Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207612.roa
File:                     AS207612.roa (raw, json)
Hash identifier:          WZPVq8itBA//8XiNy/+aMj/95f/3++dTJTwILD+N0jI=
Subject key identifier:   B3:A9:6A:B0:FF:96:A2:41:0F:16:3E:63:F9:24:5B:C4:CC:E3:28:21
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       19741F05B7BCE3721921BA07E6A631190633661F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207612.roa
Signing time:             Fri 27 Feb 2026 14:35:53 +0000
ROA not before:           Fri 27 Feb 2026 14:30:53 +0000
ROA not after:            Fri 26 Feb 2027 14:35:53 +0000
asID:                     207612
IP address blocks:        143.14.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:74:1f:05:b7:bc:e3:72:19:21:ba:07:e6:a6:31:19:06:33:66:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 27 14:30:53 2026 GMT
            Not After : Feb 26 14:35:53 2027 GMT
        Subject: CN=B3A96AB0FF96A2410F163E63F9245BC4CCE32821
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:65:97:9a:83:e4:8a:f8:be:fb:17:bf:d6:
                    9f:5a:16:3a:1e:71:e0:2d:87:71:0b:f7:36:02:64:
                    22:f9:7f:17:cb:c6:f1:f6:cf:23:22:e8:d6:eb:52:
                    56:34:17:55:89:52:da:e5:d5:38:4f:de:b5:2a:a4:
                    aa:63:af:e9:f8:f4:f5:ca:8d:24:62:62:07:e2:36:
                    e4:54:42:b2:7a:3b:5d:69:92:b3:9c:20:35:1b:99:
                    8c:26:b0:23:1e:be:bd:8b:70:1c:f9:87:5d:a4:eb:
                    1f:e4:22:e7:ce:65:21:ca:e3:88:25:58:ba:98:ae:
                    f7:ad:31:4d:df:b4:97:1f:a1:32:55:aa:0b:9a:77:
                    6c:0f:86:2d:0a:3f:b6:2f:d9:fa:14:be:e0:23:6f:
                    d3:39:8f:ee:63:16:14:16:3e:0a:74:4a:de:52:13:
                    39:42:a8:3c:fb:99:c6:36:94:2a:e5:0d:0b:c5:0b:
                    19:53:76:7f:c0:60:7c:09:54:82:ff:5b:9a:8f:d9:
                    d9:0e:70:48:08:34:e3:e6:bf:17:24:12:6f:e9:5a:
                    97:7a:dd:95:43:db:8e:35:6e:d3:31:1b:e9:1d:a3:
                    c1:ac:bf:0f:cb:96:44:aa:b4:ac:0b:33:7c:e3:9a:
                    cf:43:d6:43:8d:b7:f1:e5:fe:56:2c:79:d5:a3:5c:
                    de:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:A9:6A:B0:FF:96:A2:41:0F:16:3E:63:F9:24:5B:C4:CC:E3:28:21
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207612.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:09:97:1f:10:a5:96:22:c5:17:d6:f9:bb:9f:f7:b0:a8:ff:
         0f:ec:01:4d:31:eb:1b:cd:03:b3:13:ba:bd:8d:c3:55:0c:95:
         56:3e:09:ae:97:fb:e3:6c:38:90:7d:42:32:ba:a8:bb:3a:a5:
         04:d3:4f:f5:ea:46:aa:94:8e:51:0d:b7:7c:47:cd:d8:9d:f2:
         9f:ca:17:84:12:41:2a:e1:e1:a6:0f:96:47:2c:c3:74:6c:a5:
         c6:37:2d:4b:aa:fb:2a:35:e7:99:4d:f3:3a:85:a2:a8:23:8a:
         83:46:58:a9:cd:aa:20:4b:0b:64:e5:64:5e:8f:ec:b2:c4:3f:
         96:fe:fb:fc:81:b0:96:dc:db:70:34:cd:5d:bb:69:67:7d:c7:
         11:a9:d6:fb:b4:2f:6f:97:8a:03:00:87:9a:b1:b7:35:af:24:
         5c:6d:05:49:7e:97:a6:44:aa:0e:59:b4:54:c8:83:fe:e5:da:
         ad:ca:fa:63:66:64:a3:a8:17:49:60:c9:a0:85:ad:ce:10:33:
         1e:58:d7:0f:89:71:de:fa:a2:40:02:57:99:60:c5:63:75:80:
         a0:23:a4:e7:26:62:e5:6c:38:d3:4a:4b:02:15:5d:51:cb:3d:
         62:47:f7:39:a2:0f:4b:68:b0:f2:6d:22:e4:59:c7:48:53:26:
         6a:d5:b8:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGXQfBbe843IZIboH5qYxGQYzZh8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjcxNDMwNTNaFw0yNzAyMjYxNDM1NTNaMDMxMTAvBgNV
BAMTKEIzQTk2QUIwRkY5NkEyNDEwRjE2M0U2M0Y5MjQ1QkM0Q0NFMzI4MjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwLWWXmoPkivi++xe/1p9aFjoe
ceAth3EL9zYCZCL5fxfLxvH2zyMi6NbrUlY0F1WJUtrl1ThP3rUqpKpjr+n49PXK
jSRiYgfiNuRUQrJ6O11pkrOcIDUbmYwmsCMevr2LcBz5h12k6x/kIufOZSHK44gl
WLqYrvetMU3ftJcfoTJVqguad2wPhi0KP7Yv2foUvuAjb9M5j+5jFhQWPgp0St5S
EzlCqDz7mcY2lCrlDQvFCxlTdn/AYHwJVIL/W5qP2dkOcEgINOPmvxckEm/pWpd6
3ZVD2441btMxG+kdo8Gsvw/LlkSqtKwLM3zjms9D1kONt/Hl/lYsedWjXN6VAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUs6lqsP+WokEPFj5j+SRbxMzjKCEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3NjEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw76
MA0GCSqGSIb3DQEBCwUAA4IBAQChCZcfEKWWIsUX1vm7n/ewqP8P7AFNMesbzQOz
E7q9jcNVDJVWPgmul/vjbDiQfUIyuqi7OqUE00/16kaqlI5RDbd8R83YnfKfyheE
EkEq4eGmD5ZHLMN0bKXGNy1LqvsqNeeZTfM6haKoI4qDRlipzaogSwtk5WRej+yy
xD+W/vv8gbCW3NtwNM1du2lnfccRqdb7tC9vl4oDAIeasbc1ryRcbQVJfpemRKoO
WbRUyIP+5dqtyvpjZmSjqBdJYMmgha3OEDMeWNcPiXHe+qJAAleZYMVjdYCgI6Tn
JmLlbDjTSksCFV1Ryz1iR/c5og9LaLDybSLkWcdIUyZq1bi9
-----END CERTIFICATE-----