Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205380.roa
File:                     AS205380.roa (raw, json)
Hash identifier:          gtQBC0jNeC0KRcoTeCGuIUyPjhDyqepFZ+op+UYHOiA=
Subject key identifier:   B2:45:74:AF:28:CE:AD:84:4E:90:9F:76:E4:F8:D4:55:1B:9F:4C:94
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       16CD53D8D2370CFFFEE1DC3DBCF8147EEA327564
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205380.roa
Signing time:             Fri 12 Sep 2025 09:48:50 +0000
ROA not before:           Fri 12 Sep 2025 09:43:50 +0000
ROA not after:            Fri 11 Sep 2026 09:48:50 +0000
asID:                     205380
IP address blocks:        95.134.142.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:cd:53:d8:d2:37:0c:ff:fe:e1:dc:3d:bc:f8:14:7e:ea:32:75:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Sep 12 09:43:50 2025 GMT
            Not After : Sep 11 09:48:50 2026 GMT
        Subject: CN=B24574AF28CEAD844E909F76E4F8D4551B9F4C94
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d3:b4:10:f7:03:44:31:5a:b5:54:b2:07:4b:
                    91:34:8c:ca:3b:cb:e1:49:17:0e:40:1f:8d:7e:b5:
                    f6:70:19:b1:9c:d8:9b:90:c8:78:17:62:6b:dd:93:
                    7e:de:95:2f:ce:80:6f:79:2e:98:b4:d2:1a:20:1d:
                    cb:04:d7:c7:5e:1c:6f:5f:22:87:4a:78:f5:ce:13:
                    6b:b3:d0:ba:70:e5:c9:61:f2:6c:3e:7a:1a:fa:29:
                    b9:d1:76:0d:06:22:a4:b0:d6:17:d6:ab:d1:f9:13:
                    93:f9:dd:6a:a4:11:75:35:a8:05:23:64:5d:1c:b4:
                    88:93:9c:c8:97:30:4c:bf:43:e4:0d:d7:62:9b:45:
                    8b:da:4d:e7:1b:21:16:bb:13:e8:4d:60:09:62:cf:
                    93:3b:60:f3:a3:ac:b1:db:df:3f:b9:f7:d3:b0:95:
                    68:ad:a0:12:90:dd:89:5b:a2:23:ab:35:d0:01:05:
                    57:27:10:1a:1a:31:d0:48:63:cd:8a:af:b4:9c:0d:
                    ba:1f:19:45:7e:51:d4:c2:4f:d8:a6:ba:ef:d3:85:
                    54:26:32:a5:ae:5e:a1:42:fe:41:a1:2e:19:8b:4c:
                    2a:be:81:8a:e3:3c:3b:af:29:36:d7:ce:4d:69:be:
                    b7:fb:53:68:38:cc:01:b5:aa:9c:73:c4:ba:f4:48:
                    9d:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:45:74:AF:28:CE:AD:84:4E:90:9F:76:E4:F8:D4:55:1B:9F:4C:94
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS205380.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:bd:98:74:43:ee:5d:12:12:fb:77:a9:b3:c2:3b:ba:25:ea:
         7e:3f:4f:f2:5a:a4:28:eb:ac:43:30:28:45:8f:bd:75:f8:98:
         be:eb:a9:ea:06:41:66:93:57:50:18:5f:9a:d5:b2:79:56:6e:
         a7:1f:1f:32:26:51:35:4a:b7:08:ba:43:b5:f1:e5:bb:17:e2:
         53:ef:00:ba:df:09:fb:80:a1:80:8f:f9:06:d9:e9:53:03:2c:
         1b:2f:5a:71:e9:5a:32:6f:82:19:35:c4:b0:7e:30:e5:b1:60:
         ff:ae:11:87:93:3f:05:0b:79:02:a0:c6:98:79:fd:56:45:58:
         0f:3a:5e:6c:2f:38:bc:be:0b:1e:93:79:25:eb:53:b5:f6:c6:
         9a:88:e9:be:86:0c:31:da:a3:21:73:79:83:14:fa:f4:9b:b0:
         70:27:95:6f:52:f6:71:01:e7:a2:2f:5e:15:e2:13:d6:3c:e8:
         9d:84:1b:4b:f1:cf:6d:eb:57:2b:c4:b0:ad:53:29:e7:24:cf:
         43:17:d1:96:9c:36:cf:78:39:c7:f4:c8:8c:60:c3:73:75:40:
         61:db:55:09:e5:de:2c:9c:c3:43:c0:a4:62:79:f0:1c:41:e2:
         94:2c:11:17:8a:b5:0c:44:3c:2e:e5:ae:17:9b:15:65:a3:81:
         64:17:f3:95
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUFs1T2NI3DP/+4dw9vPgUfuoydWQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA5MTIwOTQzNTBaFw0yNjA5MTEwOTQ4NTBaMDMxMTAvBgNV
BAMTKEIyNDU3NEFGMjhDRUFEODQ0RTkwOUY3NkU0RjhENDU1MUI5RjRDOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa07QQ9wNEMVq1VLIHS5E0jMo7
y+FJFw5AH41+tfZwGbGc2JuQyHgXYmvdk37elS/OgG95Lpi00hogHcsE18deHG9f
IodKePXOE2uz0Lpw5clh8mw+ehr6KbnRdg0GIqSw1hfWq9H5E5P53WqkEXU1qAUj
ZF0ctIiTnMiXMEy/Q+QN12KbRYvaTecbIRa7E+hNYAliz5M7YPOjrLHb3z+599Ow
lWitoBKQ3YlboiOrNdABBVcnEBoaMdBIY82Kr7ScDbofGUV+UdTCT9imuu/ThVQm
MqWuXqFC/kGhLhmLTCq+gYrjPDuvKTbXzk1pvrf7U2g4zAG1qpxzxLr0SJ3xAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUskV0ryjOrYROkJ925PjUVRufTJQwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA1MzgwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4aO
MA0GCSqGSIb3DQEBCwUAA4IBAQAkvZh0Q+5dEhL7d6mzwju6Jep+P0/yWqQo66xD
MChFj711+Ji+66nqBkFmk1dQGF+a1bJ5Vm6nHx8yJlE1SrcIukO18eW7F+JT7wC6
3wn7gKGAj/kG2elTAywbL1px6Voyb4IZNcSwfjDlsWD/rhGHkz8FC3kCoMaYef1W
RVgPOl5sLzi8vgsek3kl61O19saaiOm+hgwx2qMhc3mDFPr0m7BwJ5VvUvZxAeei
L14V4hPWPOidhBtL8c9t61crxLCtUynnJM9DF9GWnDbPeDnH9MiMYMNzdUBh21UJ
5d4snMNDwKRiefAcQeKULBEXirUMRDwu5a4XmxVlo4FkF/OV
-----END CERTIFICATE-----