Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205298.roa
File:                     AS205298.roa (raw, json)
Hash identifier:          x4zXDOffumsz3AH9ZFk9KG53bxnbof5JbGsI0oYPkW8=
Subject key identifier:   0E:B4:1D:A5:DF:CB:24:BB:55:C7:8E:93:79:29:29:EE:87:93:73:FA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1469A1F088F1F081C3AAE8099A96EA424E5F1A9A
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205298.roa
Signing time:             Fri 29 Aug 2025 01:51:34 +0000
ROA not before:           Fri 29 Aug 2025 01:46:34 +0000
ROA not after:            Fri 28 Aug 2026 01:51:34 +0000
asID:                     205298
IP address blocks:        2a0f:85c1:cd0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            14:69:a1:f0:88:f1:f0:81:c3:aa:e8:09:9a:96:ea:42:4e:5f:1a:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:46:34 2025 GMT
            Not After : Aug 28 01:51:34 2026 GMT
        Subject: CN=0EB41DA5DFCB24BB55C78E93792929EE879373FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5e:e0:36:15:3f:33:0d:85:b4:c1:b2:59:ef:
                    83:f5:7f:7a:43:8c:d6:11:9f:43:b0:ae:c0:03:ab:
                    0b:33:8a:5f:8d:d5:a3:fb:72:46:40:9b:b6:fa:3d:
                    27:7c:2f:8c:79:b4:2e:ae:55:3b:e8:65:b6:ba:be:
                    35:3d:1a:24:20:a9:b0:62:81:fc:4f:12:91:1d:cd:
                    c4:80:d7:dd:3c:f6:e3:49:42:f9:f4:ee:e6:b4:43:
                    87:d5:46:0b:d3:11:5a:30:0d:d1:dd:d7:e5:3e:44:
                    95:42:c6:d4:dd:02:ea:6a:36:d9:e1:d9:4b:8f:fb:
                    e9:21:03:24:c8:b1:f9:e8:57:ae:63:21:ce:bd:69:
                    6a:e9:b7:50:ba:35:64:28:c6:30:5d:b9:74:41:6e:
                    f0:b0:b9:d2:ea:71:8f:db:3d:76:dd:39:f5:08:ef:
                    53:c4:77:7f:9f:31:5c:d8:ad:3d:e6:e2:4f:36:4f:
                    bf:21:27:37:38:66:ec:0d:fa:eb:63:b6:ad:e8:8e:
                    5d:2d:1c:a9:68:23:0e:a9:3d:2e:d2:9a:67:a9:ca:
                    8a:b4:09:98:a4:43:56:2b:b3:73:05:f7:d0:6e:d9:
                    8b:32:2a:22:5a:28:9b:4a:46:a4:4a:69:6b:39:12:
                    1d:30:25:75:b4:eb:75:27:f7:6a:2a:b7:9f:ce:22:
                    79:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:B4:1D:A5:DF:CB:24:BB:55:C7:8E:93:79:29:29:EE:87:93:73:FA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205298.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:13:b2:28:1c:f2:40:b7:46:ea:18:f6:b4:f9:73:12:3a:1d:
         b0:39:2f:cc:17:77:71:5c:36:d8:a0:c8:ca:15:52:43:6d:80:
         64:70:a9:99:de:34:84:ed:bd:aa:d8:65:aa:68:1c:af:56:07:
         ff:00:8d:95:d4:92:8f:3d:a9:36:af:80:65:f5:0d:aa:9f:b5:
         ab:77:c7:74:cd:83:e8:d7:c5:34:d0:54:ff:3e:e3:8c:ad:35:
         73:76:2c:63:9e:2c:7f:8b:91:4b:da:5b:b2:c9:66:75:81:04:
         83:bb:51:1d:51:8c:49:61:75:b0:85:eb:1b:ae:11:61:9c:81:
         b0:2a:8d:9b:44:63:e4:c0:70:09:24:82:27:82:81:ba:1d:34:
         1c:05:76:52:eb:b6:d2:f5:76:42:9b:22:59:9a:f5:4c:9c:be:
         fd:90:47:4a:f5:fa:a6:9e:3b:62:b0:59:eb:57:d1:ca:71:df:
         7b:a0:e8:0c:d3:1d:bc:65:9c:17:24:be:c9:7a:d5:6a:b2:59:
         d6:31:2a:2e:27:c8:de:a0:39:c1:f5:66:ba:a2:82:76:eb:47:
         1a:2e:38:e5:ef:4e:0f:c0:fb:eb:61:b5:7c:11:13:32:ba:52:
         51:16:6e:60:71:c9:b8:80:61:36:86:1d:05:b1:a6:15:03:c8:
         18:13:98:fa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUFGmh8Ijx8IHDqugJmpbqQk5fGpowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTQ2MzRaFw0yNjA4MjgwMTUxMzRaMDMxMTAvBgNV
BAMTKDBFQjQxREE1REZDQjI0QkI1NUM3OEU5Mzc5MjkyOUVFODc5MzczRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkXuA2FT8zDYW0wbJZ74P1f3pD
jNYRn0OwrsADqwszil+N1aP7ckZAm7b6PSd8L4x5tC6uVTvoZba6vjU9GiQgqbBi
gfxPEpEdzcSA19089uNJQvn07ua0Q4fVRgvTEVowDdHd1+U+RJVCxtTdAupqNtnh
2UuP++khAyTIsfnoV65jIc69aWrpt1C6NWQoxjBduXRBbvCwudLqcY/bPXbdOfUI
71PEd3+fMVzYrT3m4k82T78hJzc4ZuwN+utjtq3ojl0tHKloIw6pPS7Smmepyoq0
CZikQ1Yrs3MF99Bu2YsyKiJaKJtKRqRKaWs5Eh0wJXW063Un92oqt5/OInmrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUDrQdpd/LJLtVx46TeSkp7oeTc/owHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1Mjk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzQMA0GCSqGSIb3DQEBCwUAA4IBAQA5E7IoHPJAt0bqGPa0+XMSOh2wOS/MF3dx
XDbYoMjKFVJDbYBkcKmZ3jSE7b2q2GWqaByvVgf/AI2V1JKPPak2r4Bl9Q2qn7Wr
d8d0zYPo18U00FT/PuOMrTVzdixjnix/i5FL2luyyWZ1gQSDu1EdUYxJYXWwhesb
rhFhnIGwKo2bRGPkwHAJJIIngoG6HTQcBXZS67bS9XZCmyJZmvVMnL79kEdK9fqm
njtisFnrV9HKcd97oOgM0x28ZZwXJL7JetVqslnWMSouJ8jeoDnB9Wa6ooJ260ca
Ljjl704PwPvrYbV8ERMyulJRFm5gccm4gGE2hh0FsaYVA8gYE5j6
-----END CERTIFICATE-----