Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205960.roa
File:                     AS205960.roa (raw, json)
Hash identifier:          182thybEqz7NYuHigUnPdOZJBZ1lXd07ovUYkw3yE/k=
Subject key identifier:   7E:98:23:81:4A:BB:90:63:CB:80:DC:65:09:E3:86:0D:CC:25:B6:84
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0FA67A0DFD68D1FB5083CBB5A9437567648D39AD
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205960.roa
Signing time:             Thu 05 Feb 2026 12:31:24 +0000
ROA not before:           Thu 05 Feb 2026 12:26:24 +0000
ROA not after:            Thu 04 Feb 2027 12:31:24 +0000
asID:                     205960
IP address blocks:        148.135.181.0/24 maxlen: 24
                          167.148.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:a6:7a:0d:fd:68:d1:fb:50:83:cb:b5:a9:43:75:67:64:8d:39:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb  5 12:26:24 2026 GMT
            Not After : Feb  4 12:31:24 2027 GMT
        Subject: CN=7E9823814ABB9063CB80DC6509E3860DCC25B684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:87:43:27:20:b6:f8:9f:13:1e:b0:05:44:da:
                    45:f1:a6:57:c5:e2:45:f9:b9:12:bc:65:78:37:0d:
                    4b:55:d6:5c:9a:20:ce:99:a4:e9:3d:17:05:86:42:
                    ae:e2:9d:76:0b:33:bd:db:88:60:8d:fa:47:23:36:
                    21:bd:b5:92:09:e2:e1:9a:3e:55:bf:16:86:d3:5b:
                    21:98:27:01:a3:52:55:a5:07:f7:cc:ab:0c:4e:66:
                    a7:a6:17:ab:b5:cb:aa:ae:6b:1c:bb:76:05:ed:7f:
                    3a:8a:f4:d0:9b:4e:26:76:e5:bc:2a:0b:ca:82:8c:
                    95:c4:c4:1f:d0:5a:9f:5e:64:f8:20:58:6e:ec:df:
                    82:2e:9a:83:22:0f:97:dd:16:2b:21:3d:c6:a1:e9:
                    eb:0c:79:ab:d6:9f:09:ed:b3:b2:d7:51:bf:09:40:
                    c2:b5:58:a3:04:a5:aa:e3:ff:8c:4e:6e:0a:65:4e:
                    2a:87:e9:32:af:ee:cb:f4:34:a8:b1:6d:4c:81:9b:
                    2f:e6:db:ae:1b:12:3a:d0:79:1f:bf:da:87:2b:78:
                    95:5b:d4:78:39:2d:d3:3b:8b:f5:2d:a6:e2:ef:91:
                    fb:4b:e3:a9:0a:60:df:a5:92:28:e5:15:1c:3a:28:
                    ee:46:f3:ad:e5:04:fe:4b:25:9d:e3:06:53:8f:09:
                    63:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:98:23:81:4A:BB:90:63:CB:80:DC:65:09:E3:86:0D:CC:25:B6:84
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS205960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.181.0/24
                  167.148.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:54:22:89:10:88:e3:e9:2a:8f:d6:6c:e9:8c:be:65:2c:dc:
         53:62:42:00:48:39:74:90:92:2d:60:d9:24:3e:41:05:74:bc:
         49:c2:bb:38:12:6c:70:bc:fb:cd:ec:a1:d5:e5:69:73:6e:ad:
         93:c0:f0:05:41:9d:f8:fb:b4:8a:91:ea:08:4b:0c:60:e0:6f:
         2e:a5:d7:f4:d3:32:8f:05:92:da:65:2d:73:89:a4:6a:9b:4d:
         de:00:4e:49:95:da:b8:d7:b4:be:a6:1c:9c:6e:af:b6:1f:79:
         88:5b:63:cc:e3:7a:b9:d3:1c:ce:e8:3b:c7:dc:ab:81:94:0f:
         25:06:53:b2:0a:38:f8:cc:f8:cb:73:8e:f0:07:9b:ee:37:f3:
         48:3f:99:de:5d:e3:5f:59:f0:92:47:b1:30:f6:2c:db:62:ca:
         a6:9c:c5:33:16:3a:f7:b5:5f:a8:5b:98:f5:e5:31:a5:c1:2a:
         30:1a:43:65:1a:48:a2:98:48:e9:f4:0b:8d:0e:9c:e4:d6:7f:
         fa:ce:79:26:7f:72:b5:26:d2:d3:ab:75:6c:2a:59:bf:15:fe:
         d3:0b:b6:10:9e:c9:68:f3:ae:ad:c1:fb:5d:d7:29:23:1f:f0:
         dc:a4:60:cd:d3:d2:57:89:45:1c:53:db:66:98:1d:6c:50:94:
         f0:ba:66:2d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUD6Z6Df1o0ftQg8u1qUN1Z2SNOa0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMDUxMjI2MjRaFw0yNzAyMDQxMjMxMjRaMDMxMTAvBgNV
BAMTKDdFOTgyMzgxNEFCQjkwNjNDQjgwREM2NTA5RTM4NjBEQ0MyNUI2ODQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlh0MnILb4nxMesAVE2kXxplfF
4kX5uRK8ZXg3DUtV1lyaIM6ZpOk9FwWGQq7inXYLM73biGCN+kcjNiG9tZIJ4uGa
PlW/FobTWyGYJwGjUlWlB/fMqwxOZqemF6u1y6quaxy7dgXtfzqK9NCbTiZ25bwq
C8qCjJXExB/QWp9eZPggWG7s34IumoMiD5fdFishPcah6esMeavWnwnts7LXUb8J
QMK1WKMEparj/4xObgplTiqH6TKv7sv0NKixbUyBmy/m264bEjrQeR+/2ocreJVb
1Hg5LdM7i/UtpuLvkftL46kKYN+lkijlFRw6KO5G863lBP5LJZ3jBlOPCWMhAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfpgjgUq7kGPLgNxlCeOGDcwltoQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA1OTYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAlIe1
AwQAp5S6MA0GCSqGSIb3DQEBCwUAA4IBAQBwVCKJEIjj6SqP1mzpjL5lLNxTYkIA
SDl0kJItYNkkPkEFdLxJwrs4EmxwvPvN7KHV5Wlzbq2TwPAFQZ34+7SKkeoISwxg
4G8updf00zKPBZLaZS1ziaRqm03eAE5Jldq417S+phycbq+2H3mIW2PM43q50xzO
6DvH3KuBlA8lBlOyCjj4zPjLc47wB5vuN/NIP5neXeNfWfCSR7Ew9izbYsqmnMUz
Fjr3tV+oW5j15TGlwSowGkNlGkiimEjp9AuNDpzk1n/6znkmf3K1JtLTq3VsKlm/
Ff7TC7YQnslo866twftd1ykjH/DcpGDN09JXiUUcU9tmmB1sUJTwumYt
-----END CERTIFICATE-----