Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205398.roa
File:                     AS205398.roa (raw, json)
Hash identifier:          79UFKCl1/5VDaB2cvEkWWfgq2IPBk0L6VCWR7nlL0Do=
Subject key identifier:   13:53:71:98:05:20:C2:90:61:64:50:BC:A7:B6:B2:4F:6B:24:87:26
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4F6D9891F7D64D699DA8D6673E2AD5ADE7BC0492
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205398.roa
Signing time:             Fri 26 Jun 2026 08:08:40 +0000
ROA not before:           Fri 26 Jun 2026 08:03:40 +0000
ROA not after:            Fri 25 Jun 2027 08:08:40 +0000
asID:                     205398
IP address blocks:        2a0f:85c1:260::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 Jul 2026 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:6d:98:91:f7:d6:4d:69:9d:a8:d6:67:3e:2a:d5:ad:e7:bc:04:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:40 2026 GMT
            Not After : Jun 25 08:08:40 2027 GMT
        Subject: CN=135371980520C290616450BCA7B6B24F6B248726
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4e:5e:a1:05:65:68:f5:06:a9:28:6c:ea:63:
                    86:4e:8d:49:e6:ef:f2:2a:c3:df:5a:5f:37:e5:6b:
                    5c:28:26:80:ad:ff:7f:ea:50:83:6e:ee:d0:e0:64:
                    3c:b1:cf:85:59:79:67:ea:ed:87:90:5c:34:e9:cd:
                    0b:73:12:d7:89:68:e8:35:94:e5:fe:b0:da:ee:50:
                    2f:f8:2b:0a:36:b0:9e:3a:20:fe:91:1c:82:8b:0b:
                    83:60:29:01:ea:8a:2e:9d:27:37:fd:44:78:2d:c9:
                    47:a0:91:f8:b5:28:2d:70:25:ee:61:ec:d4:52:75:
                    21:00:f7:d3:63:ff:9a:27:75:33:b2:2d:40:51:d3:
                    2f:fa:3f:90:9c:9f:45:3c:41:da:1b:e1:a4:bb:e0:
                    49:5e:d0:ec:cb:7f:38:0b:33:c4:f7:00:4d:90:a8:
                    40:03:a7:ab:b3:c5:78:f0:0d:5c:f4:bf:7b:35:5c:
                    ea:62:25:6f:4f:1b:f3:a2:0b:10:b0:84:62:13:12:
                    d4:52:40:4e:fb:79:e2:73:5b:e9:03:f6:9d:e3:5a:
                    c3:c9:b2:a9:f1:d9:bc:27:69:86:64:e8:0f:61:23:
                    a9:43:83:ba:57:5f:de:5b:a7:56:17:46:6c:81:5e:
                    d6:f8:d3:7d:3c:ba:57:64:32:b8:5c:d8:d5:1e:c4:
                    35:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:53:71:98:05:20:C2:90:61:64:50:BC:A7:B6:B2:4F:6B:24:87:26
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS205398.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:260::/44

    Signature Algorithm: sha256WithRSAEncryption
         63:03:f2:63:60:8e:37:f9:ab:b2:10:ce:bb:81:19:7b:b1:61:
         4b:7b:36:c0:02:f4:4f:03:99:26:f3:05:60:10:7c:61:08:be:
         e8:8a:ea:65:b6:ee:2f:d9:e2:41:7f:93:c2:bc:7f:e3:e1:1e:
         9b:29:ba:1b:79:cf:48:dd:11:37:7c:cf:46:2e:e9:40:bf:4c:
         45:0a:49:db:be:c1:31:d2:ce:5c:7c:9e:e8:f5:d9:0c:5d:c2:
         cb:3d:48:ab:12:4f:53:f7:53:25:90:b9:b9:a4:4b:5d:f9:7a:
         4b:ff:c9:fd:9e:d7:16:77:ad:ee:6b:46:db:3c:e7:92:f7:51:
         a5:60:12:5c:56:c9:63:c5:b2:11:9a:bc:f3:6c:51:8d:88:0f:
         7b:82:a1:5c:9f:e1:a4:7e:01:f4:8d:47:f8:60:6c:62:94:fb:
         58:e8:84:94:88:54:1a:bf:6f:59:4e:99:7a:f1:74:5f:10:ac:
         08:af:d3:be:78:a5:26:3f:06:96:18:d3:03:55:e4:00:b3:94:
         af:e5:5b:5e:6a:2d:73:33:97:33:11:6d:e5:54:09:f0:32:94:
         74:2d:20:d3:92:b1:74:fb:fb:91:15:d7:78:2c:25:f6:1d:ec:
         0a:25:4e:c6:6a:be:10:f1:61:e0:22:2d:06:92:f9:68:0f:36:
         10:33:ae:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUT22YkffWTWmdqNZnPirVree8BJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzNDBaFw0yNzA2MjUwODA4NDBaMDMxMTAvBgNV
BAMTKDEzNTM3MTk4MDUyMEMyOTA2MTY0NTBCQ0E3QjZCMjRGNkIyNDg3MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtTl6hBWVo9QapKGzqY4ZOjUnm
7/Iqw99aXzfla1woJoCt/3/qUINu7tDgZDyxz4VZeWfq7YeQXDTpzQtzEteJaOg1
lOX+sNruUC/4Kwo2sJ46IP6RHIKLC4NgKQHqii6dJzf9RHgtyUegkfi1KC1wJe5h
7NRSdSEA99Nj/5ondTOyLUBR0y/6P5Ccn0U8Qdob4aS74Ele0OzLfzgLM8T3AE2Q
qEADp6uzxXjwDVz0v3s1XOpiJW9PG/OiCxCwhGITEtRSQE77eeJzW+kD9p3jWsPJ
sqnx2bwnaYZk6A9hI6lDg7pXX95bp1YXRmyBXtb40308uldkMrhc2NUexDXBAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUE1NxmAUgwpBhZFC8p7ayT2skhyYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA1Mzk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQJgMA0GCSqGSIb3DQEBCwUAA4IBAQBjA/JjYI43+auyEM67gRl7sWFLezbAAvRP
A5km8wVgEHxhCL7oiupltu4v2eJBf5PCvH/j4R6bKbobec9I3RE3fM9GLulAv0xF
CknbvsEx0s5cfJ7o9dkMXcLLPUirEk9T91MlkLm5pEtd+XpL/8n9ntcWd63ua0bb
POeS91GlYBJcVsljxbIRmrzzbFGNiA97gqFcn+GkfgH0jUf4YGxilPtY6ISUiFQa
v29ZTpl68XRfEKwIr9O+eKUmPwaWGNMDVeQAs5Sv5Vteai1zM5czEW3lVAnwMpR0
LSDTkrF0+/uRFdd4LCX2HewKJU7Gar4Q8WHgIi0GkvloDzYQM65b
-----END CERTIFICATE-----
Generated at Wed Jul 15 13:37:31 2026 by rpki-client