJbUrn5aOKycfDoApUw3aa7U=
Subject key identifier:   A4:F0:7D:7B:30:7E:5F:90:1F:69:A4:06:68:E7:54:68:46:FF:0A:6C
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0699E5224F44BD4C56BB78F1CB746FBDD7BB393C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205489.roa
Signing time:             Mon 16 Mar 2026 23:08:12 +0000
ROA not before:           Mon 16 Mar 2026 23:03:12 +0000
ROA not after:            Mon 15 Mar 2027 23:08:12 +0000
asID:                     205489
IP address blocks:        141.11.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:49:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:99:e5:22:4f:44:bd:4c:56:bb:78:f1:cb:74:6f:bd:d7:bb:39:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 16 23:03:12 2026 GMT
            Not After : Mar 15 23:08:12 2027 GMT
        Subject: CN=A4F07D7B307E5F901F69A40668E7546846FF0A6C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f8:93:31:97:bd:a1:e5:b4:a0:85:80:c4:86:
                    47:83:03:13:21:7f:73:89:60:5b:d0:ae:cc:eb:52:
                    38:c2:47:55:39:ef:c0:02:80:cf:cc:fd:4e:2f:37:
                    ed:aa:6f:08:02:84:3d:49:71:4a:96:a0:08:94:33:
                    99:10:1e:f9:4e:50:54:2c:7d:cc:ba:e1:3f:4e:c2:
                    2a:95:04:f1:6c:9f:50:03:f5:9a:ea:0f:53:c7:94:
                    0d:de:6c:0e:de:a9:14:ca:7c:c0:1d:ab:76:60:8f:
                    f5:23:de:39:2d:1d:3a:96:00:92:75:c3:fc:39:ab:
                    c2:55:df:9d:87:f0:e0:b5:0b:5d:38:89:d6:2a:55:
                    81:9a:4f:7e:d3:47:16:f8:8e:ef:96:93:7c:bd:11:
                    bb:7d:11:47:5a:1a:38:ba:8a:b3:9b:39:8e:35:89:
                    ba:49:7c:85:69:b0:bb:54:96:88:c2:a5:4b:dc:e6:
                    21:65:42:2d:74:2c:7c:bf:cf:f1:e2:e6:ca:8b:58:
                    4e:40:65:f1:3c:29:a4:f7:c4:88:01:34:0a:2f:e9:
                    8e:11:42:b8:15:74:dc:cb:27:77:9d:10:b3:2d:4d:
                    9f:ae:75:26:83:54:2b:31:0a:d1:48:37:aa:68:a3:
                    4b:1d:10:8d:c5:bb:a0:45:33:0c:65:3f:24:c6:8b:
                    14:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F0:7D:7B:30:7E:5F:90:1F:69:A4:06:68:E7:54:68:46:FF:0A:6C
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205489.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:0c:71:ce:ba:5d:19:e3:d1:4a:61:51:7b:03:03:1c:cb:6b:
         67:cc:90:90:95:61:6f:2c:d3:95:8a:79:cf:61:5b:8c:e4:4c:
         ab:75:a6:42:9f:8a:3a:77:91:b9:68:d7:d9:54:fc:ed:34:c2:
         4f:62:d4:88:58:64:ed:21:c9:27:fa:56:93:6d:e3:7f:de:f2:
         38:aa:ec:5d:52:3d:08:78:46:c8:bf:e3:07:64:de:8e:c1:ea:
         a5:80:40:17:b2:a9:d3:94:08:c9:8e:0f:54:3c:af:77:7b:ce:
         c7:b1:51:57:ea:42:8e:f3:5b:85:34:d5:56:8d:af:d5:53:e9:
         40:29:fc:5e:5a:8a:39:31:ef:6b:f7:40:ed:37:f0:d1:dc:55:
         26:9f:f7:81:05:82:40:3a:84:78:17:e2:80:65:ba:74:fd:77:
         19:ad:2e:71:bb:22:b3:8c:6d:1c:34:ef:66:22:93:39:38:60:
         10:35:df:9d:30:54:21:97:7e:f6:7d:88:1a:8a:1f:3c:86:6f:
         2a:b1:96:4b:51:bf:ec:8f:a3:09:62:b9:46:a5:63:07:93:cb:
         3b:4f:f0:32:22:13:5e:a4:51:cf:fc:04:62:52:7d:cb:74:75:
         19:3d:01:70:07:b1:10:82:f9:95:74:86:55:18:1d:41:86:d8:
         d7:99:61:85
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUBpnlIk9EvUxWu3jxy3Rvvde7OTwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMTYyMzAzMTJaFw0yNzAzMTUyMzA4MTJaMDMxMTAvBgNV
BAMTKEE0RjA3RDdCMzA3RTVGOTAxRjY5QTQwNjY4RTc1NDY4NDZGRjBBNkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3+JMxl72h5bSghYDEhkeDAxMh
f3OJYFvQrszrUjjCR1U578ACgM/M/U4vN+2qbwgChD1JcUqWoAiUM5kQHvlOUFQs
fcy64T9OwiqVBPFsn1AD9ZrqD1PHlA3ebA7eqRTKfMAdq3Zgj/Uj3jktHTqWAJJ1
w/w5q8JV352H8OC1C104idYqVYGaT37TRxb4ju+Wk3y9Ebt9EUdaGji6irObOY41
ibpJfIVpsLtUlojCpUvc5iFlQi10LHy/z/Hi5sqLWE5AZfE8KaT3xIgBNAov6Y4R
QrgVdNzLJ3edELMtTZ+udSaDVCsxCtFIN6poo0sdEI3Fu6BFMwxlPyTGixSFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpPB9ezB+X5AfaaQGaOdUaEb/CmwwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1NDg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQu4
MA0GCSqGSIb3DQEBCwUAA4IBAQAwDHHOul0Z49FKYVF7AwMcy2tnzJCQlWFvLNOV
innPYVuM5EyrdaZCn4o6d5G5aNfZVPztNMJPYtSIWGTtIckn+laTbeN/3vI4quxd
Uj0IeEbIv+MHZN6OweqlgEAXsqnTlAjJjg9UPK93e87HsVFX6kKO81uFNNVWja/V
U+lAKfxeWoo5Me9r90DtN/DR3FUmn/eBBYJAOoR4F+KAZbp0/XcZrS5xuyKzjG0c
NO9mIpM5OGAQNd+dMFQhl372fYgaih88hm8qsZZLUb/sj6MJYrlGpWMHk8s7T/Ay
IhNepFHP/ARiUn3LdHUZPQFwB7EQgvmVdIZVGB1BhtjXmWGF
-----END CERTIFICATE-----