Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa
File:                     AS205886.roa (raw, json)
Hash identifier:          U2Zo/32RwlQ/1eyX6u0O7wok1MQHTsBJn3WaP0WitC0=
Subject key identifier:   9F:DE:C1:9E:21:64:29:28:A3:A3:1E:0E:16:DE:22:ED:C4:2A:E0:85
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       05AA689F48829966E1A561D7BAEB076B65D8FD06
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa
Signing time:             Tue 17 Feb 2026 02:27:44 +0000
ROA not before:           Tue 17 Feb 2026 02:22:44 +0000
ROA not after:            Tue 16 Feb 2027 02:27:44 +0000
asID:                     205886
IP address blocks:        147.79.16.0/24 maxlen: 24
                          155.117.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:aa:68:9f:48:82:99:66:e1:a5:61:d7:ba:eb:07:6b:65:d8:fd:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 17 02:22:44 2026 GMT
            Not After : Feb 16 02:27:44 2027 GMT
        Subject: CN=9FDEC19E21642928A3A31E0E16DE22EDC42AE085
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:d4:79:c4:55:a9:90:e6:c1:94:82:d2:ec:3a:
                    51:8b:06:8f:4f:67:83:51:a5:eb:4f:d3:34:a8:d8:
                    df:1c:85:6c:9c:87:e7:31:2b:20:2a:cd:c3:50:05:
                    68:00:3a:b6:a5:cb:0a:17:c0:9d:94:c3:99:13:27:
                    27:ec:8e:df:55:f7:2f:29:a5:b8:e5:57:61:cd:be:
                    13:e3:fa:af:37:e0:a8:50:75:58:8c:86:60:31:88:
                    45:af:f8:81:57:90:b9:18:2f:77:08:09:2c:a5:e0:
                    2d:54:30:d3:1b:19:73:25:37:30:f5:d0:bd:af:80:
                    64:2a:9f:62:44:46:87:31:ba:f8:96:78:f3:f5:2e:
                    90:c8:ad:f4:99:a9:e0:31:b3:10:3a:fe:9a:77:16:
                    2a:f6:c7:76:0c:ec:34:64:0a:af:a6:cd:5e:07:64:
                    b8:1e:ba:e1:01:04:a8:f9:28:33:76:c5:4a:6f:0c:
                    26:ac:82:55:1b:84:ce:f4:ba:3e:7c:af:e0:ee:2f:
                    f7:2f:e0:32:c5:8a:bb:b4:f5:7f:0f:a5:8a:7a:c7:
                    56:bc:32:6e:04:99:ad:36:52:1e:ee:5c:a5:79:d2:
                    a6:5b:af:c8:29:2e:0e:73:dd:d3:04:d0:34:32:17:
                    11:0a:a5:27:e6:00:7f:16:f7:36:95:e2:1d:37:ab:
                    12:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:DE:C1:9E:21:64:29:28:A3:A3:1E:0E:16:DE:22:ED:C4:2A:E0:85
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205886.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.16.0/24
                  155.117.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:7f:fd:74:17:20:c0:65:8b:e5:6e:50:1b:cc:3f:ea:a6:65:
         86:e5:78:30:a2:16:ba:b1:3b:01:2f:00:c8:6d:7d:3e:d3:32:
         05:c0:4a:a1:8c:50:4c:91:e4:72:08:c8:af:bf:55:c3:90:c4:
         3b:88:49:d1:d3:59:60:22:81:d9:84:07:fa:73:6c:4d:5b:8d:
         04:b7:d1:bd:b8:04:40:d5:e3:a3:29:9b:1a:1b:4f:3d:26:f3:
         4c:72:66:99:90:f1:51:bf:89:12:b3:66:48:cc:63:d2:8a:2f:
         28:a3:cd:e5:f3:14:50:f3:26:33:c7:53:14:76:42:01:c7:ab:
         79:fa:d2:4d:8d:25:09:40:f7:9d:e9:ca:4b:56:21:97:a8:9d:
         f7:0b:44:56:04:70:20:9d:3e:c0:df:bf:5e:ac:5c:fa:58:b7:
         05:18:c5:4c:29:2a:c0:ba:c5:6a:0f:d7:74:1b:a6:5f:66:86:
         b2:65:04:4d:37:09:a1:4d:f0:40:6c:20:da:25:c1:b6:94:28:
         c5:95:10:fc:be:ca:87:3d:6f:40:5f:3c:ac:61:1e:84:f3:6b:
         ba:a5:e7:db:f8:56:b6:d8:5c:00:6b:ed:0c:c5:63:92:5a:cc:
         c3:70:e5:2f:bc:c9:03:72:13:d2:52:28:8f:3f:18:2f:b2:84:
         e0:20:51:70
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBapon0iCmWbhpWHXuusHa2XY/QYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTcwMjIyNDRaFw0yNzAyMTYwMjI3NDRaMDMxMTAvBgNV
BAMTKDlGREVDMTlFMjE2NDI5MjhBM0EzMUUwRTE2REUyMkVEQzQyQUUwODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC41HnEVamQ5sGUgtLsOlGLBo9P
Z4NRpetP0zSo2N8chWych+cxKyAqzcNQBWgAOralywoXwJ2Uw5kTJyfsjt9V9y8p
pbjlV2HNvhPj+q834KhQdViMhmAxiEWv+IFXkLkYL3cICSyl4C1UMNMbGXMlNzD1
0L2vgGQqn2JERocxuviWePP1LpDIrfSZqeAxsxA6/pp3Fir2x3YM7DRkCq+mzV4H
ZLgeuuEBBKj5KDN2xUpvDCasglUbhM70uj58r+DuL/cv4DLFiru09X8PpYp6x1a8
Mm4Ema02Uh7uXKV50qZbr8gpLg5z3dME0DQyFxEKpSfmAH8W9zaV4h03qxJzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUn97BniFkKSijox4OFt4i7cQq4IUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1ODg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk08Q
AwQAm3XWMA0GCSqGSIb3DQEBCwUAA4IBAQBkf/10FyDAZYvlblAbzD/qpmWG5Xgw
oha6sTsBLwDIbX0+0zIFwEqhjFBMkeRyCMivv1XDkMQ7iEnR01lgIoHZhAf6c2xN
W40Et9G9uARA1eOjKZsaG089JvNMcmaZkPFRv4kSs2ZIzGPSii8oo83l8xRQ8yYz
x1MUdkIBx6t5+tJNjSUJQPed6cpLViGXqJ33C0RWBHAgnT7A379erFz6WLcFGMVM
KSrAusVqD9d0G6ZfZoayZQRNNwmhTfBAbCDaJcG2lCjFlRD8vsqHPW9AXzysYR6E
82u6pefb+Fa22FwAa+0MxWOSWszDcOUvvMkDchPSUiiPPxgvsoTgIFFw
-----END CERTIFICATE-----