Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207836.roa
File:                     AS207836.roa (raw, json)
Hash identifier:          SrZW8gd0gaxeECLBIS1jcBL3n5gaTmwBdapGdyykjPk=
Subject key identifier:   11:73:F0:C7:99:F6:0D:F8:FF:56:ED:DF:0C:BF:27:A3:22:AE:73:EB
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       6650B17701A999B27D07E28C8A15B6C5F880AA56
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207836.roa
Signing time:             Tue 03 Jun 2025 01:28:56 +0000
ROA not before:           Tue 03 Jun 2025 01:23:56 +0000
ROA not after:            Tue 02 Jun 2026 01:28:56 +0000
asID:                     207836
IP address blocks:        2a14:7580:400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:50:b1:77:01:a9:99:b2:7d:07:e2:8c:8a:15:b6:c5:f8:80:aa:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  3 01:23:56 2025 GMT
            Not After : Jun  2 01:28:56 2026 GMT
        Subject: CN=1173F0C799F60DF8FF56EDDF0CBF27A322AE73EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ce:cd:bf:57:b4:60:e3:84:93:15:14:cc:6f:
                    31:77:5e:28:d6:38:75:a3:5f:ec:09:21:2b:28:b3:
                    11:ce:a9:b4:22:47:23:5f:2a:10:d6:46:e4:44:20:
                    b5:bf:9c:06:9e:c2:0e:ed:f4:4d:c7:77:71:7b:28:
                    5c:a4:bc:d1:a4:a8:72:ac:fb:8d:80:de:2d:bf:fb:
                    f0:ad:1a:26:72:79:76:d1:f1:da:7c:77:0b:0d:d5:
                    67:b0:d9:f5:9b:45:10:29:24:a8:5b:c7:c2:fa:4f:
                    6d:3b:a9:01:11:8b:9a:6a:da:c1:16:5c:bf:d5:61:
                    c0:12:9d:ef:d3:bd:67:68:32:5b:6f:1d:6d:a0:e5:
                    46:99:34:eb:4a:14:82:ca:d1:38:eb:48:a3:94:23:
                    dd:c2:53:65:ac:08:4e:b8:73:89:c8:c9:6c:84:43:
                    ce:b1:51:29:2f:21:fb:5a:49:c0:3c:92:91:54:20:
                    c1:ab:24:24:c9:25:47:cb:5a:f9:f9:5a:92:8e:4d:
                    fb:e2:5f:35:ba:92:52:71:29:1d:a9:aa:95:84:ef:
                    46:39:30:cf:b4:b5:44:6c:94:bb:70:da:b9:e1:a8:
                    ac:8d:e2:53:05:f5:17:c9:67:63:f9:31:5b:c3:ba:
                    a8:04:4c:5d:7f:09:1d:d7:33:9c:e6:8a:8e:78:7c:
                    aa:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:73:F0:C7:99:F6:0D:F8:FF:56:ED:DF:0C:BF:27:A3:22:AE:73:EB
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207836.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2f:fb:f2:ae:68:57:1f:79:c6:08:4c:74:83:f3:44:96:a4:4a:
         a8:a2:4a:a0:15:3e:9a:50:93:d0:00:52:66:f0:30:da:77:96:
         f9:e9:1b:5d:aa:cd:c0:ac:40:98:8c:53:55:59:ea:3d:7c:fc:
         51:29:4a:3b:56:8c:09:21:47:20:3a:81:6d:24:39:ee:65:27:
         26:57:a3:6e:09:d9:48:d5:d1:ff:04:da:9f:46:64:3d:de:34:
         17:88:c2:4c:3b:1f:55:5c:e4:48:dc:26:0b:10:13:b5:f7:a9:
         ca:f9:2c:cd:0f:3a:9b:56:5b:9b:7d:b6:dd:6f:eb:f8:e5:da:
         d0:5a:05:77:6b:52:ec:b3:a8:f0:29:ca:a9:8d:2c:06:7f:09:
         7f:51:b0:55:86:e3:e9:5c:11:a2:12:bd:d1:fc:4c:24:f4:c0:
         6c:61:d7:d5:1b:6e:d2:61:b5:e1:f3:67:33:41:db:4c:74:cf:
         5e:f4:d1:ff:8a:19:6f:d7:48:70:51:e6:ff:2d:a9:0e:5e:de:
         05:89:f5:aa:74:a7:49:c5:90:9d:ab:40:01:a7:28:c1:0f:ed:
         ec:e5:71:5f:f8:93:b6:a2:5e:37:0d:9e:b6:61:eb:de:b6:d2:
         90:67:6d:16:f0:85:73:bc:4b:17:0d:70:1d:c6:43:06:8a:8d:
         b2:e8:53:6b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUZlCxdwGpmbJ9B+KMihW2xfiAqlYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MDMwMTIzNTZaFw0yNjA2MDIwMTI4NTZaMDMxMTAvBgNV
BAMTKDExNzNGMEM3OTlGNjBERjhGRjU2RURERjBDQkYyN0EzMjJBRTczRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6zs2/V7Rg44STFRTMbzF3XijW
OHWjX+wJISsosxHOqbQiRyNfKhDWRuREILW/nAaewg7t9E3Hd3F7KFykvNGkqHKs
+42A3i2/+/CtGiZyeXbR8dp8dwsN1Wew2fWbRRApJKhbx8L6T207qQERi5pq2sEW
XL/VYcASne/TvWdoMltvHW2g5UaZNOtKFILK0TjrSKOUI93CU2WsCE64c4nIyWyE
Q86xUSkvIftaScA8kpFUIMGrJCTJJUfLWvn5WpKOTfviXzW6klJxKR2pqpWE70Y5
MM+0tURslLtw2rnhqKyN4lMF9RfJZ2P5MVvDuqgETF1/CR3XM5zmio54fKofAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUEXPwx5n2Dfj/Vu3fDL8noyKuc+swHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3ODM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gAQwDQYJKoZIhvcNAQELBQADggEBAC/78q5oVx95xghMdIPzRJakSqiiSqAVPppQ
k9AAUmbwMNp3lvnpG12qzcCsQJiMU1VZ6j18/FEpSjtWjAkhRyA6gW0kOe5lJyZX
o24J2UjV0f8E2p9GZD3eNBeIwkw7H1Vc5EjcJgsQE7X3qcr5LM0POptWW5t9tt1v
6/jl2tBaBXdrUuyzqPApyqmNLAZ/CX9RsFWG4+lcEaISvdH8TCT0wGxh19UbbtJh
teHzZzNB20x0z1700f+KGW/XSHBR5v8tqQ5e3gWJ9ap0p0nFkJ2rQAGnKMEP7ezl
cV/4k7aiXjcNnrZh69620pBnbRbwhXO8SxcNcB3GQwaKjbLoU2s=
-----END CERTIFICATE-----