Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206150.roa
File:                     AS206150.roa (raw, json)
Hash identifier:          4CCK7uGqOMFvKA5DQq1w0uMYBL36b4iteookzWqDE9I=
Subject key identifier:   83:2E:29:D6:44:9B:26:3C:AA:A1:C1:A3:7C:39:F4:F4:13:9F:17:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5EDF3F50EDD5A589C22936143B323079C10B6C02
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206150.roa
Signing time:             Wed 27 Mar 2024 14:48:52 +0000
ROA not before:           Wed 27 Mar 2024 14:43:52 +0000
ROA not after:            Wed 26 Mar 2025 14:48:52 +0000
asID:                     206150
IP address blocks:        2a0a:4e80::/32 maxlen: 48
                          2a0a:4e81::/32 maxlen: 48
                          2a0a:4e82::/32 maxlen: 48
                          2a0a:4e83::/32 maxlen: 48
                          2a0a:4e84::/32 maxlen: 48
                          2a0a:4e85::/32 maxlen: 48
                          2a0a:4e86::/32 maxlen: 48
                          2a0a:4e87::/32 maxlen: 48
                          2a0a:8e00::/32 maxlen: 48
                          2a0a:8e01::/32 maxlen: 48
                          2a0a:8e02::/32 maxlen: 48
                          2a0a:8e03::/32 maxlen: 48
                          2a0a:8e04::/32 maxlen: 48
                          2a0a:8e05::/32 maxlen: 48
                          2a0a:8e06::/32 maxlen: 48
                          2a0a:8e07::/32 maxlen: 48
                          2a0a:9600::/32 maxlen: 48
                          2a0a:9601::/32 maxlen: 48
                          2a0a:9602::/32 maxlen: 48
                          2a0a:9603::/32 maxlen: 48
                          2a0a:9604::/32 maxlen: 48
                          2a0a:9605::/32 maxlen: 48
                          2a0a:9606::/32 maxlen: 48
                          2a0a:9607::/32 maxlen: 48
                          2a0a:a704::/30 maxlen: 48
                          2a0a:be00::/32 maxlen: 48
                          2a0a:be01::/32 maxlen: 48
                          2a0a:be02::/32 maxlen: 48
                          2a0a:be03::/32 maxlen: 48
                          2a0a:be04::/32 maxlen: 48
                          2a0a:be05::/32 maxlen: 48
                          2a0a:be06::/32 maxlen: 48
                          2a0a:be07::/32 maxlen: 48
                          2a0a:d200::/32 maxlen: 48
                          2a0a:d201::/32 maxlen: 48
                          2a0a:d202::/32 maxlen: 48
                          2a0a:d203::/32 maxlen: 48
                          2a0a:d204::/32 maxlen: 48
                          2a0a:d205::/32 maxlen: 48
                          2a0a:d206::/32 maxlen: 48
                          2a0a:d207::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:df:3f:50:ed:d5:a5:89:c2:29:36:14:3b:32:30:79:c1:0b:6c:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 27 14:43:52 2024 GMT
            Not After : Mar 26 14:48:52 2025 GMT
        Subject: CN=832E29D6449B263CAAA1C1A37C39F4F4139F172F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8f:65:e8:bd:77:04:b3:90:de:6a:1c:e2:bb:
                    c4:c4:42:f7:09:7c:5a:25:28:7f:f8:5e:40:23:7b:
                    99:cb:f0:d3:21:71:da:31:56:d7:11:29:0f:8a:8c:
                    64:32:e3:a6:1c:5a:88:67:2e:1c:65:f5:df:df:52:
                    c5:00:cc:45:94:74:9d:00:1d:c5:29:79:bb:5c:bc:
                    cd:69:e3:5e:d4:92:af:1a:3d:a7:a0:fb:80:83:15:
