Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa
File:                     AS206533.roa (raw, json)
Hash identifier:          6bZSQVot8MNvAIOx+2F/OWGxeXwpknEUznVXlHRuiPo=
Subject key identifier:   1D:30:95:5A:79:B0:11:B1:F8:45:68:ED:3C:46:C4:19:63:BA:9A:32
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       38E9A9478EEF70510183BB2DD341F6F011D9D580
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa
Signing time:             Tue 02 Jun 2026 17:16:48 +0000
ROA not before:           Tue 02 Jun 2026 17:11:48 +0000
ROA not after:            Tue 01 Jun 2027 17:16:48 +0000
asID:                     206533
IP address blocks:        167.148.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:e9:a9:47:8e:ef:70:51:01:83:bb:2d:d3:41:f6:f0:11:d9:d5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  2 17:11:48 2026 GMT
            Not After : Jun  1 17:16:48 2027 GMT
        Subject: CN=1D30955A79B011B1F84568ED3C46C41963BA9A32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6b:d3:84:42:45:ef:ad:da:1b:51:4c:72:83:
                    c2:09:7c:4e:07:1a:cd:7e:8e:ec:49:15:a1:fb:ea:
                    08:07:32:66:bc:71:77:cb:f7:77:71:14:79:2d:75:
                    38:8a:da:ea:7d:b7:a3:94:5c:99:2f:93:14:5e:d1:
                    53:63:82:ad:3b:3e:91:71:39:e0:f6:8f:9d:8c:27:
                    71:e3:a4:62:a9:ec:d8:fc:ba:0c:1b:88:ad:73:bf:
                    ef:35:8f:fe:62:8c:7a:ee:1c:a0:b3:37:0b:a9:31:
                    01:1d:47:e8:ac:75:53:ae:e1:e8:58:b9:cb:3e:21:
                    57:6b:f1:b7:ba:a5:1c:b6:ac:13:7f:42:a5:83:27:
                    38:9d:88:e2:bc:5a:9e:dc:89:52:1d:b8:bb:6d:74:
                    fb:79:ac:24:a1:83:62:fe:73:0b:ab:69:b5:be:d8:
                    d3:56:54:fb:74:94:bb:a5:21:20:d0:92:9c:86:64:
                    07:1c:f0:52:9d:8a:06:9e:cb:6d:68:6d:e4:c1:d6:
                    b9:43:83:09:1c:c2:fb:61:19:7a:38:48:9d:bc:b1:
                    d6:5a:c2:ec:9b:3b:3e:38:5d:f5:b9:d0:a2:15:b1:
                    85:f2:0a:58:97:77:4c:5b:5f:c9:69:f6:4a:59:fd:
                    0f:a7:26:7a:9d:ae:01:4f:1a:08:75:09:4b:9d:15:
                    44:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:30:95:5A:79:B0:11:B1:F8:45:68:ED:3C:46:C4:19:63:BA:9A:32
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:e8:71:96:1f:1b:54:bf:f5:c8:d3:2c:08:fd:c7:ce:57:55:
         ec:be:69:93:18:73:96:2e:17:23:54:66:80:1c:bc:b9:85:70:
         ca:07:83:8e:8a:44:38:88:c3:80:0b:11:c0:85:f9:f8:d1:d3:
         e0:1a:87:08:90:e3:ab:cf:50:f4:52:cb:0b:89:3c:95:94:3a:
         67:fd:f0:1b:e9:96:66:f1:36:9a:ff:cb:a8:3a:34:e5:43:6f:
         cc:90:13:f0:ce:25:37:6e:5d:3c:63:19:83:0e:f6:dc:41:7f:
         d9:9d:8f:89:d3:83:ce:18:9e:7f:2e:a7:97:e1:32:23:51:8b:
         1b:2e:e1:7c:9a:a8:5e:cd:aa:dd:fe:7a:70:0c:4d:ee:2d:83:
         52:6e:ff:54:ad:13:29:34:0c:15:f2:05:be:af:c1:9b:be:e8:
         ce:d3:22:7f:d1:85:5f:38:a9:77:69:1b:39:93:1d:76:2c:5a:
         75:5a:f0:f6:a3:66:e1:6f:09:bc:fb:f7:09:1a:15:43:6e:18:
         59:40:17:d1:06:22:53:8d:17:1c:85:41:d7:d7:b2:14:c5:54:
         ec:7c:7e:34:6a:b6:0f:00:23:a0:49:f4:0b:a0:83:2e:2d:56:
         70:3f:25:de:6d:e0:60:92:96:75:b2:a1:95:ef:45:72:e6:49:
         c6:b6:2c:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOOmpR47vcFEBg7st00H28BHZ1YAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDIxNzExNDhaFw0yNzA2MDExNzE2NDhaMDMxMTAvBgNV
BAMTKDFEMzA5NTVBNzlCMDExQjFGODQ1NjhFRDNDNDZDNDE5NjNCQTlBMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQa9OEQkXvrdobUUxyg8IJfE4H
Gs1+juxJFaH76ggHMma8cXfL93dxFHktdTiK2up9t6OUXJkvkxRe0VNjgq07PpFx
OeD2j52MJ3HjpGKp7Nj8ugwbiK1zv+81j/5ijHruHKCzNwupMQEdR+isdVOu4ehY
ucs+IVdr8be6pRy2rBN/QqWDJzidiOK8Wp7ciVIduLttdPt5rCShg2L+cwurabW+
2NNWVPt0lLulISDQkpyGZAcc8FKdigaey21obeTB1rlDgwkcwvthGXo4SJ28sdZa
wuybOz44XfW50KIVsYXyCliXd0xbX8lp9kpZ/Q+nJnqdrgFPGgh1CUudFUQJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHTCVWnmwEbH4RWjtPEbEGWO6mjIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA2NTMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5TY
MA0GCSqGSIb3DQEBCwUAA4IBAQB06HGWHxtUv/XI0ywI/cfOV1XsvmmTGHOWLhcj
VGaAHLy5hXDKB4OOikQ4iMOACxHAhfn40dPgGocIkOOrz1D0UssLiTyVlDpn/fAb
6ZZm8Taa/8uoOjTlQ2/MkBPwziU3bl08YxmDDvbcQX/ZnY+J04POGJ5/LqeX4TIj
UYsbLuF8mqhezard/npwDE3uLYNSbv9UrRMpNAwV8gW+r8GbvujO0yJ/0YVfOKl3
aRs5kx12LFp1WvD2o2bhbwm8+/cJGhVDbhhZQBfRBiJTjRcchUHX17IUxVTsfH40
arYPACOgSfQLoIMuLVZwPyXebeBgkpZ1sqGV70Vy5knGtizD
-----END CERTIFICATE-----