Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa
File:                     AS208884.roa (raw, json)
Hash identifier:          seSERiLjnFTl4Lqb/fgTzSmdlZ3zZGxoKVKOyktkMlM=
Subject key identifier:   30:C2:0F:3E:F3:B8:31:CB:93:5C:DC:58:FE:01:DB:36:6C:2C:1B:A5
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       D89DF19D415216327F3DA022DA115B9C24D4F1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa
Signing time:             Thu 15 May 2025 00:58:23 +0000
ROA not before:           Thu 15 May 2025 00:53:23 +0000
ROA not after:            Thu 14 May 2026 00:58:23 +0000
asID:                     208884
IP address blocks:        2a0f:85c1:c37::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d8:9d:f1:9d:41:52:16:32:7f:3d:a0:22:da:11:5b:9c:24:d4:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 15 00:53:23 2025 GMT
            Not After : May 14 00:58:23 2026 GMT
        Subject: CN=30C20F3EF3B831CB935CDC58FE01DB366C2C1BA5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:79:cf:36:b9:bf:99:07:90:5b:3b:f6:6d:cc:
                    9e:8a:62:08:95:40:fd:be:4b:5a:9e:71:f4:dd:a7:
                    02:ba:3a:13:f3:f8:54:f7:e3:28:10:e2:0d:1f:d0:
                    eb:01:fb:83:a1:b0:86:85:d3:a3:aa:80:c1:81:dc:
                    a8:f7:75:23:b1:7f:1f:67:a1:ba:f8:6d:8f:09:13:
                    e2:e3:e9:b0:bc:9b:2a:72:4e:cd:23:9d:f8:32:c5:
                    82:83:81:32:53:91:a4:a7:7a:7f:df:c0:87:99:1b:
                    8c:b3:38:f3:42:67:3e:7e:7c:29:1a:d5:ff:ab:9e:
                    88:a9:01:c1:8f:df:6f:e1:c4:3e:02:5b:5e:3c:4a:
                    7a:78:19:6b:f7:81:32:3d:51:73:f8:16:05:c7:07:
                    91:83:53:f4:d3:45:07:71:34:ec:0d:2c:fe:89:64:
                    e7:e7:71:81:e8:17:29:7e:10:34:20:e7:db:09:81:
                    8f:82:c5:c3:f6:5f:2c:4f:5a:49:e8:18:2d:c1:4f:
                    98:d1:dc:0a:b4:ed:c0:42:eb:e7:ac:89:a4:fe:e1:
                    59:23:f6:d9:1e:66:9f:0b:8d:60:3d:e8:f2:87:3c:
                    65:7b:21:4e:2a:87:ae:f3:b9:e9:81:e1:1b:7e:94:
                    e8:8b:57:13:d6:79:e4:fc:de:af:8a:fe:8d:e9:82:
                    03:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:C2:0F:3E:F3:B8:31:CB:93:5C:DC:58:FE:01:DB:36:6C:2C:1B:A5
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208884.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c37::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:b9:54:d0:84:83:23:87:5b:8b:8c:10:6f:8e:a7:24:1d:27:
         43:e3:5d:b3:63:76:44:e2:fd:f7:c4:42:d9:22:22:42:e4:b6:
         9b:63:46:67:d7:47:14:27:52:33:3c:fd:23:5a:cb:52:98:b1:
         3a:04:bb:93:57:48:54:58:ee:97:7c:ae:6f:83:ba:e0:15:c9:
         83:d4:9f:69:6c:e7:6a:13:3d:8b:97:20:77:74:b8:65:1a:f5:
         0b:ba:25:58:85:8b:ef:22:85:70:40:e9:d2:45:95:8c:05:f0:
         68:37:e9:10:b4:b0:e7:b2:0e:3a:01:17:cd:fa:7d:fe:56:35:
         59:1d:58:16:87:c1:71:97:d1:72:58:94:a9:3f:40:66:cf:c5:
         7c:83:84:a1:07:74:6d:94:5e:4f:f3:16:40:e2:2b:9c:44:5c:
         e8:34:fc:d2:f8:21:92:0a:4f:69:2b:31:78:70:1b:05:1e:a0:
         94:05:88:1a:f7:ee:06:ae:ca:93:b0:3d:bc:fb:62:17:a4:8f:
         77:1e:84:87:8a:dd:be:eb:fe:2b:e3:4e:0b:bf:e9:de:91:15:
         85:9c:05:3f:31:78:79:b3:61:5a:b5:96:67:22:bd:4e:ea:95:
         02:ce:54:08:33:8c:d0:a7:c0:09:25:1d:fb:b9:8f:39:63:c4:
         0e:1f:ac:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUANid8Z1BUhYyfz2gItoRW5wk1PEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MTUwMDUzMjNaFw0yNjA1MTQwMDU4MjNaMDMxMTAvBgNV
BAMTKDMwQzIwRjNFRjNCODMxQ0I5MzVDREM1OEZFMDFEQjM2NkMyQzFCQTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnec82ub+ZB5BbO/ZtzJ6KYgiV
QP2+S1qecfTdpwK6OhPz+FT34ygQ4g0f0OsB+4OhsIaF06OqgMGB3Kj3dSOxfx9n
obr4bY8JE+Lj6bC8mypyTs0jnfgyxYKDgTJTkaSnen/fwIeZG4yzOPNCZz5+fCka
1f+rnoipAcGP32/hxD4CW148Snp4GWv3gTI9UXP4FgXHB5GDU/TTRQdxNOwNLP6J
ZOfncYHoFyl+EDQg59sJgY+CxcP2XyxPWknoGC3BT5jR3Aq07cBC6+esiaT+4Vkj
9tkeZp8LjWA96PKHPGV7IU4qh67zuemB4Rt+lOiLVxPWeeT83q+K/o3pggPdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMMIPPvO4McuTXNxY/gHbNmwsG6UwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4ODg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQw3MA0GCSqGSIb3DQEBCwUAA4IBAQAKuVTQhIMjh1uLjBBvjqckHSdD412zY3ZE
4v33xELZIiJC5LabY0Zn10cUJ1IzPP0jWstSmLE6BLuTV0hUWO6XfK5vg7rgFcmD
1J9pbOdqEz2LlyB3dLhlGvULuiVYhYvvIoVwQOnSRZWMBfBoN+kQtLDnsg46ARfN
+n3+VjVZHVgWh8Fxl9FyWJSpP0Bmz8V8g4ShB3RtlF5P8xZA4iucRFzoNPzS+CGS
Ck9pKzF4cBsFHqCUBYga9+4GrsqTsD28+2IXpI93HoSHit2+6/4r404Lv+nekRWF
nAU/MXh5s2FatZZnIr1O6pUCzlQIM4zQp8AJJR37uY85Y8QOH6za
-----END CERTIFICATE-----