Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205896.roa
File:                     AS205896.roa (raw, json)
Hash identifier:          K4lMrfZj/CEZ0P8Vnqn3YCXRd1EV/FOXiGmI7Aaq9tI=
Subject key identifier:   B7:ED:4A:08:1B:76:17:D7:BA:1D:6A:A1:0D:38:BF:E8:9D:31:5C:A1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       46A64FCA45DA90E7C99EB0CFA033605FF5466E9A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205896.roa
Signing time:             Mon 29 Sep 2025 08:53:55 +0000
ROA not before:           Mon 29 Sep 2025 08:48:55 +0000
ROA not after:            Mon 28 Sep 2026 08:53:55 +0000
asID:                     205896
IP address blocks:        91.124.177.0/24 maxlen: 24
                          91.124.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:a6:4f:ca:45:da:90:e7:c9:9e:b0:cf:a0:33:60:5f:f5:46:6e:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 29 08:48:55 2025 GMT
            Not After : Sep 28 08:53:55 2026 GMT
        Subject: CN=B7ED4A081B7617D7BA1D6AA10D38BFE89D315CA1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ed:01:96:58:55:3a:3d:c9:55:11:5d:55:03:
                    f1:1a:09:98:82:b1:b2:2e:41:f3:41:9e:c1:10:9b:
                    95:20:b3:b2:6c:f0:d1:b2:fb:a9:83:b2:5c:32:58:
                    55:13:43:89:e8:73:2d:2b:2f:57:09:2f:eb:7d:5c:
                    85:48:2e:c4:cf:1b:f2:81:ad:33:73:fc:24:09:3c:
                    3f:db:a1:be:f3:0b:10:d3:c6:66:4e:53:eb:e7:6c:
                    fa:9f:a5:1c:54:c4:92:7b:e3:1f:65:88:90:76:f2:
                    50:02:7a:f6:b3:bf:16:70:8a:13:98:56:41:29:85:
                    6f:07:7e:b1:2b:e5:24:bb:f9:da:c2:cb:ce:a6:a2:
                    fe:0f:fe:84:11:c8:e1:9c:53:de:3e:2a:dd:d1:09:
                    c4:fd:bb:2a:a7:d7:f3:14:57:7f:7a:4b:4b:c0:b2:
                    0e:6e:8a:12:b1:ba:89:4b:28:02:48:71:ad:38:6a:
                    c3:65:d3:fb:a9:b9:52:2e:40:88:df:9e:15:d5:7a:
                    3a:f4:1b:84:58:97:8f:a3:bd:ac:8e:9a:07:df:c0:
                    88:47:d2:f1:c1:a3:6d:d3:0b:4a:a7:d4:29:1a:5e:
                    44:af:d6:94:19:44:0d:e3:56:ad:25:65:c0:cf:e2:
                    07:2a:4e:ce:2a:e2:99:b4:b0:1b:01:83:da:db:b3:
                    3e:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:ED:4A:08:1B:76:17:D7:BA:1D:6A:A1:0D:38:BF:E8:9D:31:5C:A1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205896.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.177.0/24
                  91.124.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:8f:f9:c0:f8:68:0d:c7:57:7f:8b:9e:75:24:56:65:76:ca:
         77:12:4f:a9:ba:30:a6:23:af:47:51:c2:b6:8f:11:5e:ea:3e:
         30:21:ea:ab:1d:32:a2:52:1f:ed:32:31:14:ad:6b:9c:20:3f:
         8f:34:74:00:16:63:d1:d8:37:0e:60:1f:c4:a6:71:4b:5d:ff:
         d0:70:63:fa:53:12:fc:84:53:3c:26:4a:22:34:86:cf:d5:48:
         4c:be:c8:63:e7:77:f3:ec:76:16:3d:fe:ce:ba:0f:42:96:97:
         5a:15:43:4f:c1:03:b6:b5:95:8f:52:e5:1a:b7:b9:3b:20:dc:
         2f:3e:1b:4f:c6:76:8a:ff:96:57:f3:1b:f1:09:88:1a:0d:cc:
         d1:76:ef:3e:a2:e1:c9:9c:65:54:9a:d7:26:97:ba:a6:3d:77:
         b4:d8:6f:fd:34:92:0f:ce:17:f2:c1:86:82:e9:0f:d9:2c:65:
         b0:da:a4:d5:04:ea:69:79:74:1c:af:c9:ae:31:ff:a7:aa:40:
         88:7e:ae:94:21:c7:41:d8:bf:5c:4f:c0:08:d0:a5:36:8f:83:
         2c:26:40:bf:a5:da:f4:6a:c6:fa:06:93:27:43:84:3e:49:9f:
         78:d9:ee:2d:2d:81:08:82:90:91:fc:7d:e5:82:53:04:3a:36:
         f2:c9:49:0f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURqZPykXakOfJnrDPoDNgX/VGbpowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MjkwODQ4NTVaFw0yNjA5MjgwODUzNTVaMDMxMTAvBgNV
BAMTKEI3RUQ0QTA4MUI3NjE3RDdCQTFENkFBMTBEMzhCRkU4OUQzMTVDQTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC37QGWWFU6PclVEV1VA/EaCZiC
sbIuQfNBnsEQm5Ugs7Js8NGy+6mDslwyWFUTQ4nocy0rL1cJL+t9XIVILsTPG/KB
rTNz/CQJPD/bob7zCxDTxmZOU+vnbPqfpRxUxJJ74x9liJB28lACevazvxZwihOY
VkEphW8HfrEr5SS7+drCy86mov4P/oQRyOGcU94+Kt3RCcT9uyqn1/MUV396S0vA
sg5uihKxuolLKAJIca04asNl0/upuVIuQIjfnhXVejr0G4RYl4+jvayOmgffwIhH
0vHBo23TC0qn1CkaXkSv1pQZRA3jVq0lZcDP4gcqTs4q4pm0sBsBg9rbsz4RAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUt+1KCBt2F9e6HWqhDTi/6J0xXKEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA1ODk2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW3yx
AwQAW3zuMA0GCSqGSIb3DQEBCwUAA4IBAQCXj/nA+GgNx1d/i551JFZldsp3Ek+p
ujCmI69HUcK2jxFe6j4wIeqrHTKiUh/tMjEUrWucID+PNHQAFmPR2DcOYB/EpnFL
Xf/QcGP6UxL8hFM8JkoiNIbP1UhMvshj53fz7HYWPf7Oug9ClpdaFUNPwQO2tZWP
UuUat7k7INwvPhtPxnaK/5ZX8xvxCYgaDczRdu8+ouHJnGVUmtcml7qmPXe02G/9
NJIPzhfywYaC6Q/ZLGWw2qTVBOppeXQcr8muMf+nqkCIfq6UIcdB2L9cT8AI0KU2
j4MsJkC/pdr0asb6BpMnQ4Q+SZ942e4tLYEIgpCR/H3lglMEOjbyyUkP
-----END CERTIFICATE-----