Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205705.roa
File:                     AS205705.roa (raw, json)
Hash identifier:          b+zV9i3sueOqX7F0tnXpHzK3+32XtOzbF3prdV3BKV4=
Subject key identifier:   E7:D0:7E:07:4F:4B:FD:28:B9:48:AA:1B:A8:E4:00:0E:5C:F8:6A:8E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       113E606E1CFEE36DE3214D4CDC7DCCBDE102EEE0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205705.roa
Signing time:             Sat 30 Aug 2025 22:55:01 +0000
ROA not before:           Sat 30 Aug 2025 22:50:01 +0000
ROA not after:            Sat 29 Aug 2026 22:55:01 +0000
asID:                     205705
IP address blocks:        143.14.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:3e:60:6e:1c:fe:e3:6d:e3:21:4d:4c:dc:7d:cc:bd:e1:02:ee:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 30 22:50:01 2025 GMT
            Not After : Aug 29 22:55:01 2026 GMT
        Subject: CN=E7D07E074F4BFD28B948AA1BA8E4000E5CF86A8E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:13:ca:08:4d:ae:96:b6:86:b2:5b:41:c1:
                    24:02:b6:0f:14:8c:30:e9:1b:43:a0:c2:06:f2:1e:
                    af:e3:c1:c3:ce:c7:e8:26:15:d1:96:3b:40:28:0e:
                    17:67:1e:1a:c9:2e:75:eb:4d:48:0c:c3:54:97:00:
                    00:b2:e7:62:4c:c5:07:8a:15:63:b7:77:4a:93:07:
                    cb:21:23:9c:72:b3:df:4d:fa:4b:d4:8f:53:76:01:
                    e8:af:21:7a:6b:56:52:67:6f:d3:be:87:21:18:19:
                    05:ef:33:b2:b2:44:ea:44:3e:15:da:e7:94:b9:f8:
                    61:91:1f:6f:5a:91:8f:b8:ae:20:fc:a4:e4:89:0c:
                    ca:b1:63:af:9d:db:4a:c4:d0:f8:70:88:42:17:9f:
                    c9:c0:48:f3:84:c8:ca:ca:ee:18:9a:0e:fd:d4:41:
                    45:9a:d5:25:d8:70:2d:52:fa:a2:99:ed:d2:e0:31:
                    9a:a0:45:67:5c:32:31:23:cf:73:28:cb:d0:c9:2c:
                    09:79:42:89:54:31:82:84:62:c2:3c:f3:3f:5a:4e:
                    c9:e5:85:24:b1:6a:72:4b:a4:12:e1:6e:95:0a:29:
                    6a:e3:c7:68:c1:42:34:61:fe:c5:8a:ae:bd:7a:ce:
                    84:be:09:d7:dc:e1:a9:14:b1:01:f3:7e:05:f7:8c:
                    3c:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:D0:7E:07:4F:4B:FD:28:B9:48:AA:1B:A8:E4:00:0E:5C:F8:6A:8E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205705.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:87:bb:10:e4:2c:58:d8:d2:6f:ca:7b:ee:17:de:92:c6:75:
         12:58:41:2d:85:11:11:45:58:f5:13:f7:de:a9:d5:f1:45:ad:
         cb:23:9d:0a:7c:86:b4:9c:2c:b3:ca:84:5c:55:ba:1d:bb:aa:
         8e:f2:10:2c:39:ac:9e:9c:6b:cd:15:00:d9:c1:88:63:e3:0e:
         6e:d9:47:7d:55:63:db:a8:3a:d3:e9:7e:f1:56:90:cd:c8:bf:
         fd:7a:74:d3:bd:a0:cf:b9:18:4b:71:cf:83:9b:66:4b:5e:7f:
         d7:0d:a8:7b:e7:75:d6:62:29:fe:12:5a:1a:98:81:ea:61:c7:
         5e:6a:9f:c3:5f:f7:89:a0:5e:42:df:57:95:60:f5:39:d5:5c:
         8c:c8:ba:71:a8:60:22:2f:42:05:28:04:2c:d5:34:8e:9a:9a:
         26:4a:67:6d:ce:e9:b0:2b:b6:7a:73:e5:41:47:06:d9:54:70:
         63:78:e7:11:cc:22:8b:09:6c:5f:c5:84:d5:93:56:f7:13:07:
         ab:44:ed:b2:2a:49:cc:92:cf:8a:98:27:02:c2:9b:be:8d:ed:
         a0:1f:f7:92:56:f8:35:db:0c:b1:48:f5:f1:81:e8:5f:3d:db:
         e4:c6:51:90:00:56:36:2e:80:a6:95:05:db:44:26:fa:c5:ca:
         ab:dd:de:71
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUET5gbhz+423jIU1M3H3MveEC7uAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MzAyMjUwMDFaFw0yNjA4MjkyMjU1MDFaMDMxMTAvBgNV
BAMTKEU3RDA3RTA3NEY0QkZEMjhCOTQ4QUExQkE4RTQwMDBFNUNGODZBOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPRxPKCE2ulraGsltBwSQCtg8U
jDDpG0OgwgbyHq/jwcPOx+gmFdGWO0AoDhdnHhrJLnXrTUgMw1SXAACy52JMxQeK
FWO3d0qTB8shI5xys99N+kvUj1N2AeivIXprVlJnb9O+hyEYGQXvM7KyROpEPhXa
55S5+GGRH29akY+4riD8pOSJDMqxY6+d20rE0PhwiEIXn8nASPOEyMrK7hiaDv3U
QUWa1SXYcC1S+qKZ7dLgMZqgRWdcMjEjz3Moy9DJLAl5QolUMYKEYsI88z9aTsnl
hSSxanJLpBLhbpUKKWrjx2jBQjRh/sWKrr16zoS+Cdfc4akUsQHzfgX3jDyRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU59B+B09L/Si5SKobqOQADlz4ao4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1NzA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw5F
MA0GCSqGSIb3DQEBCwUAA4IBAQC6h7sQ5CxY2NJvynvuF96SxnUSWEEthRERRVj1
E/feqdXxRa3LI50KfIa0nCyzyoRcVbodu6qO8hAsOayenGvNFQDZwYhj4w5u2Ud9
VWPbqDrT6X7xVpDNyL/9enTTvaDPuRhLcc+Dm2ZLXn/XDah753XWYin+EloamIHq
Ycdeap/DX/eJoF5C31eVYPU51VyMyLpxqGAiL0IFKAQs1TSOmpomSmdtzumwK7Z6
c+VBRwbZVHBjeOcRzCKLCWxfxYTVk1b3EwerRO2yKknMks+KmCcCwpu+je2gH/eS
Vvg12wyxSPXxgehfPdvkxlGQAFY2LoCmlQXbRCb6xcqr3d5x
-----END CERTIFICATE-----