Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205383.roa
File:                     AS205383.roa (raw, json)
Hash identifier:          udRgKnFrcyfqoJehRVkmjlIPtvDbMU+6gWirLGNarm4=
Subject key identifier:   B1:AD:B4:7F:A6:FD:AA:A0:17:7E:D9:0D:64:75:48:9A:6C:A4:12:02
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       129F0966B38BF8E97DA25E08DFF81DA8BCE81B25
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205383.roa
Signing time:             Fri 29 Aug 2025 01:52:47 +0000
ROA not before:           Fri 29 Aug 2025 01:47:47 +0000
ROA not after:            Fri 28 Aug 2026 01:52:47 +0000
asID:                     205383
IP address blocks:        2a0f:85c1:cf3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 20:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:9f:09:66:b3:8b:f8:e9:7d:a2:5e:08:df:f8:1d:a8:bc:e8:1b:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 29 01:47:47 2025 GMT
            Not After : Aug 28 01:52:47 2026 GMT
        Subject: CN=B1ADB47FA6FDAAA0177ED90D6475489A6CA41202
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2e:43:e7:91:29:72:e9:ee:62:7f:74:30:18:
                    e8:88:cb:28:20:96:b3:40:ae:7d:2c:d8:3e:2b:d6:
                    87:5b:0a:8e:7b:70:82:17:f5:51:97:d2:a9:78:e9:
                    6b:96:ae:f7:91:db:96:7c:c1:57:cb:10:d7:7f:87:
                    99:05:44:ed:10:bc:19:d5:53:ca:a4:cb:f8:7c:f9:
                    67:de:5f:cf:50:13:f6:0c:ef:07:7a:9c:a2:b9:c7:
                    f6:18:bc:9f:7d:4d:0f:c7:30:d5:57:2c:3a:46:27:
                    1d:2d:a9:3e:90:3b:3b:d7:7f:e3:b3:0f:08:21:cb:
                    4a:93:6a:be:27:52:4e:bd:ac:d9:15:cd:73:57:05:
                    b0:86:f0:3a:45:f8:51:31:ac:88:ea:2b:2c:31:e9:
                    9e:84:58:ea:9c:4f:34:cd:8e:c3:42:d6:0b:99:f5:
                    c1:7d:a0:e0:e3:5a:41:4c:65:94:af:a2:f4:f4:58:
                    d6:8e:f3:95:ac:77:23:2b:af:26:12:bd:5f:1e:79:
                    16:1b:9b:e9:e7:3d:d8:f3:14:dd:dc:bc:c6:d9:e1:
                    28:f6:2a:7b:1b:1b:3d:89:82:6a:e1:e3:6a:29:bf:
                    06:fb:b1:5b:07:a8:a2:ff:59:72:9e:6e:8e:27:fd:
                    7b:c6:27:0f:dc:4c:05:0b:76:ae:0c:49:aa:22:1f:
                    38:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AD:B4:7F:A6:FD:AA:A0:17:7E:D9:0D:64:75:48:9A:6C:A4:12:02
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205383.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:cf3::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:5e:d9:4d:da:c3:a2:c6:90:a8:ee:e6:e9:15:98:c4:82:b7:
         1a:a5:9d:15:6d:d0:8c:06:47:55:6c:6e:12:9c:68:af:f4:75:
         dc:d9:3f:99:ea:39:d0:e9:28:7a:09:f8:43:f5:36:68:c5:6a:
         6e:2c:d5:cf:32:32:f3:bb:35:2b:dd:70:e4:60:89:be:21:98:
         94:fa:ea:b1:1c:28:c1:56:cb:c6:99:a3:44:68:1e:0e:0b:de:
         80:95:f3:24:d9:7f:48:79:92:0d:41:2c:28:46:79:04:30:0c:
         6e:08:ce:23:96:4c:f5:85:a9:09:88:a8:1d:56:bf:e6:59:76:
         73:c4:ac:29:7a:f7:2a:6c:9f:ff:8f:ba:e5:14:8b:e1:64:68:
         b3:d6:0e:98:0e:e8:0e:aa:5a:f3:f8:5d:b8:58:bd:f3:37:8e:
         c6:9f:2b:53:4c:90:2b:ed:b4:15:ad:68:00:b5:a6:68:39:a2:
         19:f1:66:71:fb:55:c6:77:a4:d8:d7:8d:54:62:cb:52:3a:ef:
         03:99:59:99:91:d0:fd:a3:21:88:1d:06:d1:52:37:e1:c4:6c:
         3a:d5:f3:45:5b:89:7e:64:76:b9:80:55:aa:e9:99:47:89:db:
         51:ee:aa:5a:bb:0b:b2:e9:7f:69:cf:7d:a6:98:39:99:9f:b7:
         a5:e5:47:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUEp8JZrOL+Ol9ol4I3/gdqLzoGyUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MjkwMTQ3NDdaFw0yNjA4MjgwMTUyNDdaMDMxMTAvBgNV
BAMTKEIxQURCNDdGQTZGREFBQTAxNzdFRDkwRDY0NzU0ODlBNkNBNDEyMDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDfLkPnkSly6e5if3QwGOiIyygg
lrNArn0s2D4r1odbCo57cIIX9VGX0ql46WuWrveR25Z8wVfLENd/h5kFRO0QvBnV
U8qky/h8+WfeX89QE/YM7wd6nKK5x/YYvJ99TQ/HMNVXLDpGJx0tqT6QOzvXf+Oz
Dwghy0qTar4nUk69rNkVzXNXBbCG8DpF+FExrIjqKywx6Z6EWOqcTzTNjsNC1guZ
9cF9oODjWkFMZZSvovT0WNaO85WsdyMrryYSvV8eeRYbm+nnPdjzFN3cvMbZ4Sj2
KnsbGz2Jgmrh42opvwb7sVsHqKL/WXKebo4n/XvGJw/cTAULdq4MSaoiHzjXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUsa20f6b9qqAXftkNZHVImmykEgIwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1MzgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQzzMA0GCSqGSIb3DQEBCwUAA4IBAQAnXtlN2sOixpCo7ubpFZjEgrcapZ0VbdCM
BkdVbG4SnGiv9HXc2T+Z6jnQ6Sh6CfhD9TZoxWpuLNXPMjLzuzUr3XDkYIm+IZiU
+uqxHCjBVsvGmaNEaB4OC96AlfMk2X9IeZINQSwoRnkEMAxuCM4jlkz1hakJiKgd
Vr/mWXZzxKwpevcqbJ//j7rlFIvhZGiz1g6YDugOqlrz+F24WL3zN47GnytTTJAr
7bQVrWgAtaZoOaIZ8WZx+1XGd6TY141UYstSOu8DmVmZkdD9oyGIHQbRUjfhxGw6
1fNFW4l+ZHa5gFWq6ZlHidtR7qpauwuy6X9pz32mmDmZn7el5Ufd
-----END CERTIFICATE-----