Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205224.roa
File:                     AS205224.roa (raw, json)
Hash identifier:          sfPDCz0XBFCSeO+VBzBwWFq1PBULKxEBqxm4aKW+XYg=
Subject key identifier:   EB:70:29:CA:BC:C2:67:F8:41:5B:19:F4:DB:0B:90:D2:0B:64:0A:12
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       719E19B5170F07BBD09166E11DDBBBB2A7375302
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205224.roa
Signing time:             Fri 29 Aug 2025 01:53:16 +0000
ROA not before:           Fri 29 Aug 2025 01:48:16 +0000
ROA not after:            Fri 28 Aug 2026 01:53:16 +0000
asID:                     205224
IP address blocks:        2a0f:85c1:cfc::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:9e:19:b5:17:0f:07:bb:d0:91:66:e1:1d:db:bb:b2:a7:37:53:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:48:16 2025 GMT
            Not After : Aug 28 01:53:16 2026 GMT
        Subject: CN=EB7029CABCC267F8415B19F4DB0B90D20B640A12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:27:8a:c0:8a:4a:c8:de:55:3e:9b:56:5c:7f:
                    cf:7d:e6:a4:e7:07:f9:5d:14:84:e6:c8:10:94:0c:
                    ea:b5:92:25:ed:be:ff:2d:e6:96:60:ab:b4:ad:34:
                    79:15:b2:4f:23:b5:18:f2:19:40:3e:9e:7b:45:47:
                    a9:e3:00:33:20:9c:23:e1:cd:d7:dc:66:65:f9:5d:
                    46:a0:00:27:ed:7f:79:fc:20:ac:5a:8e:2f:01:75:
                    6a:78:eb:b2:e8:43:10:b8:16:fb:28:e5:cc:b7:6d:
                    cc:58:44:b7:64:5b:f0:24:58:23:24:69:04:49:f3:
                    da:c5:ef:59:64:93:6f:d5:48:51:0f:3b:6a:33:58:
                    6d:4a:8c:a4:06:72:ab:f0:1c:58:da:ca:7c:b8:e6:
                    25:25:e0:9a:95:bd:55:5e:7d:3b:2c:f3:e8:1e:36:
                    f4:92:00:ed:c8:af:8b:69:5b:14:5d:d0:a5:9f:19:
                    f5:0a:ea:b1:e7:e6:6a:dc:8a:30:8d:af:c7:6d:13:
                    03:70:91:5e:2b:b0:51:a8:f6:9b:a2:8b:c1:f2:fe:
                    f3:0e:a0:1b:6f:99:80:74:6e:32:ab:4f:cd:0c:e1:
                    64:81:62:6e:d6:08:62:36:30:40:a4:b8:75:d4:e3:
                    f6:73:4a:1f:b6:f7:c6:af:8f:c4:c6:8a:a6:9e:ed:
                    0d:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:70:29:CA:BC:C2:67:F8:41:5B:19:F4:DB:0B:90:D2:0B:64:0A:12
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205224.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cfc::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:1e:dc:fc:12:69:36:65:15:56:f2:9f:e6:ec:f3:7e:e1:d1:
         d0:93:ea:7d:c3:71:6f:17:32:2b:ec:86:a0:5e:38:e1:d0:4f:
         eb:c3:e3:d0:21:29:cf:bc:03:2f:c7:27:f5:61:7e:98:05:0b:
         d5:85:9a:df:ab:95:13:50:47:e3:40:59:1d:82:8d:ab:2d:13:
         7b:ec:4f:63:40:55:02:58:5e:89:bc:06:f9:3c:8f:24:ec:b2:
         c9:fe:b0:7d:87:dd:7a:93:c8:ea:e1:60:cb:cf:fa:fc:bc:ad:
         50:0c:0b:87:26:1a:a4:ab:bd:a7:71:8f:b9:10:68:2f:53:75:
         ff:61:1c:c3:37:31:de:32:4a:96:3b:93:6d:9f:29:50:51:29:
         71:c9:71:5e:92:cc:40:30:7c:11:42:5c:85:cf:51:2f:0d:85:
         36:cd:3b:cf:b2:54:ff:33:0b:96:e6:1a:5a:52:28:e0:4e:cc:
         d4:3f:6b:fc:8b:76:03:50:fa:2f:70:06:2f:b8:93:ce:70:10:
         9d:1c:0f:eb:08:fa:75:b7:49:83:2c:f9:13:dd:94:5c:b0:c6:
         d0:96:06:52:f1:28:50:e0:7b:ba:b6:d8:c5:1c:bb:c4:55:99:
         a2:3d:4e:98:ef:ae:89:cc:f3:bb:95:ae:73:1f:41:39:82:5a:
         dd:7c:b9:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUcZ4ZtRcPB7vQkWbhHdu7sqc3UwIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTQ4MTZaFw0yNjA4MjgwMTUzMTZaMDMxMTAvBgNV
BAMTKEVCNzAyOUNBQkNDMjY3Rjg0MTVCMTlGNERCMEI5MEQyMEI2NDBBMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkJ4rAikrI3lU+m1Zcf8995qTn
B/ldFITmyBCUDOq1kiXtvv8t5pZgq7StNHkVsk8jtRjyGUA+nntFR6njADMgnCPh
zdfcZmX5XUagACftf3n8IKxaji8BdWp467LoQxC4Fvso5cy3bcxYRLdkW/AkWCMk
aQRJ89rF71lkk2/VSFEPO2ozWG1KjKQGcqvwHFjayny45iUl4JqVvVVefTss8+ge
NvSSAO3Ir4tpWxRd0KWfGfUK6rHn5mrcijCNr8dtEwNwkV4rsFGo9puii8Hy/vMO
oBtvmYB0bjKrT80M4WSBYm7WCGI2MECkuHXU4/ZzSh+298avj8TGiqae7Q1VAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU63ApyrzCZ/hBWxn02wuQ0gtkChIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1MjI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQz8MA0GCSqGSIb3DQEBCwUAA4IBAQBVHtz8Emk2ZRVW8p/m7PN+4dHQk+p9w3Fv
FzIr7IagXjjh0E/rw+PQISnPvAMvxyf1YX6YBQvVhZrfq5UTUEfjQFkdgo2rLRN7
7E9jQFUCWF6JvAb5PI8k7LLJ/rB9h916k8jq4WDLz/r8vK1QDAuHJhqkq72ncY+5
EGgvU3X/YRzDNzHeMkqWO5NtnylQUSlxyXFeksxAMHwRQlyFz1EvDYU2zTvPslT/
MwuW5hpaUijgTszUP2v8i3YDUPovcAYvuJPOcBCdHA/rCPp1t0mDLPkT3ZRcsMbQ
lgZS8ShQ4Hu6ttjFHLvEVZmiPU6Y766JzPO7la5zH0E5glrdfLnb
-----END CERTIFICATE-----