Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204335.roa
File:                     AS204335.roa (raw, json)
Hash identifier:          1VF2Xn8B8f/QII0CJZjNVEC5oc7o7dCjXjCDzYI9fd8=
Subject key identifier:   EB:8D:EA:4D:9C:A9:0F:C1:EB:E4:A6:BA:56:CE:0D:03:E0:B8:C9:09
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4B5FB9F26D655DF0E98AC2EB2AF63CD36A67772D
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204335.roa
Signing time:             Thu 12 Jun 2025 14:10:00 +0000
ROA not before:           Thu 12 Jun 2025 14:05:00 +0000
ROA not after:            Thu 11 Jun 2026 14:10:00 +0000
asID:                     204335
IP address blocks:        2a0b:8704::/32 maxlen: 48
                          2a0c:fa41::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 02:36:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:5f:b9:f2:6d:65:5d:f0:e9:8a:c2:eb:2a:f6:3c:d3:6a:67:77:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:00 2025 GMT
            Not After : Jun 11 14:10:00 2026 GMT
        Subject: CN=EB8DEA4D9CA90FC1EBE4A6BA56CE0D03E0B8C909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:a5:3b:7d:f6:ba:a1:e4:30:3c:d7:b2:a7:02:
                    60:51:f0:33:ad:2c:64:28:3a:1d:8b:a3:d4:af:c5:
                    d9:66:1a:a6:ae:e2:4d:03:fd:6b:42:86:85:99:70:
                    29:ac:2b:a8:b0:61:21:d3:96:c8:33:83:75:19:de:
                    fe:ea:33:5b:25:5a:9a:62:d4:d0:04:bf:cf:0a:82:
                    41:88:c4:95:86:a8:10:11:bc:f8:f4:1a:56:35:80:
                    d8:c2:98:c4:b8:ab:30:1d:b1:71:ce:70:f3:f9:9e:
                    87:c8:57:7e:07:5c:e9:d5:94:3d:54:bb:5f:6f:0c:
                    46:57:50:b9:4d:ca:1a:fe:cf:72:02:41:01:3c:71:
                    a7:e1:2d:6a:26:1c:dc:88:07:05:c8:cd:d4:0c:02:
                    bf:21:39:1f:3d:8f:55:60:c1:a2:ad:36:e7:88:72:
                    73:b3:8e:4d:83:e0:11:65:45:f2:80:f8:c4:f3:6f:
                    d1:62:e3:91:38:1d:68:81:4f:b7:38:0a:14:57:e8:
                    54:1b:de:4a:8a:91:07:92:55:ea:9c:df:63:8e:53:
                    3c:7f:ce:41:44:91:e7:f7:c0:d3:14:60:fe:46:2f:
                    cf:f1:d7:c5:a8:a8:07:86:6e:cc:e1:d2:eb:66:32:
                    2e:45:4b:a8:de:e7:91:38:b0:89:7a:f7:89:c1:77:
                    27:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:8D:EA:4D:9C:A9:0F:C1:EB:E4:A6:BA:56:CE:0D:03:E0:B8:C9:09
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS204335.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8704::/32
                  2a0c:fa41::/32

    Signature Algorithm: sha256WithRSAEncryption
         90:1e:ed:92:60:88:ce:14:30:53:3d:56:6f:14:e3:89:a6:81:
         43:75:9e:d1:f4:7e:19:a2:73:b8:33:7c:13:59:6a:64:3f:9c:
         02:dd:26:8d:53:55:fc:46:ac:8a:9c:b2:90:f3:1e:9f:cc:52:
         8e:16:6b:b5:bd:7f:ac:03:44:27:40:ea:f2:dc:f6:48:99:d7:
         8d:74:a1:81:72:dc:e5:2c:76:4b:92:c0:89:9c:d5:c0:18:ee:
         d8:3e:46:0d:2a:ac:07:bd:76:f3:53:d4:ab:f9:6a:5b:bd:24:
         81:a9:07:e9:5e:d8:94:65:11:1c:bd:51:95:9d:d6:c9:37:39:
         da:fb:4d:39:fd:9b:8d:f2:87:90:32:c1:8b:5b:13:78:49:9b:
         3c:11:ad:4a:49:d4:eb:37:2a:57:72:e5:ca:70:d3:c6:b0:be:
         91:b4:84:a9:d2:4e:21:2c:d4:0f:7f:87:ad:6f:b4:88:4d:24:
         eb:59:c9:20:2f:18:55:70:07:03:f0:55:6c:e2:0f:4f:47:8c:
         1c:53:9f:56:ff:0d:f2:2b:dd:bb:aa:8b:3f:82:d0:3e:03:42:
         32:6e:0d:de:6f:ff:f1:bf:df:ef:fa:de:b4:d9:2f:9d:a4:1f:
         8a:0a:02:22:25:b8:ef:37:60:17:5e:b6:77:14:2c:0f:4e:35:
         08:6d:b6:aa
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUS1+58m1lXfDpisLrKvY802pndy0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MDBaFw0yNjA2MTExNDEwMDBaMDMxMTAvBgNV
BAMTKEVCOERFQTREOUNBOTBGQzFFQkU0QTZCQTU2Q0UwRDAzRTBCOEM5MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIpTt99rqh5DA817KnAmBR8DOt
LGQoOh2Lo9SvxdlmGqau4k0D/WtChoWZcCmsK6iwYSHTlsgzg3UZ3v7qM1slWppi
1NAEv88KgkGIxJWGqBARvPj0GlY1gNjCmMS4qzAdsXHOcPP5nofIV34HXOnVlD1U
u19vDEZXULlNyhr+z3ICQQE8cafhLWomHNyIBwXIzdQMAr8hOR89j1VgwaKtNueI
cnOzjk2D4BFlRfKA+MTzb9Fi45E4HWiBT7c4ChRX6FQb3kqKkQeSVeqc32OOUzx/
zkFEkef3wNMUYP5GL8/x18WoqAeGbszh0utmMi5FS6je55E4sIl694nBdycTAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQU643qTZypD8Hr5Ka6Vs4NA+C4yQkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA0MzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKguH
BAMFACoM+kEwDQYJKoZIhvcNAQELBQADggEBAJAe7ZJgiM4UMFM9Vm8U44mmgUN1
ntH0fhmic7gzfBNZamQ/nALdJo1TVfxGrIqcspDzHp/MUo4Wa7W9f6wDRCdA6vLc
9kiZ1410oYFy3OUsdkuSwImc1cAY7tg+Rg0qrAe9dvNT1Kv5alu9JIGpB+le2JRl
ERy9UZWd1sk3Odr7TTn9m43yh5AywYtbE3hJmzwRrUpJ1Os3Kldy5cpw08awvpG0
hKnSTiEs1A9/h61vtIhNJOtZySAvGFVwBwPwVWziD09HjBxTn1b/DfIr3buqiz+C
0D4DQjJuDd5v//G/3+/63rTZL52kH4oKAiIluO83YBdetncULA9ONQhttqo=
-----END CERTIFICATE-----