Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205091.roa
File:                     AS205091.roa (raw, json)
Hash identifier:          sZ9ZyFtg7chDC8Kot+1mvGq5EG6Pl1RJv+48P+KLL0A=
Subject key identifier:   CA:9A:CF:13:4E:FC:79:1A:48:3C:8F:5B:5C:73:75:F9:D1:B9:0D:E0
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       35D8CF88725DB61A0C3E3F2AC47E43BAFD99535E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205091.roa
Signing time:             Tue 16 Jun 2026 10:47:36 +0000
ROA not before:           Tue 16 Jun 2026 10:42:36 +0000
ROA not after:            Tue 15 Jun 2027 10:47:36 +0000
asID:                     205091
IP address blocks:        141.11.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 05:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:d8:cf:88:72:5d:b6:1a:0c:3e:3f:2a:c4:7e:43:ba:fd:99:53:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun 16 10:42:36 2026 GMT
            Not After : Jun 15 10:47:36 2027 GMT
        Subject: CN=CA9ACF134EFC791A483C8F5B5C7375F9D1B90DE0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a4:9d:bc:ce:2d:aa:a9:46:ec:b2:08:2a:47:
                    88:e8:7b:a4:99:7f:c3:6b:52:4c:85:d4:5e:e5:2e:
                    ef:8c:d1:3a:45:a2:97:bd:c4:86:22:df:be:96:7e:
                    c9:e9:46:da:ec:b5:84:5e:fb:7f:da:7c:90:b8:80:
                    e8:56:91:2f:fa:87:f2:10:8e:2e:21:58:39:91:c2:
                    85:bc:7f:c3:d7:5f:9a:09:c1:d1:b0:d3:84:67:a3:
                    ec:c5:6a:1e:d9:64:b2:9c:cd:c2:d5:47:7a:71:45:
                    04:a0:8e:e9:0d:0b:d4:02:00:d7:de:32:25:65:e3:
                    f9:61:de:85:64:0b:a7:07:ee:5c:02:c4:f8:3f:d0:
                    1d:8a:c1:45:3c:12:dc:d2:5c:ab:28:4c:b2:d4:0f:
                    84:2e:ac:04:b8:0d:ca:22:3e:4c:a4:be:fa:47:c8:
                    5f:66:5e:ed:a3:36:29:89:d0:aa:13:8e:64:ac:47:
                    4e:fc:4a:47:bd:f2:7c:cd:f8:36:aa:9c:0c:b7:fe:
                    3b:8b:8e:51:c6:54:b1:52:51:8a:6d:88:e2:87:65:
                    20:9e:f5:a1:49:26:84:87:0f:8f:11:b4:7e:12:cf:
                    b9:d0:f3:f2:8c:fd:ea:ee:48:89:b8:e7:1a:41:7f:
                    a7:ff:60:d0:dc:5f:3f:4c:5d:40:07:33:b7:9d:fb:
                    b3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9A:CF:13:4E:FC:79:1A:48:3C:8F:5B:5C:73:75:F9:D1:B9:0D:E0
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS205091.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:f2:3f:e1:39:93:67:2d:6f:fb:58:f8:09:59:5d:18:26:e7:
         5e:31:6d:85:95:9b:01:21:8a:d4:da:39:3b:0a:ed:15:95:a3:
         3c:33:18:bc:af:bf:28:ec:2c:e0:6d:be:00:a2:7b:33:16:72:
         15:b9:11:4d:a3:9f:6a:df:93:bf:e2:bd:c9:b1:f3:82:41:1c:
         bd:9f:d6:65:b8:c9:4c:35:f2:02:b3:d7:d8:c7:a9:0c:e2:49:
         17:f6:6a:2f:72:78:fa:42:90:03:3c:20:18:89:cb:0a:71:06:
         08:34:b0:13:a7:d7:45:11:aa:5b:c4:ba:be:5f:9f:17:d4:6e:
         da:84:e7:b9:30:4c:00:d5:47:b4:6b:63:d3:44:11:48:58:10:
         77:ac:48:8e:d0:8d:96:c9:b7:d2:55:a1:21:7f:02:3c:6c:64:
         24:74:3c:76:1d:75:22:75:fe:49:3f:ec:32:76:65:e4:7f:37:
         21:09:16:b0:04:83:00:ff:6e:24:62:32:8d:d3:d4:1f:13:45:
         fa:24:0f:76:84:2a:bb:ab:98:a5:dd:a8:07:01:cd:0b:1d:7e:
         51:c7:e8:a6:23:a8:20:44:b4:c7:55:51:52:ae:10:b4:8f:20:
         54:6c:41:35:97:0d:d6:11:a5:4e:ae:61:6c:31:b3:84:9d:6c:
         06:08:6f:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNdjPiHJdthoMPj8qxH5Duv2ZU14wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MTYxMDQyMzZaFw0yNzA2MTUxMDQ3MzZaMDMxMTAvBgNV
BAMTKENBOUFDRjEzNEVGQzc5MUE0ODNDOEY1QjVDNzM3NUY5RDFCOTBERTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGpJ28zi2qqUbssggqR4joe6SZ
f8NrUkyF1F7lLu+M0TpFope9xIYi376WfsnpRtrstYRe+3/afJC4gOhWkS/6h/IQ
ji4hWDmRwoW8f8PXX5oJwdGw04Rno+zFah7ZZLKczcLVR3pxRQSgjukNC9QCANfe
MiVl4/lh3oVkC6cH7lwCxPg/0B2KwUU8EtzSXKsoTLLUD4QurAS4DcoiPkykvvpH
yF9mXu2jNimJ0KoTjmSsR078Ske98nzN+DaqnAy3/juLjlHGVLFSUYptiOKHZSCe
9aFJJoSHD48RtH4Sz7nQ8/KM/eruSIm45xpBf6f/YNDcXz9MXUAHM7ed+7MLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyprPE078eRpIPI9bXHN1+dG5DeAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA1MDkxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQv4
MA0GCSqGSIb3DQEBCwUAA4IBAQCv8j/hOZNnLW/7WPgJWV0YJudeMW2FlZsBIYrU
2jk7Cu0VlaM8Mxi8r78o7Czgbb4AonszFnIVuRFNo59q35O/4r3JsfOCQRy9n9Zl
uMlMNfICs9fYx6kM4kkX9movcnj6QpADPCAYicsKcQYINLATp9dFEapbxLq+X58X
1G7ahOe5MEwA1Ue0a2PTRBFIWBB3rEiO0I2WybfSVaEhfwI8bGQkdDx2HXUidf5J
P+wydmXkfzchCRawBIMA/24kYjKN09QfE0X6JA92hCq7q5il3agHAc0LHX5Rx+im
I6ggRLTHVVFSrhC0jyBUbEE1lw3WEaVOrmFsMbOEnWwGCG/J
-----END CERTIFICATE-----