Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS207075.roa
File:                     AS207075.roa (raw, json)
Hash identifier:          xGDC3GtjAQQYgEeXhk6SzZm7mFHdEOP49cMn3cagMSI=
Subject key identifier:   A2:19:22:A6:11:93:BA:D7:35:24:B4:47:4F:55:78:CB:AF:21:C2:4D
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       207E77793265F1A83748F0568D0300691A792919
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS207075.roa
Signing time:             Sat 16 May 2026 16:47:13 +0000
ROA not before:           Sat 16 May 2026 16:42:13 +0000
ROA not after:            Sat 15 May 2027 16:47:13 +0000
asID:                     207075
IP address blocks:        46.203.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:7e:77:79:32:65:f1:a8:37:48:f0:56:8d:03:00:69:1a:79:29:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 16 16:42:13 2026 GMT
            Not After : May 15 16:47:13 2027 GMT
        Subject: CN=A21922A61193BAD73524B4474F5578CBAF21C24D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c1:cf:e9:d4:f5:6a:b0:13:bb:51:5a:f1:1b:
                    46:40:d3:ab:87:a4:6a:2f:81:c4:38:a3:70:88:1f:
                    cb:52:72:b7:c0:27:e5:c7:46:7e:80:3e:dc:35:90:
                    90:d1:f9:1f:29:08:59:9d:e7:15:db:7d:a2:9e:10:
                    54:ae:eb:53:81:17:68:f2:b8:5d:2e:85:d1:c0:34:
                    c8:f8:c9:f6:b1:2e:76:23:c0:02:0e:e5:6e:48:f4:
                    68:f0:b6:b1:cc:42:ad:ca:c6:6f:db:e8:ae:fc:6c:
                    db:6a:77:62:5b:73:6f:5a:ce:7a:3e:ee:40:2e:34:
                    4b:1d:b3:d1:fe:d9:6c:ff:23:06:ae:a6:a8:73:ec:
                    36:36:a9:99:ef:d5:40:b0:b4:88:68:6a:97:48:32:
                    a5:ce:be:10:dc:31:0f:19:49:d1:a8:9e:b1:5d:a5:
                    45:2b:47:6d:96:63:49:93:71:05:56:0a:39:bd:19:
                    96:41:c6:0d:04:ef:16:c1:b3:dc:cc:b0:cc:e2:ad:
                    d4:20:13:fc:82:42:e1:a8:ad:d4:8a:3a:9c:a0:1e:
                    bd:c3:5a:37:67:9d:33:6b:db:99:38:30:a9:5f:5f:
                    08:f8:2e:14:fc:bf:95:19:e9:04:24:45:f6:13:8a:
                    f7:1d:2f:33:ce:08:1f:ed:91:18:a0:8f:f4:94:c6:
                    d5:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:19:22:A6:11:93:BA:D7:35:24:B4:47:4F:55:78:CB:AF:21:C2:4D
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS207075.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:47:04:ce:91:74:1f:47:8d:eb:c5:00:61:34:14:ef:5b:51:
         fb:3d:b9:8d:9d:e9:64:28:7e:ae:2e:0d:66:bf:f9:cd:c2:d4:
         17:49:e1:da:9c:56:ed:82:fa:70:3d:a6:ff:9d:5f:9c:7d:17:
         16:d3:d4:0a:6b:af:d8:0b:3b:d4:e7:8d:08:0a:f8:d4:f2:9c:
         52:7f:e1:f5:7d:29:3b:e6:1f:49:30:93:4e:13:6a:e7:78:17:
         40:d4:26:83:95:f2:51:6b:68:03:eb:7a:d6:6d:13:8a:18:91:
         43:dd:ef:b2:2e:01:26:3b:ad:8d:a5:9a:34:9a:6e:b9:4e:f6:
         97:8f:30:04:75:27:9d:69:ca:dc:9e:88:fc:0b:d0:59:5d:ef:
         9d:52:ad:78:47:c7:37:9d:07:7c:5c:51:fb:02:dd:9e:db:a8:
         2b:58:bf:c4:b0:05:51:b3:35:df:8c:7e:d0:c9:f0:23:ca:9f:
         2c:b7:94:61:14:a0:58:17:e3:bf:3b:31:63:40:af:3a:e8:fb:
         21:73:b4:3f:35:32:1d:ae:4b:41:4c:5f:84:da:3b:f9:3e:94:
         de:dc:19:6f:c1:b5:3d:f7:1e:b9:3f:6d:e2:c3:4d:01:f7:a2:
         5e:93:27:aa:70:98:4c:d4:ba:f5:69:ff:89:37:1b:32:58:e6:
         eb:17:9a:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIH53eTJl8ag3SPBWjQMAaRp5KRkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTYxNjQyMTNaFw0yNzA1MTUxNjQ3MTNaMDMxMTAvBgNV
BAMTKEEyMTkyMkE2MTE5M0JBRDczNTI0QjQ0NzRGNTU3OENCQUYyMUMyNEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgwc/p1PVqsBO7UVrxG0ZA06uH
pGovgcQ4o3CIH8tScrfAJ+XHRn6APtw1kJDR+R8pCFmd5xXbfaKeEFSu61OBF2jy
uF0uhdHANMj4yfaxLnYjwAIO5W5I9GjwtrHMQq3Kxm/b6K78bNtqd2Jbc29azno+
7kAuNEsds9H+2Wz/Iwaupqhz7DY2qZnv1UCwtIhoapdIMqXOvhDcMQ8ZSdGonrFd
pUUrR22WY0mTcQVWCjm9GZZBxg0E7xbBs9zMsMzirdQgE/yCQuGordSKOpygHr3D
WjdnnTNr25k4MKlfXwj4LhT8v5UZ6QQkRfYTivcdLzPOCB/tkRigj/SUxtWnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUohkiphGTutc1JLRHT1V4y68hwk0wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA3MDc1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsve
MA0GCSqGSIb3DQEBCwUAA4IBAQAzRwTOkXQfR43rxQBhNBTvW1H7PbmNnelkKH6u
Lg1mv/nNwtQXSeHanFbtgvpwPab/nV+cfRcW09QKa6/YCzvU540ICvjU8pxSf+H1
fSk75h9JMJNOE2rneBdA1CaDlfJRa2gD63rWbROKGJFD3e+yLgEmO62NpZo0mm65
TvaXjzAEdSedacrcnoj8C9BZXe+dUq14R8c3nQd8XFH7At2e26grWL/EsAVRszXf
jH7QyfAjyp8st5RhFKBYF+O/OzFjQK866Pshc7Q/NTIdrktBTF+E2jv5PpTe3Blv
wbU99x65P23iw00B96JekyeqcJhM1Lr1af+JNxsyWObrF5oF
-----END CERTIFICATE-----