Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa
File:                     AS205659.roa (raw, json)
Hash identifier:          53PUJkWtvL3S/M3PU9Ca0HeYEGWAwBKMY8KbEY1y8Ng=
Subject key identifier:   BA:7F:27:08:94:36:E1:D7:8F:EA:BF:AE:A5:AB:92:63:06:9D:39:A3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7ED1067D1BA76BDEEDAB54B77677548418B8ED18
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa
Signing time:             Tue 01 Jul 2025 13:49:20 +0000
ROA not before:           Tue 01 Jul 2025 13:44:20 +0000
ROA not after:            Tue 30 Jun 2026 13:49:20 +0000
asID:                     205659
IP address blocks:        2a0a:9200::/29 maxlen: 48
                          2a0a:a601::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:29:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:d1:06:7d:1b:a7:6b:de:ed:ab:54:b7:76:77:54:84:18:b8:ed:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  1 13:44:20 2025 GMT
            Not After : Jun 30 13:49:20 2026 GMT
        Subject: CN=BA7F27089436E1D78FEABFAEA5AB9263069D39A3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6e:66:bb:4a:c8:da:78:2d:88:a2:ee:18:40:
                    36:1e:29:d8:17:03:15:4f:cd:a3:cb:d8:44:98:df:
                    a8:87:36:52:1e:3f:ed:8a:35:d2:4d:d4:37:ab:ab:
                    08:c8:78:41:e1:48:15:e8:78:d3:01:3f:0b:cb:e9:
                    22:ab:ae:79:c1:97:1b:1f:51:20:7f:66:03:f0:1f:
                    c1:43:7c:1a:a8:00:ba:1b:da:1c:d7:fe:32:63:7f:
                    8c:59:92:c2:87:ed:a8:25:66:42:89:85:68:c3:01:
                    1f:fa:55:1e:85:1e:54:d4:91:d9:41:33:20:60:e1:
                    a1:51:91:a8:eb:f0:b6:6e:fe:4e:26:14:f6:fc:fa:
                    ca:47:89:6b:22:77:c6:9b:31:8e:47:ee:80:84:2a:
                    d6:b2:74:eb:71:76:00:89:05:71:5d:7f:ef:1b:39:
                    4d:04:e9:92:ee:4d:5a:b4:56:3a:93:40:0f:5f:41:
                    59:de:89:71:e5:9a:e9:0b:55:e2:26:7b:dd:96:07:
                    25:23:d2:a4:45:b3:ba:3b:1e:44:b4:fd:af:a1:15:
                    11:b7:dc:a7:e5:1d:54:de:c4:90:d5:b4:32:ee:54:
                    c7:8f:90:51:01:07:6e:c5:68:0a:52:0b:6e:61:44:
                    9f:3b:73:01:4c:44:a2:3a:b7:64:a1:f5:57:67:64:
                    7a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:7F:27:08:94:36:E1:D7:8F:EA:BF:AE:A5:AB:92:63:06:9D:39:A3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9200::/29
                  2a0a:a601::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:c1:71:bf:ae:aa:00:d8:83:38:c8:66:1b:6d:cc:b6:b9:f7:
         53:ae:48:c5:7c:48:a5:80:ee:54:9c:eb:b7:00:cb:ff:b7:b0:
         fd:04:a8:48:10:53:9a:70:b4:73:e4:10:2d:a5:ac:b2:13:64:
         4e:59:13:20:e8:19:16:71:50:5a:91:26:6b:f6:a3:79:96:b5:
         c3:24:bf:47:a9:84:01:10:75:80:35:e3:92:d9:d5:f4:8e:80:
         71:7a:1c:f8:26:84:31:67:a0:97:46:3e:5f:13:3c:b9:fd:b2:
         dd:ac:1a:cc:eb:f5:93:99:d2:d6:9d:36:92:af:45:ff:4a:2a:
         36:5e:64:4e:5d:d1:7c:38:bf:29:15:d7:98:b5:6f:fb:ef:bb:
         0f:45:e7:de:2d:ca:11:a5:6f:a7:9a:15:b8:63:c4:a6:f7:77:
         ff:f3:22:5c:33:c6:77:6b:09:52:67:b1:7b:b1:f4:bf:3d:fc:
         16:e9:a4:d3:57:ac:dd:17:05:66:2f:ae:35:30:26:03:92:1a:
         88:96:72:ab:69:86:a3:84:af:63:fe:fa:55:4f:9a:59:a9:c7:
         3d:2d:e8:07:df:3e:aa:ee:55:ab:03:f2:09:85:38:68:ce:46:
         b6:88:f3:92:46:85:45:16:b1:c8:d7:e4:b8:2e:94:cd:80:a9:
         25:7b:a9:36
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgIUftEGfRuna97tq1S3dndUhBi47RgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MDExMzQ0MjBaFw0yNjA2MzAxMzQ5MjBaMDMxMTAvBgNV
BAMTKEJBN0YyNzA4OTQzNkUxRDc4RkVBQkZBRUE1QUI5MjYzMDY5RDM5QTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7bma7SsjaeC2Iou4YQDYeKdgX
AxVPzaPL2ESY36iHNlIeP+2KNdJN1DerqwjIeEHhSBXoeNMBPwvL6SKrrnnBlxsf
USB/ZgPwH8FDfBqoALob2hzX/jJjf4xZksKH7aglZkKJhWjDAR/6VR6FHlTUkdlB
MyBg4aFRkajr8LZu/k4mFPb8+spHiWsid8abMY5H7oCEKtaydOtxdgCJBXFdf+8b
OU0E6ZLuTVq0VjqTQA9fQVneiXHlmukLVeIme92WByUj0qRFs7o7HkS0/a+hFRG3
3KflHVTexJDVtDLuVMePkFEBB27FaApSC25hRJ87cwFMRKI6t2Sh9VdnZHpzAgMB
AAGjggISMIICDjAdBgNVHQ4EFgQUun8nCJQ24deP6r+upauSYwadOaMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1NjU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgqS
AAMFACoKpgEwDQYJKoZIhvcNAQELBQADggEBAC7Bcb+uqgDYgzjIZhttzLa591Ou
SMV8SKWA7lSc67cAy/+3sP0EqEgQU5pwtHPkEC2lrLITZE5ZEyDoGRZxUFqRJmv2
o3mWtcMkv0ephAEQdYA145LZ1fSOgHF6HPgmhDFnoJdGPl8TPLn9st2sGszr9ZOZ
0tadNpKvRf9KKjZeZE5d0Xw4vykV15i1b/vvuw9F594tyhGlb6eaFbhjxKb3d//z
IlwzxndrCVJnsXux9L89/BbppNNXrN0XBWYvrjUwJgOSGoiWcqtphqOEr2P++lVP
mlmpxz0t6AffPqruVasD8gmFOGjORraI85JGhUUWscjX5LgulM2AqSV7qTY=
-----END CERTIFICATE-----