Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa
File:                     AS208450.roa (raw, json)
Hash identifier:          KVFNFV1c1XvMdMirek0WtE2Yhm8blHLBQyiy8P5YfXY=
Subject key identifier:   20:3F:57:FD:DA:37:A8:B2:43:F7:B6:48:B7:C3:7B:31:85:84:C2:90
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       45A9AD558107883AE555CA17C6EA99A2527D103E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa
Signing time:             Thu 28 Aug 2025 07:14:15 +0000
ROA not before:           Thu 28 Aug 2025 07:09:15 +0000
ROA not after:            Thu 27 Aug 2026 07:14:15 +0000
asID:                     208450
IP address blocks:        191.101.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:a9:ad:55:81:07:88:3a:e5:55:ca:17:c6:ea:99:a2:52:7d:10:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 28 07:09:15 2025 GMT
            Not After : Aug 27 07:14:15 2026 GMT
        Subject: CN=203F57FDDA37A8B243F7B648B7C37B318584C290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:d0:bc:78:cd:43:cf:a4:25:7c:5a:dc:47:1b:
                    3a:3f:e9:87:a6:a4:6c:e2:28:45:a4:a2:4a:af:99:
                    99:0b:44:e1:6a:5b:c7:2d:e2:5a:8c:44:85:04:da:
                    c0:7a:21:cc:99:8d:91:9f:31:0e:62:0a:ec:58:1f:
                    bd:b1:36:31:fe:e4:c8:6a:db:2f:a7:fc:83:a6:7a:
                    a2:ee:7d:b9:74:3a:6f:27:89:3b:84:a0:b4:f3:e3:
                    4d:d4:9d:23:ff:2b:8e:06:a2:43:fc:2d:99:61:c8:
                    77:86:07:f4:1b:b3:f8:8e:a7:ec:ac:64:bc:6b:88:
                    a3:3b:4c:28:ca:22:6d:1a:14:ec:3e:a8:4e:ed:5d:
                    b3:a6:0b:56:ea:40:c2:69:c6:fa:4e:34:0d:13:68:
                    84:9a:55:89:bd:db:8f:0b:0f:fb:7b:80:de:15:1f:
                    7b:4e:69:ac:1f:c3:64:3a:b4:c3:68:87:89:3e:57:
                    fb:75:82:fa:a8:b0:5b:4e:e9:8c:ac:9e:e8:a3:86:
                    fb:b7:75:4e:66:71:2c:e8:a4:4c:fc:3b:7c:9e:22:
                    37:af:6a:67:a4:94:e4:5f:78:33:cc:a2:ef:9d:3f:
                    89:42:70:ee:3e:6f:f7:ce:b9:0a:93:a7:fc:f6:1d:
                    63:e3:ee:83:f5:af:f7:58:cc:37:f8:00:44:5f:07:
                    c9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:3F:57:FD:DA:37:A8:B2:43:F7:B6:48:B7:C3:7B:31:85:84:C2:90
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:bc:d9:4a:6c:76:9c:91:ca:5a:5a:e5:e8:c7:da:da:59:f8:
         b2:12:f3:56:0d:10:21:1a:25:86:0a:b2:a5:27:fb:d0:19:3a:
         dd:a3:50:1f:dc:5f:93:f4:5a:c0:d7:d2:a3:8b:65:6c:57:4f:
         4e:8d:7a:c2:3e:ca:43:6a:8a:64:39:07:1f:0b:4e:8a:a7:23:
         6d:c5:09:db:d6:66:68:df:fd:dd:21:e4:07:27:4c:1b:5e:91:
         76:f6:90:db:38:b4:9b:c6:45:12:bd:4c:9b:9c:3e:ea:d9:68:
         a1:24:f1:22:ca:49:55:1d:28:6a:07:b5:80:79:a7:32:22:7f:
         07:6e:78:73:15:c7:77:91:87:74:af:db:ca:b7:20:c0:a1:13:
         e0:80:db:89:8c:e9:56:54:85:47:70:4d:7f:f3:ea:d9:75:c8:
         5b:59:fd:2e:46:16:c0:66:70:0c:d9:df:4e:1c:3d:6c:cd:6c:
         63:f3:98:b6:16:7e:a1:07:eb:25:57:26:66:27:b3:d7:49:14:
         ee:92:24:e2:dc:1c:00:73:ac:a0:6b:ce:87:e7:5b:e0:a7:5f:
         40:35:a6:c6:6c:4c:5c:9d:1e:db:c8:b5:cf:4d:0b:07:0b:df:
         89:fe:02:19:db:fd:f6:1e:c1:46:ca:42:af:3a:75:bf:17:f1:
         3a:f6:26:43
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURamtVYEHiDrlVcoXxuqZolJ9ED4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MjgwNzA5MTVaFw0yNjA4MjcwNzE0MTVaMDMxMTAvBgNV
BAMTKDIwM0Y1N0ZEREEzN0E4QjI0M0Y3QjY0OEI3QzM3QjMxODU4NEMyOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC50Lx4zUPPpCV8WtxHGzo/6Yem
pGziKEWkokqvmZkLROFqW8ct4lqMRIUE2sB6IcyZjZGfMQ5iCuxYH72xNjH+5Mhq
2y+n/IOmeqLufbl0Om8niTuEoLTz403UnSP/K44GokP8LZlhyHeGB/Qbs/iOp+ys
ZLxriKM7TCjKIm0aFOw+qE7tXbOmC1bqQMJpxvpONA0TaISaVYm9248LD/t7gN4V
H3tOaawfw2Q6tMNoh4k+V/t1gvqosFtO6Yysnuijhvu3dU5mcSzopEz8O3yeIjev
ameklORfeDPMou+dP4lCcO4+b/fOuQqTp/z2HWPj7oP1r/dYzDf4AERfB8kZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUID9X/do3qLJD97ZIt8N7MYWEwpAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA4NDUwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Xa
MA0GCSqGSIb3DQEBCwUAA4IBAQB4vNlKbHackcpaWuXox9raWfiyEvNWDRAhGiWG
CrKlJ/vQGTrdo1Af3F+T9FrA19Kji2VsV09OjXrCPspDaopkOQcfC06KpyNtxQnb
1mZo3/3dIeQHJ0wbXpF29pDbOLSbxkUSvUybnD7q2WihJPEiyklVHShqB7WAeacy
In8HbnhzFcd3kYd0r9vKtyDAoRPggNuJjOlWVIVHcE1/8+rZdchbWf0uRhbAZnAM
2d9OHD1szWxj85i2Fn6hB+slVyZmJ7PXSRTukiTi3BwAc6yga86H51vgp19ANabG
bExcnR7byLXPTQsHC9+J/gIZ2/32HsFGykKvOnW/F/E69iZD
-----END CERTIFICATE-----