Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa
File:                     AS207252.roa (raw, json)
Hash identifier:          D8rQfVLSUfCViKiwZyrshN8s9ZJGdXd+Ll7O5Z5b2UE=
Subject key identifier:   D1:3A:59:5E:A5:84:B0:ED:6C:C4:0B:F3:90:72:95:00:A1:35:04:C1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1CCBDC2F8E82732DF8BD5972C10D545E8E8AD8EC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa
Signing time:             Fri 01 Aug 2025 13:54:13 +0000
ROA not before:           Fri 01 Aug 2025 13:49:13 +0000
ROA not after:            Fri 31 Jul 2026 13:54:13 +0000
asID:                     207252
IP address blocks:        140.233.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:cb:dc:2f:8e:82:73:2d:f8:bd:59:72:c1:0d:54:5e:8e:8a:d8:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  1 13:49:13 2025 GMT
            Not After : Jul 31 13:54:13 2026 GMT
        Subject: CN=D13A595EA584B0ED6CC40BF390729500A13504C1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:23:08:d9:4d:15:fb:26:e1:bb:84:ba:fe:e9:
                    98:92:08:3f:1a:99:59:13:d7:ff:d7:31:e7:df:3c:
                    51:18:d5:2f:99:6f:a5:28:0d:00:90:31:e3:78:95:
                    2c:12:1f:72:64:d9:96:88:e2:72:b6:03:3a:6f:13:
                    33:23:bf:95:77:95:74:75:58:ac:a2:49:f0:27:51:
                    54:83:20:21:74:31:64:e5:6b:df:9b:bb:5f:08:e6:
                    c8:e9:a6:80:d0:c9:0e:8c:6d:35:ba:4b:a5:f6:fb:
                    9f:4e:10:82:65:f4:57:93:e1:a9:ed:a7:fc:60:ba:
                    6c:83:6c:a1:c9:74:96:86:49:32:c3:10:b1:65:28:
                    e7:2e:9d:50:fd:f9:c7:92:7d:e2:94:58:18:ae:a9:
                    d7:0e:cf:93:db:3e:6c:1f:79:04:a8:87:54:f1:67:
                    61:62:69:bf:01:25:91:81:ba:bf:ab:6a:56:43:15:
                    01:36:a7:d6:7f:f7:d1:05:41:a4:0a:4c:cb:21:c5:
                    93:76:ed:24:8b:d1:d7:fb:14:cc:18:7b:34:e1:c4:
                    22:fb:99:fa:14:a1:88:78:9c:eb:66:3d:4a:8a:f1:
                    14:b4:b6:2c:96:02:9e:88:fc:da:14:fa:d9:91:f7:
                    e1:50:44:fc:d9:4b:d5:3c:ac:09:06:c2:7a:99:c1:
                    be:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:3A:59:5E:A5:84:B0:ED:6C:C4:0B:F3:90:72:95:00:A1:35:04:C1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:c3:f9:59:c4:49:f9:30:c4:93:05:dc:b3:a6:a7:fc:81:0f:
         15:f6:13:d4:90:e2:8a:10:36:76:8b:ad:02:ce:d3:bf:fa:68:
         8f:e9:d9:de:40:2f:64:28:a5:b7:9c:eb:ea:95:36:af:22:24:
         d5:78:d1:0a:5f:ff:cc:b2:98:50:ef:d8:6d:2b:f4:09:fa:4f:
         da:97:e6:6d:d6:c2:4e:11:d9:38:eb:0a:bf:aa:35:1d:e7:90:
         de:41:28:16:b8:85:ac:fa:67:65:5d:9c:a5:dc:70:a1:f5:6f:
         54:06:8c:c5:d3:c6:fb:5c:48:8a:1c:f8:c4:a2:00:53:12:9c:
         fa:20:cf:09:55:0f:8f:9a:fa:f1:50:83:25:55:b2:be:d5:08:
         0a:a5:85:ee:af:fc:ea:b8:e9:0b:0b:67:d3:8f:40:de:b8:92:
         b4:88:1d:61:63:eb:1c:c8:92:1c:7c:a0:1b:5d:61:11:c7:28:
         d9:97:d2:a2:2e:8f:12:98:44:f8:5b:94:c7:79:40:c8:38:1c:
         65:fe:93:49:6f:39:f8:c8:02:d2:2c:fe:6e:bf:03:c5:53:c9:
         20:c7:4d:1c:13:21:01:f8:61:f6:e1:60:3b:73:42:3e:0f:1c:
         f9:ac:19:91:6f:68:3e:9d:88:cd:80:39:47:a7:17:a3:e5:7c:
         01:04:eb:30
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHMvcL46Ccy34vVlywQ1UXo6K2OwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDExMzQ5MTNaFw0yNjA3MzExMzU0MTNaMDMxMTAvBgNV
BAMTKEQxM0E1OTVFQTU4NEIwRUQ2Q0M0MEJGMzkwNzI5NTAwQTEzNTA0QzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUIwjZTRX7JuG7hLr+6ZiSCD8a
mVkT1//XMeffPFEY1S+Zb6UoDQCQMeN4lSwSH3Jk2ZaI4nK2AzpvEzMjv5V3lXR1
WKyiSfAnUVSDICF0MWTla9+bu18I5sjppoDQyQ6MbTW6S6X2+59OEIJl9FeT4ant
p/xgumyDbKHJdJaGSTLDELFlKOcunVD9+ceSfeKUWBiuqdcOz5PbPmwfeQSoh1Tx
Z2Fiab8BJZGBur+ralZDFQE2p9Z/99EFQaQKTMshxZN27SSL0df7FMwYezThxCL7
mfoUoYh4nOtmPUqK8RS0tiyWAp6I/NoU+tmR9+FQRPzZS9U8rAkGwnqZwb67AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0TpZXqWEsO1sxAvzkHKVAKE1BMEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3MjUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm6
MA0GCSqGSIb3DQEBCwUAA4IBAQAMw/lZxEn5MMSTBdyzpqf8gQ8V9hPUkOKKEDZ2
i60CztO/+miP6dneQC9kKKW3nOvqlTavIiTVeNEKX//MsphQ79htK/QJ+k/al+Zt
1sJOEdk46wq/qjUd55DeQSgWuIWs+mdlXZyl3HCh9W9UBozF08b7XEiKHPjEogBT
Epz6IM8JVQ+PmvrxUIMlVbK+1QgKpYXur/zquOkLC2fTj0DeuJK0iB1hY+scyJIc
fKAbXWERxyjZl9KiLo8SmET4W5THeUDIOBxl/pNJbzn4yALSLP5uvwPFU8kgx00c
EyEB+GH24WA7c0I+Dxz5rBmRb2g+nYjNgDlHpxej5XwBBOsw
-----END CERTIFICATE-----