Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207972.roa
File:                     AS207972.roa (raw, json)
Hash identifier:          xtTi3EOG4di9mYIKigHk4/71ffIihDAH0iLxcgTqeKY=
Subject key identifier:   AA:27:B5:F4:16:DB:2B:79:16:C3:AF:E8:B6:AA:7A:8D:14:65:E3:16
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3AB5F82EA44D62F3B1A18422D63E464B8B0F4F76
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207972.roa
Signing time:             Tue 12 May 2026 23:08:35 +0000
ROA not before:           Tue 12 May 2026 23:03:35 +0000
ROA not after:            Tue 11 May 2027 23:08:35 +0000
asID:                     207972
IP address blocks:        2a0f:85c1:c4d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:b5:f8:2e:a4:4d:62:f3:b1:a1:84:22:d6:3e:46:4b:8b:0f:4f:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 12 23:03:35 2026 GMT
            Not After : May 11 23:08:35 2027 GMT
        Subject: CN=AA27B5F416DB2B7916C3AFE8B6AA7A8D1465E316
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:89:89:3e:07:37:d6:78:c5:66:63:88:a0:e5:
                    27:55:3a:6c:f9:67:bf:66:1e:46:80:75:b7:a4:ee:
                    e1:d9:ce:f6:35:14:9e:35:1f:e9:03:29:69:95:ed:
                    13:6c:a0:3e:b1:9a:99:5e:94:5c:3e:3d:a3:45:e7:
                    c3:24:f2:aa:80:f5:9a:c6:52:b7:46:b3:c0:ea:8e:
                    cc:e4:25:f1:b0:27:98:cf:a2:d0:d5:6a:cd:b0:b1:
                    27:80:d2:d0:47:68:56:97:70:a6:d9:ba:90:77:7c:
                    76:58:5b:b0:bb:80:82:ff:16:ce:d8:2e:7f:2d:84:
                    5b:de:98:3c:26:c1:80:93:4e:f5:04:25:91:eb:c2:
                    39:88:1c:39:59:17:7a:db:a8:d7:cd:a3:c7:bb:d3:
                    cf:7e:39:79:a8:3d:a5:87:63:a2:48:0c:59:d0:39:
                    25:4c:a8:17:e6:f0:91:43:b3:64:27:3a:cf:2b:05:
                    70:22:19:ec:cc:32:72:ed:65:aa:3f:30:1e:de:44:
                    43:af:c8:6c:ad:31:bf:6f:6a:e1:c4:79:99:eb:9e:
                    d3:ea:45:70:88:bd:cd:f6:d1:23:41:40:fd:ba:0e:
                    8f:13:90:b4:66:ce:c8:d2:3e:02:8a:e8:b6:d0:6b:
                    a8:37:27:66:0c:f8:5d:c3:d3:b9:31:34:1e:7e:91:
                    c3:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:27:B5:F4:16:DB:2B:79:16:C3:AF:E8:B6:AA:7A:8D:14:65:E3:16
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207972.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c4d::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:f5:55:39:6a:6a:44:4f:41:1f:81:07:db:c1:ee:f5:f6:c6:
         5b:0a:ee:b1:7e:e3:e7:2e:d9:6c:81:d1:d2:cd:45:ed:c1:2e:
         ed:54:27:99:49:d3:f6:fa:30:ce:22:46:1f:52:58:56:2d:72:
         05:dd:6a:c3:4d:12:ef:73:41:a0:de:db:40:07:e3:51:bd:4d:
         9a:2b:0c:d6:be:33:1c:74:af:49:da:54:c4:a9:3e:52:c4:50:
         b8:80:46:b5:fb:6f:e6:3d:8d:6a:0b:51:5a:a0:fc:4e:b9:d7:
         5d:3c:60:a9:9b:b2:fb:74:d1:dd:99:d8:a6:49:1c:90:1a:f2:
         26:8c:56:4d:f2:29:d4:2b:6e:24:85:57:02:70:98:62:f9:f3:
         4d:bc:18:03:25:71:b2:e1:85:cb:d5:1c:76:2b:14:f4:c9:2b:
         d1:0d:79:e5:ce:2f:67:d7:4b:4c:6b:07:37:51:f6:f5:20:4a:
         d6:c5:43:44:e0:0d:bc:16:e3:69:87:14:50:67:52:c1:44:4a:
         80:15:fb:2c:60:18:88:4a:8d:c8:31:de:1b:c7:4f:56:85:f0:
         a6:b4:bc:53:8d:0f:16:ee:af:e4:1b:f1:83:22:98:c9:dd:7e:
         6e:21:e1:cf:55:18:50:65:48:44:18:c5:ef:8a:89:a8:d5:f4:
         d7:e4:96:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOrX4LqRNYvOxoYQi1j5GS4sPT3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA1MTIyMzAzMzVaFw0yNzA1MTEyMzA4MzVaMDMxMTAvBgNV
BAMTKEFBMjdCNUY0MTZEQjJCNzkxNkMzQUZFOEI2QUE3QThEMTQ2NUUzMTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCViYk+BzfWeMVmY4ig5SdVOmz5
Z79mHkaAdbek7uHZzvY1FJ41H+kDKWmV7RNsoD6xmplelFw+PaNF58Mk8qqA9ZrG
UrdGs8DqjszkJfGwJ5jPotDVas2wsSeA0tBHaFaXcKbZupB3fHZYW7C7gIL/Fs7Y
Ln8thFvemDwmwYCTTvUEJZHrwjmIHDlZF3rbqNfNo8e7089+OXmoPaWHY6JIDFnQ
OSVMqBfm8JFDs2QnOs8rBXAiGezMMnLtZao/MB7eREOvyGytMb9vauHEeZnrntPq
RXCIvc320SNBQP26Do8TkLRmzsjSPgKK6LbQa6g3J2YM+F3D07kxNB5+kcMtAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUqie19BbbK3kWw6/otqp6jRRl4xYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3OTcyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxNMA0GCSqGSIb3DQEBCwUAA4IBAQBU9VU5ampET0EfgQfbwe719sZbCu6xfuPn
LtlsgdHSzUXtwS7tVCeZSdP2+jDOIkYfUlhWLXIF3WrDTRLvc0Gg3ttAB+NRvU2a
KwzWvjMcdK9J2lTEqT5SxFC4gEa1+2/mPY1qC1FaoPxOudddPGCpm7L7dNHdmdim
SRyQGvImjFZN8inUK24khVcCcJhi+fNNvBgDJXGy4YXL1Rx2KxT0ySvRDXnlzi9n
10tMawc3Ufb1IErWxUNE4A28FuNphxRQZ1LBREqAFfssYBiISo3IMd4bx09WhfCm
tLxTjQ8W7q/kG/GDIpjJ3X5uIeHPVRhQZUhEGMXviomo1fTX5JbZ
-----END CERTIFICATE-----