Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208905.roa
File:                     AS208905.roa (raw, json)
Hash identifier:          T5dt784odDD/LwGnkXPlvSCrIOP3wxBhNsgSUhvs+TA=
Subject key identifier:   8E:4C:96:60:54:06:FD:A4:4B:9B:F4:64:E2:3E:C4:9B:09:E7:CD:63
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       682A4566BFBA5DB4BE2710620E1611A3CDA5F2FE
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208905.roa
Signing time:             Fri 29 May 2026 10:47:18 +0000
ROA not before:           Fri 29 May 2026 10:42:18 +0000
ROA not after:            Fri 28 May 2027 10:47:18 +0000
asID:                     208905
IP address blocks:        181.214.197.0/24 maxlen: 24
                          181.215.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:2a:45:66:bf:ba:5d:b4:be:27:10:62:0e:16:11:a3:cd:a5:f2:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 29 10:42:18 2026 GMT
            Not After : May 28 10:47:18 2027 GMT
        Subject: CN=8E4C96605406FDA44B9BF464E23EC49B09E7CD63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:d2:8a:17:a9:92:76:5e:ce:f8:15:2b:21:e6:
                    94:37:f1:97:af:b7:b9:e6:5f:16:0a:cf:6c:69:99:
                    c3:6e:6e:4b:6d:1c:06:54:e6:8e:89:5e:46:ab:fd:
                    42:ef:c4:76:99:8b:93:ba:08:39:b7:60:c1:8b:ca:
                    13:a3:fb:02:e1:94:43:6a:04:48:b4:4a:56:5c:82:
                    66:48:fe:64:1f:88:44:4e:b7:b3:0d:fb:cb:d3:b2:
                    84:84:1e:76:31:62:f2:76:33:88:95:27:62:4f:af:
                    14:5f:81:64:57:ef:b5:09:78:0f:ab:83:02:9a:8c:
                    ff:8a:24:33:3e:ca:0a:68:f8:08:1e:ba:27:77:83:
                    4c:e9:bb:d7:69:a2:00:8f:7c:13:cf:20:d0:90:cd:
                    d9:94:2d:88:8d:56:16:dc:3d:ac:f0:96:87:84:52:
                    a9:4d:c1:02:21:27:44:2f:a0:bb:f3:c9:0d:cd:d6:
                    72:5e:63:d0:82:ff:13:41:41:c1:58:4d:12:45:a2:
                    47:12:ee:e6:ec:fd:37:85:5b:dc:f4:d9:d4:02:81:
                    57:d7:fb:68:64:82:de:88:6c:9d:2b:3b:25:cd:83:
                    69:bb:5c:31:c4:00:56:05:cd:f0:92:b2:70:2c:f2:
                    df:8c:3d:3f:12:1f:09:75:da:ed:37:83:28:22:36:
                    a0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:4C:96:60:54:06:FD:A4:4B:9B:F4:64:E2:3E:C4:9B:09:E7:CD:63
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208905.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.197.0/24
                  181.215.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:3b:c3:bb:36:d9:6f:1e:cb:c8:d6:37:10:c3:13:9b:53:ca:
         5a:ce:7c:86:bd:cf:8b:e4:3d:62:e9:84:52:7b:e9:98:6c:89:
         dc:20:b7:4e:6d:56:dd:e8:65:37:7f:3c:47:65:b6:79:00:04:
         86:71:5d:4e:fa:78:58:42:2a:a7:a4:f8:cd:92:cf:72:1c:44:
         32:61:fd:00:20:8b:c2:45:1e:2b:8e:70:73:7e:83:5e:b9:06:
         bb:9d:6a:ce:60:3b:b5:e3:41:6f:d4:86:bf:db:9c:41:53:51:
         3e:02:7c:e0:2b:f5:94:33:59:19:5d:2c:0f:20:cc:74:ac:40:
         ec:34:60:3c:b4:b8:a1:16:c0:e6:2a:7e:46:19:8c:5d:b3:5c:
         ad:8a:c0:1b:a8:9b:1d:35:66:d1:de:a0:5b:af:52:78:b1:37:
         22:df:b8:c4:fd:d7:ed:05:60:31:1e:b4:83:af:71:ff:bc:de:
         78:e8:92:12:fe:68:af:0d:8a:e2:a7:29:43:25:53:4a:53:4a:
         29:b2:d2:fb:54:16:58:7a:a7:6c:77:63:76:c3:e2:95:8b:fa:
         d8:07:15:8c:88:d2:a8:3e:20:5a:8e:ed:38:81:ce:8c:17:b8:
         ae:fe:e2:c3:39:45:68:2f:a5:4c:ae:21:98:6f:b4:24:d1:df:
         b8:7d:b2:d8
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUaCpFZr+6XbS+JxBiDhYRo82l8v4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjkxMDQyMThaFw0yNzA1MjgxMDQ3MThaMDMxMTAvBgNV
BAMTKDhFNEM5NjYwNTQwNkZEQTQ0QjlCRjQ2NEUyM0VDNDlCMDlFN0NENjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCq0ooXqZJ2Xs74FSsh5pQ38Zev
t7nmXxYKz2xpmcNubkttHAZU5o6JXkar/ULvxHaZi5O6CDm3YMGLyhOj+wLhlENq
BEi0SlZcgmZI/mQfiEROt7MN+8vTsoSEHnYxYvJ2M4iVJ2JPrxRfgWRX77UJeA+r
gwKajP+KJDM+ygpo+Ageuid3g0zpu9dpogCPfBPPINCQzdmULYiNVhbcPazwloeE
UqlNwQIhJ0QvoLvzyQ3N1nJeY9CC/xNBQcFYTRJFokcS7ubs/TeFW9z02dQCgVfX
+2hkgt6IbJ0rOyXNg2m7XDHEAFYFzfCSsnAs8t+MPT8SHwl12u03gygiNqDLAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUjkyWYFQG/aRLm/Rk4j7EmwnnzWMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA4OTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdbF
AwQAtdeNMA0GCSqGSIb3DQEBCwUAA4IBAQB+O8O7NtlvHsvI1jcQwxObU8paznyG
vc+L5D1i6YRSe+mYbIncILdObVbd6GU3fzxHZbZ5AASGcV1O+nhYQiqnpPjNks9y
HEQyYf0AIIvCRR4rjnBzfoNeuQa7nWrOYDu140Fv1Ia/25xBU1E+AnzgK/WUM1kZ
XSwPIMx0rEDsNGA8tLihFsDmKn5GGYxds1ytisAbqJsdNWbR3qBbr1J4sTci37jE
/dftBWAxHrSDr3H/vN546JIS/mivDYripylDJVNKU0opstL7VBZYeqdsd2N2w+KV
i/rYBxWMiNKoPiBaju04gc6MF7iu/uLDOUVoL6VMriGYb7Qk0d+4fbLY
-----END CERTIFICATE-----