Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa
File:                     AS206533.roa (raw, json)
Hash identifier:          1i+8Ead7o6+WY9eAZKLJk//EvRr8FLl9Zf4WX1QV/Ac=
Subject key identifier:   51:E2:29:43:46:96:4C:64:91:4F:89:C6:8D:20:39:96:28:77:07:37
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7F58C6C2ADE9644E781D580BD65C60AEF5CD5FEB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa
Signing time:             Tue 31 Mar 2026 01:18:50 +0000
ROA not before:           Tue 31 Mar 2026 01:13:50 +0000
ROA not after:            Tue 30 Mar 2027 01:18:50 +0000
asID:                     206533
IP address blocks:        167.148.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:58:c6:c2:ad:e9:64:4e:78:1d:58:0b:d6:5c:60:ae:f5:cd:5f:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 31 01:13:50 2026 GMT
            Not After : Mar 30 01:18:50 2027 GMT
        Subject: CN=51E2294346964C64914F89C68D20399628770737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:87:39:3f:ea:4f:d4:b8:c4:45:e9:09:1f:7f:
                    69:91:cb:e0:2e:d4:5e:97:5f:a9:d4:b6:24:69:3c:
                    e6:74:e3:6a:aa:50:83:40:d0:24:31:bc:64:d2:75:
                    2f:83:0a:97:2c:68:3e:5d:f4:2e:dc:fe:1c:65:0f:
                    4f:0e:42:f8:fb:24:35:5e:df:96:06:66:cf:dc:65:
                    79:b4:ba:20:e9:45:10:45:7f:ed:34:c8:c6:df:27:
                    ec:3e:95:54:2b:73:7f:a9:3d:89:f3:01:1c:2e:da:
                    37:42:42:7c:28:2d:0e:44:92:6a:e1:f6:74:8d:c0:
                    90:06:0b:0c:a2:47:fa:13:b5:7d:8b:98:5f:5a:0e:
                    d1:e3:72:24:54:83:70:60:cc:2b:47:c6:d1:5b:92:
                    dc:0b:98:5b:cd:be:92:9f:c2:3b:dd:3b:0f:69:c8:
                    c0:d2:53:55:6c:da:fa:8e:22:c7:cf:35:76:8d:fc:
                    c4:4a:26:ee:37:b4:93:fc:83:ce:60:c8:e9:a3:5a:
                    2d:31:05:68:a7:f8:da:f3:86:f5:ea:77:aa:5c:e8:
                    5e:40:52:ca:71:fb:3d:d0:ea:28:74:ed:39:85:73:
                    06:91:2e:74:ef:f8:df:64:74:d7:76:98:b1:21:18:
                    53:1c:4d:8b:80:8f:e1:f1:b2:59:f8:57:f0:d9:d7:
                    b4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:E2:29:43:46:96:4C:64:91:4F:89:C6:8D:20:39:96:28:77:07:37
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS206533.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:4a:1b:44:ff:df:a2:e7:d4:60:3e:70:d7:6d:05:96:de:f6:
         81:2f:ba:f6:2d:03:3f:3b:c4:92:fb:2e:ad:80:6d:31:ae:42:
         30:2f:f0:a3:21:d5:30:0d:b3:47:9c:e6:e6:00:ec:ab:7f:6b:
         7e:8a:2d:2d:d9:17:3f:7d:5d:a3:20:21:94:5a:0d:3d:52:9e:
         07:fe:cf:1d:9e:67:d9:f9:d8:dd:5a:04:bc:72:5a:60:a8:2b:
         1f:7b:d8:95:eb:e1:c7:fa:18:31:92:35:39:8a:df:d2:ad:e3:
         c9:b0:3d:20:a9:e7:c1:3d:cb:75:56:2a:07:3b:05:3a:f0:31:
         92:e3:ea:c2:b4:b1:eb:50:c7:c5:5b:d0:f2:08:13:24:31:29:
         f7:35:70:40:f1:b0:e9:4f:ec:44:f2:00:c3:cb:60:ae:19:64:
         76:33:f2:14:71:a7:0b:b9:14:e0:79:fc:17:49:71:43:6c:e8:
         fc:76:70:70:d5:81:c7:ca:47:da:3f:52:66:77:58:76:73:f0:
         84:66:eb:56:9c:ba:a7:84:da:a4:be:5b:a6:d1:43:09:25:87:
         5c:07:db:81:56:58:40:85:09:99:76:65:65:9e:36:05:42:23:
         c0:f0:ab:0b:63:1f:d9:bb:be:14:f0:49:9f:3d:6d:4b:ad:e5:
         35:9c:73:02
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUf1jGwq3pZE54HVgL1lxgrvXNX+swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMzEwMTEzNTBaFw0yNzAzMzAwMTE4NTBaMDMxMTAvBgNV
BAMTKDUxRTIyOTQzNDY5NjRDNjQ5MTRGODlDNjhEMjAzOTk2Mjg3NzA3MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCFhzk/6k/UuMRF6Qkff2mRy+Au
1F6XX6nUtiRpPOZ042qqUINA0CQxvGTSdS+DCpcsaD5d9C7c/hxlD08OQvj7JDVe
35YGZs/cZXm0uiDpRRBFf+00yMbfJ+w+lVQrc3+pPYnzARwu2jdCQnwoLQ5Ekmrh
9nSNwJAGCwyiR/oTtX2LmF9aDtHjciRUg3BgzCtHxtFbktwLmFvNvpKfwjvdOw9p
yMDSU1Vs2vqOIsfPNXaN/MRKJu43tJP8g85gyOmjWi0xBWin+NrzhvXqd6pc6F5A
Uspx+z3Q6ih07TmFcwaRLnTv+N9kdNd2mLEhGFMcTYuAj+Hxsln4V/DZ17R9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUeIpQ0aWTGSRT4nGjSA5lih3BzcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA2NTMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5TY
MA0GCSqGSIb3DQEBCwUAA4IBAQByShtE/9+i59RgPnDXbQWW3vaBL7r2LQM/O8SS
+y6tgG0xrkIwL/CjIdUwDbNHnObmAOyrf2t+ii0t2Rc/fV2jICGUWg09Up4H/s8d
nmfZ+djdWgS8clpgqCsfe9iV6+HH+hgxkjU5it/SrePJsD0gqefBPct1VioHOwU6
8DGS4+rCtLHrUMfFW9DyCBMkMSn3NXBA8bDpT+xE8gDDy2CuGWR2M/IUcacLuRTg
efwXSXFDbOj8dnBw1YHHykfaP1Jmd1h2c/CEZutWnLqnhNqkvlum0UMJJYdcB9uB
VlhAhQmZdmVlnjYFQiPA8KsLYx/Zu74U8EmfPW1LreU1nHMC
-----END CERTIFICATE-----