Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205123.roa
File:                     AS205123.roa (raw, json)
Hash identifier:          q7Djk5yFQVNRljBC4fFjwIrk1OihS86OupIDPtLRlro=
Subject key identifier:   2D:69:18:13:7F:32:59:09:30:75:49:56:35:B3:2B:8A:90:C7:3E:77
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       677BEBADDC3AA667D85BB25725189AF3BA37944B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205123.roa
Signing time:             Fri 29 Aug 2025 01:53:01 +0000
ROA not before:           Fri 29 Aug 2025 01:48:01 +0000
ROA not after:            Fri 28 Aug 2026 01:53:01 +0000
asID:                     205123
IP address blocks:        2a0f:85c1:d32::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:7b:eb:ad:dc:3a:a6:67:d8:5b:b2:57:25:18:9a:f3:ba:37:94:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:48:01 2025 GMT
            Not After : Aug 28 01:53:01 2026 GMT
        Subject: CN=2D6918137F3259093075495635B32B8A90C73E77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:67:bb:64:4e:c9:16:03:7d:d0:6d:39:fd:67:
                    b2:0f:d5:28:4e:94:6e:a4:c9:96:3f:b9:43:e8:e4:
                    81:bb:7c:cd:d5:ff:f8:6b:71:c8:4f:82:bc:2d:d9:
                    9e:85:47:1e:17:06:fa:cf:26:ce:f4:a7:05:6b:f6:
                    39:3f:40:11:ab:6a:03:ac:9b:f1:e0:df:8d:1b:84:
                    78:08:f4:c3:1f:35:79:8c:07:0a:e8:df:21:f7:95:
                    bc:a0:96:bd:ac:5c:d1:aa:71:2f:e2:96:71:fc:3d:
                    3c:a6:a5:a1:dc:af:c8:9b:2d:7d:d2:de:81:87:bc:
                    c3:d3:de:3f:d5:bf:fa:8d:3e:de:7a:d2:d9:d3:1f:
                    ad:bc:b8:2c:4b:dd:99:90:27:55:7f:09:be:8d:0c:
                    ce:83:cd:0d:bb:7c:fa:3b:14:fb:f0:80:0e:e0:27:
                    f3:07:4a:f7:4d:b4:90:a6:bf:86:e9:e6:b1:8b:3a:
                    84:61:c3:1c:31:e0:db:0d:90:17:2d:9e:ef:d2:0f:
                    62:74:14:9e:21:0f:7a:d0:a5:7b:19:34:5e:26:de:
                    93:50:9f:ec:d5:4f:66:9b:ab:50:75:66:e4:dc:3d:
                    f7:13:95:7f:ef:f4:17:80:db:98:93:ee:6e:d0:90:
                    f0:db:3e:4c:33:75:c4:d7:51:9f:4f:99:29:c0:43:
                    5d:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:69:18:13:7F:32:59:09:30:75:49:56:35:B3:2B:8A:90:C7:3E:77
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205123.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d32::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:28:c5:7d:99:9a:d7:76:d6:16:0c:bd:98:e3:9b:99:05:10:
         e7:69:3b:26:c6:20:c3:ba:45:bd:e0:bd:fa:ae:85:35:cf:44:
         66:22:ba:45:d4:82:ec:71:df:c9:7e:a2:ce:1e:68:2a:d9:74:
         68:08:69:aa:1f:5a:3c:30:26:8c:60:d5:58:f0:7a:36:cd:8a:
         a6:f9:42:f1:3a:8f:c0:29:c0:80:e8:e0:67:f8:29:ec:68:87:
         22:44:53:f9:33:0e:68:f6:dd:6b:05:6b:a4:d8:0c:6c:8e:ef:
         f5:a9:f6:2d:be:bc:53:e5:77:50:e1:30:8b:2a:67:48:6d:bc:
         f9:b5:c9:b7:0f:d9:33:ab:d3:3c:31:1a:f0:ae:be:73:82:3e:
         19:2d:8e:22:17:00:2e:58:c4:20:fb:31:29:ff:71:34:91:63:
         d0:61:40:ec:ea:eb:a4:34:55:62:46:39:32:d8:ff:09:38:20:
         53:ca:c3:8f:90:9e:00:5a:4d:39:db:8c:c3:8b:13:8c:82:94:
         62:6a:53:ca:ff:8d:35:82:15:ac:7f:c4:8f:f1:fa:b0:8c:e0:
         08:30:eb:15:42:d5:cd:02:2e:f5:a2:1b:7b:ce:c4:2f:e8:bf:
         e1:ab:04:3a:36:ad:b5:b8:06:a0:7b:b7:7c:36:03:ff:2c:17:
         2d:e0:32:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUZ3vrrdw6pmfYW7JXJRia87o3lEswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTQ4MDFaFw0yNjA4MjgwMTUzMDFaMDMxMTAvBgNV
BAMTKDJENjkxODEzN0YzMjU5MDkzMDc1NDk1NjM1QjMyQjhBOTBDNzNFNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvZ7tkTskWA33QbTn9Z7IP1ShO
lG6kyZY/uUPo5IG7fM3V//hrcchPgrwt2Z6FRx4XBvrPJs70pwVr9jk/QBGragOs
m/Hg340bhHgI9MMfNXmMBwro3yH3lbyglr2sXNGqcS/ilnH8PTympaHcr8ibLX3S
3oGHvMPT3j/Vv/qNPt560tnTH628uCxL3ZmQJ1V/Cb6NDM6DzQ27fPo7FPvwgA7g
J/MHSvdNtJCmv4bp5rGLOoRhwxwx4NsNkBctnu/SD2J0FJ4hD3rQpXsZNF4m3pNQ
n+zVT2abq1B1ZuTcPfcTlX/v9BeA25iT7m7QkPDbPkwzdcTXUZ9PmSnAQ13pAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULWkYE38yWQkwdUlWNbMripDHPncwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1MTIzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ0yMA0GCSqGSIb3DQEBCwUAA4IBAQCwKMV9mZrXdtYWDL2Y45uZBRDnaTsmxiDD
ukW94L36roU1z0RmIrpF1ILscd/JfqLOHmgq2XRoCGmqH1o8MCaMYNVY8Ho2zYqm
+ULxOo/AKcCA6OBn+CnsaIciRFP5Mw5o9t1rBWuk2Axsju/1qfYtvrxT5XdQ4TCL
KmdIbbz5tcm3D9kzq9M8MRrwrr5zgj4ZLY4iFwAuWMQg+zEp/3E0kWPQYUDs6uuk
NFViRjky2P8JOCBTysOPkJ4AWk0524zDixOMgpRialPK/401ghWsf8SP8fqwjOAI
MOsVQtXNAi71oht7zsQv6L/hqwQ6Nq21uAage7d8NgP/LBct4DJv
-----END CERTIFICATE-----