Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
File:                     AS205684.roa (raw, json)
Hash identifier:          t9dTu28VqxKdc97WXO7vxdfyL4M/LYFSoi4PUpmVQdk=
Subject key identifier:   18:2B:DE:6E:C1:56:C6:AD:94:53:6A:B8:06:32:D4:24:79:B3:84:9A
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6320EEA4EA56BA0C7FDBED90F9658B262EE85834
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa
Signing time:             Tue 30 Sep 2025 15:55:07 +0000
ROA not before:           Tue 30 Sep 2025 15:50:07 +0000
ROA not after:            Tue 29 Sep 2026 15:55:07 +0000
asID:                     205684
IP address blocks:        141.11.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:20:ee:a4:ea:56:ba:0c:7f:db:ed:90:f9:65:8b:26:2e:e8:58:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 30 15:50:07 2025 GMT
            Not After : Sep 29 15:55:07 2026 GMT
        Subject: CN=182BDE6EC156C6AD94536AB80632D42479B3849A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:41:0a:b7:dc:0c:d1:cd:41:47:b2:be:a6:a4:
                    f9:5f:cc:cb:88:0e:e6:63:ba:3e:bf:0d:ea:99:d1:
                    78:3b:b6:b7:ea:60:2f:1a:6c:50:35:c3:e5:8c:aa:
                    0e:f9:4c:e0:3b:ac:d2:e7:42:c3:4f:ad:07:00:78:
                    05:8c:40:0f:a0:b7:96:7a:fd:a5:9c:e5:84:36:ae:
                    c0:b9:fc:ca:82:ed:1d:72:e7:a6:d2:0e:01:a8:38:
                    fc:f1:41:5e:4c:86:f1:1e:4f:f8:8f:4b:79:e4:09:
                    f6:21:fa:5f:c5:7b:c4:e6:50:bc:10:5d:f1:9b:64:
                    a7:1e:2f:f0:7f:9c:80:e7:4b:59:52:9f:46:ab:b7:
                    43:d5:69:70:1b:6d:86:5c:55:dd:a6:47:66:ed:07:
                    b1:7a:fa:6d:59:b8:f0:bc:fc:ae:a8:21:bb:6f:3b:
                    d1:fd:e6:25:42:a6:28:53:e1:00:d0:6f:5e:6b:6f:
                    89:2b:10:a7:44:95:9a:15:4d:49:68:a0:3c:36:c6:
                    d7:32:e0:ea:f5:11:e5:fe:39:02:da:b4:c3:17:29:
                    a4:40:82:b4:15:95:5a:fe:38:64:ae:fe:ef:44:27:
                    85:b3:79:a3:25:07:a5:5d:1a:cb:5b:49:f7:09:df:
                    27:ae:15:54:4f:df:54:de:67:3a:61:79:4f:67:d2:
                    c4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:2B:DE:6E:C1:56:C6:AD:94:53:6A:B8:06:32:D4:24:79:B3:84:9A
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205684.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:50:b0:a6:31:96:d5:32:50:0c:77:db:8f:a3:4a:d4:f2:55:
         56:f7:19:07:b7:04:bf:79:bc:4a:47:78:84:d4:14:e8:74:df:
         3d:ff:ea:3a:cc:24:3a:69:ff:df:e5:e9:c8:dd:d6:18:90:e0:
         7d:09:b7:4c:9b:17:d2:3e:ab:dd:d6:20:bd:89:ba:b8:a4:ec:
         89:57:8e:2d:66:4d:27:f0:bb:ed:9e:a5:48:7c:46:03:94:8d:
         9b:b4:1a:35:f3:46:37:b0:68:fd:4a:a9:63:5c:19:0a:f6:28:
         7f:89:77:ce:2a:37:80:58:c7:30:0b:9c:87:47:56:f8:19:5a:
         6c:10:86:1d:c5:4e:4d:16:8c:5f:90:80:b8:11:e7:dc:93:57:
         86:65:3a:dd:40:a7:8a:7f:cf:3e:78:6d:a3:5b:c2:86:68:6e:
         2e:dd:3a:f6:56:3f:d0:a9:df:64:3f:bf:14:9a:1c:33:1e:a4:
         7a:cf:01:ad:40:af:81:23:e8:fd:a0:aa:d0:e6:d2:c2:eb:d5:
         43:be:7d:6a:d0:a4:0c:4b:6d:89:25:95:c6:09:93:32:8b:1d:
         9a:17:78:81:fd:39:42:ad:77:f9:ec:4a:ba:b6:93:7e:2c:c8:
         01:8b:db:52:0f:9c:76:2e:b7:ab:97:74:5a:79:6f:0f:d5:3b:
         1e:69:f2:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYyDupOpWugx/2+2Q+WWLJi7oWDQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MzAxNTUwMDdaFw0yNjA5MjkxNTU1MDdaMDMxMTAvBgNV
BAMTKDE4MkJERTZFQzE1NkM2QUQ5NDUzNkFCODA2MzJENDI0NzlCMzg0OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgQQq33AzRzUFHsr6mpPlfzMuI
DuZjuj6/DeqZ0Xg7trfqYC8abFA1w+WMqg75TOA7rNLnQsNPrQcAeAWMQA+gt5Z6
/aWc5YQ2rsC5/MqC7R1y56bSDgGoOPzxQV5MhvEeT/iPS3nkCfYh+l/Fe8TmULwQ
XfGbZKceL/B/nIDnS1lSn0art0PVaXAbbYZcVd2mR2btB7F6+m1ZuPC8/K6oIbtv
O9H95iVCpihT4QDQb15rb4krEKdElZoVTUlooDw2xtcy4Or1EeX+OQLatMMXKaRA
grQVlVr+OGSu/u9EJ4WzeaMlB6VdGstbSfcJ3yeuFVRP31TeZzpheU9n0sQNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGCvebsFWxq2UU2q4BjLUJHmzhJowHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1Njg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtu
MA0GCSqGSIb3DQEBCwUAA4IBAQBLULCmMZbVMlAMd9uPo0rU8lVW9xkHtwS/ebxK
R3iE1BTodN89/+o6zCQ6af/f5enI3dYYkOB9CbdMmxfSPqvd1iC9ibq4pOyJV44t
Zk0n8LvtnqVIfEYDlI2btBo180Y3sGj9SqljXBkK9ih/iXfOKjeAWMcwC5yHR1b4
GVpsEIYdxU5NFoxfkIC4Eefck1eGZTrdQKeKf88+eG2jW8KGaG4u3Tr2Vj/Qqd9k
P78UmhwzHqR6zwGtQK+BI+j9oKrQ5tLC69VDvn1q0KQMS22JJZXGCZMyix2aF3iB
/TlCrXf57Eq6tpN+LMgBi9tSD5x2Lrerl3RaeW8P1TseafI7
-----END CERTIFICATE-----