Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS206839.roa
File:                     AS206839.roa (raw, json)
Hash identifier:          FFeOGuz6S2ng0LLY89/Ot1sNUM1KvPOkDW42QbA6Ivo=
Subject key identifier:   F5:E4:18:74:11:D0:B8:4A:AC:62:73:DC:51:19:94:4C:34:D9:A1:59
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7387686DB1FA3DE5EB590F18703B20B635DF87BF
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS206839.roa
Signing time:             Tue 01 Jul 2025 19:57:02 +0000
ROA not before:           Tue 01 Jul 2025 19:52:02 +0000
ROA not after:            Tue 30 Jun 2026 19:57:02 +0000
asID:                     206839
IP address blocks:        176.53.170.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:87:68:6d:b1:fa:3d:e5:eb:59:0f:18:70:3b:20:b6:35:df:87:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jul  1 19:52:02 2025 GMT
            Not After : Jun 30 19:57:02 2026 GMT
        Subject: CN=F5E4187411D0B84AAC6273DC5119944C34D9A159
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:23:12:2f:e3:88:6d:17:cd:46:a8:80:2f:f2:
                    01:5c:03:34:7d:38:b2:75:a9:00:2c:fc:f3:cf:6b:
                    79:36:04:50:79:8f:d3:af:ba:37:e7:be:27:bc:7a:
                    24:08:15:93:fa:19:be:c0:19:51:18:b3:69:8f:26:
                    02:9d:4b:46:33:06:33:34:20:46:46:95:a4:9b:96:
                    9e:70:ac:82:2f:17:f6:a4:a1:64:71:e6:00:68:8f:
                    48:73:5b:8a:67:9c:ef:5d:ac:57:7d:a1:4e:23:95:
                    d1:6d:2e:44:3b:1c:75:42:05:e1:24:15:74:2e:9f:
                    ec:38:f1:8d:9b:96:76:c9:e3:1f:e8:8d:72:16:e8:
                    ed:92:d3:af:90:57:56:7a:52:22:b4:00:98:d6:af:
                    21:be:61:32:6f:2a:08:c9:67:55:94:09:86:79:bd:
                    a7:0c:7c:88:c5:89:0a:79:1e:2f:5f:ff:24:cb:3b:
                    46:3c:cc:52:ac:b8:92:0c:fe:93:44:86:82:49:2f:
                    88:3b:fb:20:e3:f1:57:28:5f:42:df:12:e8:b9:2a:
                    29:57:fd:82:76:db:03:f7:fd:5e:aa:27:f1:1d:55:
                    d4:7f:f6:17:6f:ce:69:1d:18:23:d0:65:03:30:a8:
                    43:5a:1d:f5:dd:b2:71:e7:fc:14:7d:66:29:18:b3:
                    a4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:E4:18:74:11:D0:B8:4A:AC:62:73:DC:51:19:94:4C:34:D9:A1:59
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS206839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.53.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:14:33:0a:b3:6b:7f:b4:35:a5:78:b8:ff:bc:eb:45:cd:cb:
         07:c3:1f:0a:6f:c5:ed:b2:19:1d:f9:10:a4:fe:9e:b6:53:63:
         87:b4:07:c6:d7:23:8d:5b:dd:25:b1:3f:69:e7:fd:b0:dd:2e:
         af:61:f5:f7:04:2d:66:fe:38:09:48:b4:d0:fa:4c:04:7e:7e:
         b5:a0:6d:8a:63:f2:01:d8:54:63:83:c3:3b:c4:fa:31:c6:b2:
         eb:ff:23:73:13:8c:ce:f6:69:1e:d1:83:f3:54:65:2a:01:fd:
         87:f7:06:cb:95:7a:19:d7:c9:b5:11:8d:b0:b0:19:62:b6:fc:
         50:5b:e5:8e:95:63:45:3e:ca:dc:22:9b:ef:84:b4:86:89:09:
         70:92:67:53:b8:a9:19:a8:52:ce:80:fc:7b:9b:0d:53:87:28:
         49:c7:92:1c:90:2a:b4:f4:cc:ae:8f:f2:ca:5a:75:60:4f:d8:
         da:7e:5d:7d:95:53:bf:24:f7:00:30:88:19:ba:2d:85:1e:da:
         18:1c:33:2e:d7:b9:80:3e:b3:56:d1:78:25:9a:2f:a6:01:c9:
         56:db:ca:8a:f6:48:c6:53:81:c7:b2:a7:69:58:3a:da:bb:1d:
         c9:fb:62:1c:aa:42:78:e6:00:b5:36:82:ec:f3:11:39:7f:0c:
         d8:8a:b0:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUc4dobbH6PeXrWQ8YcDsgtjXfh78wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA3MDExOTUyMDJaFw0yNjA2MzAxOTU3MDJaMDMxMTAvBgNV
BAMTKEY1RTQxODc0MTFEMEI4NEFBQzYyNzNEQzUxMTk5NDRDMzREOUExNTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEIxIv44htF81GqIAv8gFcAzR9
OLJ1qQAs/PPPa3k2BFB5j9Ovujfnvie8eiQIFZP6Gb7AGVEYs2mPJgKdS0YzBjM0
IEZGlaSblp5wrIIvF/akoWRx5gBoj0hzW4pnnO9drFd9oU4jldFtLkQ7HHVCBeEk
FXQun+w48Y2blnbJ4x/ojXIW6O2S06+QV1Z6UiK0AJjWryG+YTJvKgjJZ1WUCYZ5
vacMfIjFiQp5Hi9f/yTLO0Y8zFKsuJIM/pNEhoJJL4g7+yDj8VcoX0LfEui5KilX
/YJ22wP3/V6qJ/EdVdR/9hdvzmkdGCPQZQMwqENaHfXdsnHn/BR9ZikYs6QjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9eQYdBHQuEqsYnPcURmUTDTZoVkwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA2ODM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDWq
MA0GCSqGSIb3DQEBCwUAA4IBAQA8FDMKs2t/tDWleLj/vOtFzcsHwx8Kb8Xtshkd
+RCk/p62U2OHtAfG1yONW90lsT9p5/2w3S6vYfX3BC1m/jgJSLTQ+kwEfn61oG2K
Y/IB2FRjg8M7xPoxxrLr/yNzE4zO9mke0YPzVGUqAf2H9wbLlXoZ18m1EY2wsBli
tvxQW+WOlWNFPsrcIpvvhLSGiQlwkmdTuKkZqFLOgPx7mw1ThyhJx5IckCq09Myu
j/LKWnVgT9jafl19lVO/JPcAMIgZui2FHtoYHDMu17mAPrNW0Xglmi+mAclW28qK
9kjGU4HHsqdpWDraux3J+2IcqkJ45gC1NoLs8xE5fwzYirA5
-----END CERTIFICATE-----