Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206136.roa
File:                     AS206136.roa (raw, json)
Hash identifier:          0psyiq/x7XOiW6yhQMnS56uk747W6wn3TUuE8VHC6NE=
Subject key identifier:   88:4B:C3:E3:EC:66:53:5D:83:7D:9E:C7:C0:DD:0A:6D:5D:9C:EF:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2366917866BD9FE6B86A28B067799C9B04E26D1F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206136.roa
Signing time:             Fri 05 Jun 2026 05:27:22 +0000
ROA not before:           Fri 05 Jun 2026 05:22:22 +0000
ROA not after:            Fri 04 Jun 2027 05:27:22 +0000
asID:                     206136
IP address blocks:        155.117.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            23:66:91:78:66:bd:9f:e6:b8:6a:28:b0:67:79:9c:9b:04:e2:6d:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 05:22:22 2026 GMT
            Not After : Jun  4 05:27:22 2027 GMT
        Subject: CN=884BC3E3EC66535D837D9EC7C0DD0A6D5D9CEFD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:8f:47:e7:1a:a3:a3:75:fe:01:b8:12:7b:ff:
                    62:b3:80:96:00:cf:ca:13:94:b5:bf:84:ef:0c:66:
                    26:09:1d:82:6a:77:ff:6f:ff:e3:fd:2a:44:a2:79:
                    d5:91:88:8a:93:0f:45:68:f8:cf:35:f8:e5:85:96:
                    2f:25:c5:9b:54:a4:0e:8e:f5:32:8e:f4:b9:37:e5:
                    98:f0:62:6a:81:28:9e:24:ac:d2:f6:bb:5a:62:d1:
                    07:2c:9c:3f:b4:df:bf:02:1f:5d:0b:5b:35:01:20:
                    cb:ef:82:f2:7b:3c:1c:43:f6:5d:de:4a:cc:bd:00:
                    67:7b:dc:8b:90:9e:d5:0a:de:f5:71:a6:bd:81:6c:
                    43:31:7b:8a:ae:d0:9a:9c:9b:41:86:57:c5:f0:0c:
                    4a:55:fd:36:2e:ae:a5:be:c0:28:03:5a:a7:90:6d:
                    22:64:1a:2d:c3:94:d2:ff:ca:09:d4:dd:16:0b:fd:
                    f5:09:92:48:98:bc:b6:ca:37:9d:95:99:81:2e:36:
                    3a:b7:f4:50:f7:0c:0b:33:f7:e0:38:07:3b:97:46:
                    6b:45:97:a6:63:cf:19:ae:45:17:17:41:06:c3:7c:
                    85:43:b9:0b:8a:89:83:21:e9:36:1c:4f:73:ae:e3:
                    e7:f2:82:a4:b9:58:75:b0:20:78:c6:90:80:ef:26:
                    f8:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:4B:C3:E3:EC:66:53:5D:83:7D:9E:C7:C0:DD:0A:6D:5D:9C:EF:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:4e:31:71:47:ae:cc:e2:84:24:47:6f:7c:0f:ba:29:56:42:
         1d:53:50:83:51:ee:86:c2:34:00:50:40:70:c2:24:a1:1a:66:
         40:9c:aa:8d:ce:a0:88:48:d3:ed:21:34:52:78:8f:ad:6e:1f:
         98:a8:4f:48:48:2b:8c:e6:e8:8a:45:7c:29:92:15:76:a9:c1:
         4c:9a:d5:bc:2c:86:27:b0:00:85:30:46:fa:ae:bd:91:20:14:
         c6:b9:98:06:ef:68:08:37:cc:c8:01:57:84:ec:0c:38:9e:d8:
         57:73:0d:7e:d0:c9:79:2c:04:4b:ff:11:ea:4f:69:45:ee:cc:
         46:94:f4:c9:7e:bf:fb:9f:39:1a:e6:61:c1:f1:c7:8d:7b:08:
         a4:26:e9:e8:92:d6:5a:b5:b5:a3:33:17:2a:e3:00:6e:d7:83:
         36:3b:c2:aa:cf:7a:77:62:51:94:27:15:d6:6b:c4:72:94:97:
         fe:86:7b:76:56:2a:db:4e:14:1d:c4:cf:84:a2:62:19:70:7f:
         b1:63:85:bb:92:81:b4:69:ec:48:67:2c:9b:34:0d:0c:a6:6f:
         3b:e6:9b:bd:b7:d7:4e:d3:fb:a7:35:8d:45:a1:7d:64:c2:97:
         27:0f:9b:eb:86:d9:c6:a5:0a:c2:cc:dd:fe:e3:f4:3f:e9:30:
         8a:88:fe:8f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUI2aReGa9n+a4aiiwZ3mcmwTibR8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUwNTIyMjJaFw0yNzA2MDQwNTI3MjJaMDMxMTAvBgNV
BAMTKDg4NEJDM0UzRUM2NjUzNUQ4MzdEOUVDN0MwREQwQTZENUQ5Q0VGRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPj0fnGqOjdf4BuBJ7/2KzgJYA
z8oTlLW/hO8MZiYJHYJqd/9v/+P9KkSiedWRiIqTD0Vo+M81+OWFli8lxZtUpA6O
9TKO9Lk35ZjwYmqBKJ4krNL2u1pi0QcsnD+0378CH10LWzUBIMvvgvJ7PBxD9l3e
Ssy9AGd73IuQntUK3vVxpr2BbEMxe4qu0Jqcm0GGV8XwDEpV/TYurqW+wCgDWqeQ
bSJkGi3DlNL/ygnU3RYL/fUJkkiYvLbKN52VmYEuNjq39FD3DAsz9+A4BzuXRmtF
l6ZjzxmuRRcXQQbDfIVDuQuKiYMh6TYcT3Ou4+fygqS5WHWwIHjGkIDvJvghAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiEvD4+xmU12DfZ7HwN0KbV2c79EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA2MTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3X4
MA0GCSqGSIb3DQEBCwUAA4IBAQAQTjFxR67M4oQkR298D7opVkIdU1CDUe6GwjQA
UEBwwiShGmZAnKqNzqCISNPtITRSeI+tbh+YqE9ISCuM5uiKRXwpkhV2qcFMmtW8
LIYnsACFMEb6rr2RIBTGuZgG72gIN8zIAVeE7Aw4nthXcw1+0Ml5LARL/xHqT2lF
7sxGlPTJfr/7nzka5mHB8ceNewikJunoktZatbWjMxcq4wBu14M2O8Kqz3p3YlGU
JxXWa8RylJf+hnt2VirbThQdxM+EomIZcH+xY4W7koG0aexIZyybNA0Mpm875pu9
t9dO0/unNY1FoX1kwpcnD5vrhtnGpQrCzN3+4/Q/6TCKiP6P
-----END CERTIFICATE-----