Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205840.roa
File:                     AS205840.roa (raw, json)
Hash identifier:          3GhRym97OYZANc8tIDxyPeIKEuBtBD1EZz0PGZEi240=
Subject key identifier:   01:0E:35:3C:60:5B:66:A4:C7:06:15:14:8F:C2:AA:9A:FB:AE:69:1A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       49DB0251D5E5003C6B0B0278AF2707D5899C7676
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205840.roa
Signing time:             Fri 30 Jan 2026 12:41:38 +0000
ROA not before:           Fri 30 Jan 2026 12:36:38 +0000
ROA not after:            Fri 29 Jan 2027 12:41:38 +0000
asID:                     205840
IP address blocks:        96.62.100.0/24 maxlen: 24
                          155.117.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:db:02:51:d5:e5:00:3c:6b:0b:02:78:af:27:07:d5:89:9c:76:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 30 12:36:38 2026 GMT
            Not After : Jan 29 12:41:38 2027 GMT
        Subject: CN=010E353C605B66A4C70615148FC2AA9AFBAE691A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:87:52:9d:3a:c2:d1:a5:d4:75:98:6f:32:6a:
                    46:73:60:3e:a7:02:7e:9c:c6:08:59:e5:75:7f:be:
                    bc:93:5d:36:27:ba:04:93:26:a6:e1:19:91:67:dc:
                    a4:ec:30:c1:18:e6:b0:ba:65:8f:7f:78:96:de:cd:
                    46:60:0b:20:e4:64:e8:f2:8a:0d:e5:c9:b4:d1:32:
                    b1:e2:82:96:26:e1:03:0a:b4:96:36:59:13:1e:96:
                    18:12:f3:36:11:1c:f4:38:00:99:ca:51:d8:ea:d6:
                    5c:7d:63:25:95:fd:65:39:9b:fc:eb:30:8a:f3:b8:
                    c4:f7:91:04:d2:69:e9:fb:7d:ad:d2:b1:c2:bd:88:
                    0e:be:08:c7:db:9c:ca:95:c5:5a:87:fa:4a:a4:04:
                    d2:a7:f7:e8:08:42:10:58:a8:21:a6:0e:f3:82:4c:
                    48:71:99:1d:ac:c4:77:ef:89:60:d6:82:19:0e:bc:
                    9b:f7:e6:16:55:db:95:0a:f7:8e:b4:d8:5c:b4:4f:
                    62:03:61:2a:8b:d3:86:b4:5d:6f:67:57:7f:2d:9e:
                    ff:f8:55:a2:9e:1a:31:68:eb:8c:ab:1b:35:4e:78:
                    09:70:92:e7:00:a6:e5:af:4f:cf:87:b6:50:30:b2:
                    25:b6:2f:a4:6b:f0:83:0e:a8:ba:70:59:be:66:9b:
                    db:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:0E:35:3C:60:5B:66:A4:C7:06:15:14:8F:C2:AA:9A:FB:AE:69:1A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205840.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.100.0/24
                  155.117.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:bf:91:22:54:8b:6e:57:e3:9d:c7:72:ab:4f:77:58:5c:99:
         18:69:82:cc:84:95:fb:11:21:a8:6d:ef:c0:a7:44:8c:a8:70:
         5b:20:ca:b9:14:8c:02:fc:f1:d2:b2:07:3b:d5:2d:69:97:fb:
         b8:87:68:b0:a5:62:e6:d5:75:ba:af:51:cc:25:82:c0:65:48:
         a9:85:af:2a:3a:63:79:bf:63:aa:17:9a:d8:03:3c:f3:fb:e0:
         14:40:1f:c4:e8:65:7c:50:77:16:b6:96:ae:80:53:2a:aa:ca:
         16:43:ba:f7:d6:0d:7c:dd:7a:6a:cf:ee:0c:24:d8:66:81:e7:
         91:b4:e6:63:7c:c2:5f:ae:39:60:01:b9:13:34:3b:44:24:a2:
         58:a3:c3:5b:6c:ba:f1:f0:8b:c5:01:99:c5:fb:5e:d9:01:2a:
         4b:18:39:94:53:3a:d3:c6:ad:07:ff:56:16:17:e9:91:1d:92:
         16:3a:99:0d:35:7b:8a:a3:0b:a6:23:f9:65:46:e6:a0:a2:0e:
         dd:e7:3e:3d:25:c2:8d:b9:51:78:b3:b8:af:b3:a6:17:5e:65:
         b1:a2:16:57:4b:4b:9c:8e:9c:11:e8:61:ab:50:3d:60:02:df:
         4c:9f:eb:81:2b:7e:e7:38:b4:7c:7c:59:80:93:ac:1f:ba:67:
         18:b6:5c:de
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUSdsCUdXlADxrCwJ4rycH1YmcdnYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMzAxMjM2MzhaFw0yNzAxMjkxMjQxMzhaMDMxMTAvBgNV
BAMTKDAxMEUzNTNDNjA1QjY2QTRDNzA2MTUxNDhGQzJBQTlBRkJBRTY5MUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEh1KdOsLRpdR1mG8yakZzYD6n
An6cxghZ5XV/vryTXTYnugSTJqbhGZFn3KTsMMEY5rC6ZY9/eJbezUZgCyDkZOjy
ig3lybTRMrHigpYm4QMKtJY2WRMelhgS8zYRHPQ4AJnKUdjq1lx9YyWV/WU5m/zr
MIrzuMT3kQTSaen7fa3SscK9iA6+CMfbnMqVxVqH+kqkBNKn9+gIQhBYqCGmDvOC
TEhxmR2sxHfviWDWghkOvJv35hZV25UK94602Fy0T2IDYSqL04a0XW9nV38tnv/4
VaKeGjFo64yrGzVOeAlwkucApuWvT8+HtlAwsiW2L6Rr8IMOqLpwWb5mm9t1AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAQ41PGBbZqTHBhUUj8KqmvuuaRowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODQwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAYD5k
AwQAm3XOMA0GCSqGSIb3DQEBCwUAA4IBAQB0v5EiVItuV+Odx3KrT3dYXJkYaYLM
hJX7ESGobe/Ap0SMqHBbIMq5FIwC/PHSsgc71S1pl/u4h2iwpWLm1XW6r1HMJYLA
ZUipha8qOmN5v2OqF5rYAzzz++AUQB/E6GV8UHcWtpaugFMqqsoWQ7r31g183Xpq
z+4MJNhmgeeRtOZjfMJfrjlgAbkTNDtEJKJYo8NbbLrx8IvFAZnF+17ZASpLGDmU
UzrTxq0H/1YWF+mRHZIWOpkNNXuKowumI/llRuagog7d5z49JcKNuVF4s7ivs6YX
XmWxohZXS0ucjpwR6GGrUD1gAt9Mn+uBK37nOLR8fFmAk6wfumcYtlze
-----END CERTIFICATE-----