Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207043.roa
File:                     AS207043.roa (raw, json)
Hash identifier:          bgm5MA1UhSlSnwzgp8jFEvEh2NYrNiPV/x9Vyix8wZQ=
Subject key identifier:   71:82:E2:14:90:A7:31:53:7D:76:BA:29:07:F3:42:60:13:27:20:ED
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       588766F4DE016A1EC9F080EAD30A28F459F11AAB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207043.roa
Signing time:             Fri 12 Jun 2026 11:23:20 +0000
ROA not before:           Fri 12 Jun 2026 11:18:20 +0000
ROA not after:            Fri 11 Jun 2027 11:23:20 +0000
asID:                     207043
IP address blocks:        96.62.218.0/24 maxlen: 24
                          96.62.224.0/24 maxlen: 24
                          167.148.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:87:66:f4:de:01:6a:1e:c9:f0:80:ea:d3:0a:28:f4:59:f1:1a:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 12 11:18:20 2026 GMT
            Not After : Jun 11 11:23:20 2027 GMT
        Subject: CN=7182E21490A731537D76BA2907F34260132720ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a6:dd:06:2d:9f:06:4d:a0:4e:55:74:75:32:
                    2c:42:66:67:78:1d:cf:11:97:24:40:15:88:49:43:
                    7e:91:41:7a:65:e3:d3:f6:ad:bf:58:0b:b4:b6:a9:
                    ff:34:b4:6c:d1:4d:5b:93:fb:13:c1:fe:cc:d3:56:
                    6d:99:be:de:6f:28:cd:38:8e:3b:2d:bc:20:d2:b1:
                    92:bb:f1:78:e4:ed:80:74:ec:b0:9c:59:92:81:7a:
                    75:21:63:d6:49:e4:c4:45:51:65:0f:48:54:7a:9c:
                    34:92:fe:01:be:e5:8c:dc:d0:e0:5b:db:3d:7d:d4:
                    82:d3:67:04:1d:3f:55:ae:ba:6e:21:cb:55:84:7b:
                    d8:c9:f3:8a:0d:13:fd:04:9e:9e:09:bd:0f:db:e1:
                    77:8b:0f:28:d2:77:45:55:d1:39:94:65:9a:24:a4:
                    09:30:8d:e1:b6:01:fb:84:3e:59:f9:f0:24:e4:f6:
                    42:de:4f:3e:ab:51:1d:04:7d:ad:ec:2f:b3:e1:e9:
                    0d:5b:6b:a4:07:66:61:ab:53:1e:cc:64:8a:fa:94:
                    41:42:67:31:da:e8:67:cf:df:3a:75:ed:f8:19:e3:
                    95:a9:46:2e:71:e7:e3:dc:da:df:99:7e:76:19:3e:
                    9c:b6:9f:ad:88:32:ba:f1:f4:3c:af:e5:80:e0:9b:
                    0e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:82:E2:14:90:A7:31:53:7D:76:BA:29:07:F3:42:60:13:27:20:ED
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.218.0/24
                  96.62.224.0/24
                  167.148.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:d3:18:5a:47:aa:10:f1:67:4d:69:cf:87:a9:48:d6:09:ec:
         97:c8:37:19:47:9a:a5:4a:e1:0f:18:ba:9d:48:5c:a4:d1:a8:
         0c:e6:3f:14:ae:50:0c:32:1c:67:14:9c:7d:1f:cd:00:0d:53:
         f6:08:40:07:96:22:19:7a:b4:17:1f:8a:de:1f:48:f6:41:dc:
         2d:e4:56:a3:61:6b:45:93:19:4d:42:4a:d1:f4:fe:a1:e7:95:
         15:9a:17:c7:81:b7:5d:82:e7:cc:04:25:92:a9:58:de:b3:26:
         36:9b:b7:af:4d:06:ea:0f:14:04:d4:04:b0:ab:aa:9f:bf:51:
         c8:61:22:c0:87:ce:13:be:ce:8e:1e:da:4f:01:d5:3c:7b:61:
         66:09:bb:ca:a4:8c:e5:62:ce:8f:44:27:d9:87:77:5b:12:65:
         62:b5:0c:e6:3f:ab:0f:eb:be:b1:7e:eb:95:33:7a:f7:94:14:
         52:7d:22:f4:01:4d:8e:4d:2a:8c:36:50:8f:f7:fd:29:04:8f:
         63:c6:09:a4:2a:fc:f5:c7:17:7e:2e:16:76:c5:d8:33:ff:2a:
         6c:31:a1:a5:16:db:4a:d0:47:5d:e0:eb:0b:56:2f:f9:fa:31:
         5c:68:2d:84:8f:8c:99:2f:df:d6:0a:6d:88:c0:b5:60:ac:ae:
         70:cb:29:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUWIdm9N4Bah7J8IDq0woo9FnxGqswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTIxMTE4MjBaFw0yNzA2MTExMTIzMjBaMDMxMTAvBgNV
BAMTKDcxODJFMjE0OTBBNzMxNTM3RDc2QkEyOTA3RjM0MjYwMTMyNzIwRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGpt0GLZ8GTaBOVXR1MixCZmd4
Hc8RlyRAFYhJQ36RQXpl49P2rb9YC7S2qf80tGzRTVuT+xPB/szTVm2Zvt5vKM04
jjstvCDSsZK78Xjk7YB07LCcWZKBenUhY9ZJ5MRFUWUPSFR6nDSS/gG+5Yzc0OBb
2z191ILTZwQdP1Wuum4hy1WEe9jJ84oNE/0Enp4JvQ/b4XeLDyjSd0VV0TmUZZok
pAkwjeG2AfuEPln58CTk9kLeTz6rUR0Efa3sL7Ph6Q1ba6QHZmGrUx7MZIr6lEFC
ZzHa6GfP3zp17fgZ45WpRi5x5+Pc2t+ZfnYZPpy2n62IMrrx9Dyv5YDgmw7hAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUcYLiFJCnMVN9dropB/NCYBMnIO0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3MDQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAYD7a
AwQAYD7gAwQAp5TDMA0GCSqGSIb3DQEBCwUAA4IBAQCQ0xhaR6oQ8WdNac+HqUjW
CeyXyDcZR5qlSuEPGLqdSFyk0agM5j8UrlAMMhxnFJx9H80ADVP2CEAHliIZerQX
H4reH0j2Qdwt5FajYWtFkxlNQkrR9P6h55UVmhfHgbddgufMBCWSqVjesyY2m7ev
TQbqDxQE1ASwq6qfv1HIYSLAh84Tvs6OHtpPAdU8e2FmCbvKpIzlYs6PRCfZh3db
EmVitQzmP6sP676xfuuVM3r3lBRSfSL0AU2OTSqMNlCP9/0pBI9jxgmkKvz1xxd+
LhZ2xdgz/ypsMaGlFttK0Edd4OsLVi/5+jFcaC2Ej4yZL9/WCm2IwLVgrK5wyynZ
-----END CERTIFICATE-----