Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208915.roa
File:                     AS208915.roa (raw, json)
Hash identifier:          0zziHaZ6bt+kUpUXjuZ8b6hXERQOq9tCuLlCOpCJzb4=
Subject key identifier:   30:8A:65:A4:52:90:88:AF:AA:12:2D:E8:E2:05:F7:59:EC:C0:4D:99
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       17F3A8EF61E5323EB914E036B590DD69F49B9B93
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208915.roa
Signing time:             Thu 15 May 2025 00:58:07 +0000
ROA not before:           Thu 15 May 2025 00:53:07 +0000
ROA not after:            Thu 14 May 2026 00:58:07 +0000
asID:                     208915
IP address blocks:        2a0f:85c1:c31::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:f3:a8:ef:61:e5:32:3e:b9:14:e0:36:b5:90:dd:69:f4:9b:9b:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May 15 00:53:07 2025 GMT
            Not After : May 14 00:58:07 2026 GMT
        Subject: CN=308A65A4529088AFAA122DE8E205F759ECC04D99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:4b:20:ca:5d:f3:bb:3c:f0:05:8b:03:54:42:
                    18:4a:2a:02:65:df:80:99:dc:57:54:55:ed:02:b3:
                    57:6d:15:e7:f9:6b:12:31:64:d2:de:1b:33:c6:aa:
                    4c:2e:0c:53:97:08:17:04:2d:0a:4b:29:16:1b:3f:
                    ad:eb:8c:22:aa:a7:a1:48:b8:c3:d6:76:93:07:b4:
                    f0:07:ac:bf:a0:3b:ad:e6:f2:d1:a0:f8:5e:0f:60:
                    20:9f:44:45:46:ce:ab:37:b6:bd:51:ce:9c:ed:d9:
                    95:e5:09:55:95:e8:e7:d5:f1:b0:f6:e9:5b:36:9e:
                    5c:50:bc:1e:1b:c0:67:9a:d3:72:d5:35:fe:5a:fc:
                    f1:84:28:00:30:56:26:73:11:e4:bf:e3:0c:5a:0a:
                    ec:91:59:e8:81:6a:d9:5f:95:78:72:5e:e7:53:9d:
                    f2:ab:ca:f1:eb:c6:32:8f:75:f2:76:2f:4c:5f:5d:
                    cb:93:49:2c:04:6b:6a:5d:f9:27:5f:95:9b:04:1c:
                    04:ce:6c:c9:3a:11:01:d4:2c:81:62:70:89:8d:a0:
                    b7:da:c8:a0:fd:33:4b:8b:16:5f:1c:0f:24:d6:f7:
                    5c:5a:3a:0d:b4:d3:9b:1f:a0:de:d8:e2:48:15:9e:
                    be:b7:1b:62:26:ee:f6:f8:11:9d:6d:18:c8:d0:28:
                    9e:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:8A:65:A4:52:90:88:AF:AA:12:2D:E8:E2:05:F7:59:EC:C0:4D:99
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208915.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c31::/48

    Signature Algorithm: sha256WithRSAEncryption
         16:03:47:bb:2b:46:dc:94:59:cd:09:6c:a6:f3:c0:44:06:71:
         2e:37:d9:e9:2e:68:da:85:bd:56:dd:71:1d:93:af:b9:36:d0:
         6b:1f:0e:dd:e8:5a:b2:71:37:d4:cf:7d:70:81:3b:0f:7d:7c:
         34:0a:ec:eb:32:1e:ea:54:df:f1:ce:ab:91:41:b5:9c:ed:6d:
         d0:85:aa:2d:c8:83:cf:2f:c1:ee:d7:5e:7b:c8:47:55:ab:8e:
         27:f4:5e:1f:5d:e0:fa:b7:75:15:f8:e9:31:74:84:f5:4e:31:
         4d:a6:d9:b0:86:ba:06:97:d0:3c:30:63:36:2e:31:bb:a1:4a:
         34:b5:7e:c6:09:d2:4e:11:58:9c:81:c3:de:a6:51:23:d6:da:
         be:5b:47:50:7d:c8:0c:4a:93:0d:0e:4b:08:35:69:b8:77:9c:
         bd:3c:04:b6:55:d7:8f:5f:cd:76:0f:47:1d:8f:af:64:3f:d7:
         ed:ef:36:94:dc:ca:ae:9c:1f:d6:7e:1e:4b:92:21:a5:44:8d:
         c0:c4:b4:9f:14:bc:01:6e:b6:fd:23:cd:37:14:7a:01:1f:83:
         5a:af:ff:fa:69:18:62:60:29:2a:2a:ff:56:28:d9:29:d5:9a:
         90:82:b4:02:28:d3:28:93:a8:c3:96:92:16:dc:61:31:8d:ce:
         1e:2a:e4:aa
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUF/Oo72HlMj65FOA2tZDdafSbm5MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MTUwMDUzMDdaFw0yNjA1MTQwMDU4MDdaMDMxMTAvBgNV
BAMTKDMwOEE2NUE0NTI5MDg4QUZBQTEyMkRFOEUyMDVGNzU5RUNDMDREOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUSyDKXfO7PPAFiwNUQhhKKgJl
34CZ3FdUVe0Cs1dtFef5axIxZNLeGzPGqkwuDFOXCBcELQpLKRYbP63rjCKqp6FI
uMPWdpMHtPAHrL+gO63m8tGg+F4PYCCfREVGzqs3tr1Rzpzt2ZXlCVWV6OfV8bD2
6Vs2nlxQvB4bwGea03LVNf5a/PGEKAAwViZzEeS/4wxaCuyRWeiBatlflXhyXudT
nfKryvHrxjKPdfJ2L0xfXcuTSSwEa2pd+SdflZsEHATObMk6EQHULIFicImNoLfa
yKD9M0uLFl8cDyTW91xaOg2005sfoN7Y4kgVnr63G2Im7vb4EZ1tGMjQKJ47AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUMIplpFKQiK+qEi3o4gX3WezATZkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4OTE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwxMA0GCSqGSIb3DQEBCwUAA4IBAQAWA0e7K0bclFnNCWym88BEBnEuN9npLmja
hb1W3XEdk6+5NtBrHw7d6FqycTfUz31wgTsPfXw0CuzrMh7qVN/xzquRQbWc7W3Q
haotyIPPL8Hu1157yEdVq44n9F4fXeD6t3UV+OkxdIT1TjFNptmwhroGl9A8MGM2
LjG7oUo0tX7GCdJOEVicgcPeplEj1tq+W0dQfcgMSpMNDksINWm4d5y9PAS2VdeP
X812D0cdj69kP9ft7zaU3MqunB/Wfh5LkiGlRI3AxLSfFLwBbrb9I803FHoBH4Na
r//6aRhiYCkqKv9WKNkp1ZqQgrQCKNMok6jDlpIW3GExjc4eKuSq
-----END CERTIFICATE-----