                    28:9e:23:80:4d:bf:da:9d:ae:15:26:84:47:df:05:
                    72:6a:8a:0e:31:b8:04:ca:1c:b7:50:9a:dd:0b:90:
                    c3:12:31:b5:a2:83:b2:33:60:67:b3:01:d0:0f:0f:
                    cd:38:47:2f:b4:64:67:88:23:1f:56:e1:42:1e:53:
                    bc:07:0f:f7:67:5d:f7:df:80:34:f5:17:db:15:80:
                    b9:a2:03:97:30:63:fd:27:6c:b4:7d:4b:53:93:a1:
                    f3:c8:58:56:37:e3:4b:fa:dd:30:8e:f9:ed:42:26:
                    0a:95:e0:04:b1:a4:68:e2:29:5f:50:49:cf:43:99:
                    87:f8:8a:43:43:84:bb:9b:cd:e7:89:9c:34:cf:55:
                    cf:70:e5:11:25:2f:46:03:72:42:4b:7c:a4:12:cc:
                    96:05:88:f2:aa:da:dc:fd:fa:ef:81:bc:2f:1f:89:
                    72:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:2E:29:D6:44:9B:26:3C:AA:A1:C1:A3:7C:39:F4:F4:13:9F:17:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206150.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:4e80::/29
                  2a0a:8e00::/29
                  2a0a:9600::/29
                  2a0a:a704::/30
                  2a0a:be00::/29
                  2a0a:d200::/29

    Signature Algorithm: sha256WithRSAEncryption
         69:1a:17:78:3a:31:bd:16:7b:5b:86:54:60:41:df:a5:9a:f4:
         4c:bb:d7:81:98:f4:1a:55:04:51:ce:f4:9b:42:0d:96:69:a3:
         db:95:1d:a5:ae:4b:ac:86:82:62:3d:6b:5f:3a:d9:62:af:c7:
         0f:4e:e9:58:9e:eb:fd:5f:25:34:b3:7c:ec:0c:22:4e:6f:53:
         19:4e:dc:f3:46:61:9c:25:3c:d4:66:7d:79:58:7a:5d:01:23:
         e4:ee:e6:18:ba:a9:f5:e6:c7:6d:4e:a3:32:9a:c2:8a:37:ca:
         08:1d:50:2e:f3:80:d9:08:3e:17:0a:2f:c2:f4:ea:14:41:9b:
         79:97:35:9b:22:bd:fb:5a:5d:2d:79:17:52:d9:26:39:55:01:
         6a:a3:32:64:ca:1b:0f:0a:04:89:95:e2:9b:07:8d:b2:3f:ee:
         25:c6:3d:24:3e:75:6b:3c:ed:83:2a:af:24:1e:15:8f:34:33:
         a5:5d:58:f0:cd:3c:7e:0d:f0:68:19:27:39:72:9c:a8:31:af:
         41:ec:98:1c:2a:c1:cb:9d:21:3f:4f:9a:c8:92:8c:fb:de:4d:
         13:25:70:6a:ac:a1:a8:9c:2b:b6:24:27:7e:f4:ad:f9:e3:ee:
         32:64:95:62:1b:26:de:ae:6e:85:c5:55:74:2a:53:4e:88:6a:
         e0:ef:5e:ba
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUXt8/UO3VpYnCKTYUOzIwecELbAIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAzMjcxNDQzNTJaFw0yNTAzMjYxNDQ4NTJaMDMxMTAvBgNV
BAMTKDgzMkUyOUQ2NDQ5QjI2M0NBQUExQzFBMzdDMzlGNEY0MTM5RjE3MkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWj2XovXcEs5Deahziu8TEQvcJ
fFolKH/4XkAje5nL8NMhcdoxVtcRKQ+KjGQy46YcWohnLhxl9d/fUsUAzEWUdJ0A
HcUpebtcvM1p417Ukq8aPaeg+4CDFSieI4BNv9qdrhUmhEffBXJqig4xuATKHLdQ
mt0LkMMSMbWig7IzYGezAdAPD804Ry+0ZGeIIx9W4UIeU7wHD/dnXfffgDT1F9sV
gLmiA5cwY/0nbLR9S1OTofPIWFY340v63TCO+e1CJgqV4ASxpGjiKV9QSc9DmYf4
ikNDhLubzeeJnDTPVc9w5RElL0YDckJLfKQSzJYFiPKq2tz9+u+BvC8fiXLTAgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQUgy4p1kSbJjyqocGjfDn09BOfFy8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2MTUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAAjAqAwUDKgpO
gAMFAyoKjgADBQMqCpYAAwUCKgqnBAMFAyoKvgADBQMqCtIAMA0GCSqGSIb3DQEB
CwUAA4IBAQBpGhd4OjG9FntbhlRgQd+lmvRMu9eBmPQaVQRRzvSbQg2WaaPblR2l
rkushoJiPWtfOtlir8cPTulYnuv9XyU0s3zsDCJOb1MZTtzzRmGcJTzUZn15WHpd
ASPk7uYYuqn15sdtTqMymsKKN8oIHVAu84DZCD4XCi/C9OoUQZt5lzWbIr37Wl0t
eRdS2SY5VQFqozJkyhsPCgSJleKbB42yP+4lxj0kPnVrPO2DKq8kHhWPNDOlXVjw
zTx+DfBoGSc5cpyoMa9B7JgcKsHLnSE/T5rIkoz73k0TJXBqrKGonCu2JCd+9K35
4+4yZJViGyberm6FxVV0KlNOiGrg7166
-----END CERTIFICATE-----
Generated at Fri Nov 22 02:44:45 2024 by rpki-client on console-fra.rpki-client.org