Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202044.roa
File:                     AS202044.roa (raw, json)
Hash identifier:          GPF9eCKIZc+V6ALdbWOSQC2IuenqDRensNOv7+cIe28=
Subject key identifier:   2B:EE:5C:4B:62:8F:58:F4:15:4B:D9:C0:04:76:4C:BE:B7:DF:71:23
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0217BC04BC10AC7EE5BF0DC1116DACAEA7E8D2D9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202044.roa
Signing time:             Thu 12 Jun 2025 14:10:26 +0000
ROA not before:           Thu 12 Jun 2025 14:05:26 +0000
ROA not after:            Thu 11 Jun 2026 14:10:26 +0000
asID:                     202044
IP address blocks:        2a0a:9e04::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:17:bc:04:bc:10:ac:7e:e5:bf:0d:c1:11:6d:ac:ae:a7:e8:d2:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:05:26 2025 GMT
            Not After : Jun 11 14:10:26 2026 GMT
        Subject: CN=2BEE5C4B628F58F4154BD9C004764CBEB7DF7123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:75:30:17:74:46:c6:a5:5e:c0:3c:d0:ec:b9:
                    4c:6f:76:8b:f7:97:28:4d:05:eb:9b:e6:09:c7:25:
                    dc:bd:f4:d2:14:74:12:6e:bf:dc:fc:c4:1f:0c:72:
                    b3:18:28:53:de:94:af:37:01:67:f6:d0:7f:2e:28:
                    cd:3c:33:15:54:25:84:d3:63:a6:9f:8b:ad:2d:2c:
                    20:d8:43:0c:a4:a4:a7:a1:96:cd:1d:ae:65:03:c5:
                    68:db:12:f9:4c:2c:51:df:d2:a8:7b:4d:3e:7e:09:
                    36:bb:ce:d2:d0:3d:79:9e:62:ed:e0:15:59:44:bb:
                    fd:58:5a:46:6b:dc:e1:f8:6b:f0:f3:6f:5b:f9:8f:
                    93:65:0a:ec:c4:0c:83:ee:eb:c6:aa:3b:24:a4:af:
                    c5:d5:7a:d3:a3:4b:f4:54:58:7e:cc:3b:2b:fc:e9:
                    15:9e:84:9f:8b:5d:1d:d7:8e:bb:3d:30:92:68:b1:
                    db:d3:70:3a:5d:bc:bf:6a:8c:99:81:27:90:bc:b0:
                    c9:eb:7b:3b:ff:5c:a4:89:78:1b:08:ee:76:45:73:
                    0e:87:7f:91:24:5a:af:ad:ed:30:73:2c:55:b2:13:
                    29:4f:c1:af:76:a1:45:db:40:4b:94:0d:d8:87:0d:
                    28:9e:9f:69:8d:ad:5d:9d:72:16:4a:a6:c6:01:bf:
                    c9:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EE:5C:4B:62:8F:58:F4:15:4B:D9:C0:04:76:4C:BE:B7:DF:71:23
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS202044.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:9e04::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:bb:bb:56:cd:b7:fa:43:5f:6f:ce:1c:8b:78:da:e1:44:42:
         8a:9c:aa:24:33:70:5a:c4:4e:c8:de:8e:14:c1:c8:f4:86:be:
         bd:4d:2f:52:ca:38:0a:e4:ea:e2:c6:db:fc:f5:a3:46:e0:d3:
         85:9f:24:7e:5f:d7:68:7a:1c:ef:44:0d:42:e4:f1:35:d2:1c:
         26:6f:01:64:18:7f:eb:aa:53:a6:9a:8d:2f:0d:f2:e0:fa:c7:
         d2:ce:cf:ed:5f:f8:6b:2a:5a:f4:7b:b2:eb:f0:1c:52:bb:66:
         e4:ee:2c:46:81:b0:cc:f6:39:9c:a7:76:bf:4e:48:b4:15:78:
         21:30:6c:5b:2a:10:f2:eb:77:c4:78:cb:7e:58:39:0f:c3:34:
         d8:45:fe:1b:15:a2:9e:21:65:5d:5c:4a:79:3a:1c:22:ce:24:
         12:be:88:ba:49:4e:26:6b:a6:8d:3f:f4:43:ec:c3:dc:5b:33:
         b3:80:94:a2:97:a5:be:9c:d9:79:87:c0:c6:db:20:a7:5a:92:
         50:b4:d4:84:31:47:8c:b9:8c:c8:80:fb:48:26:1b:85:6d:76:
         c2:be:f3:a2:75:04:c2:f0:09:4e:35:7a:80:de:cc:60:9c:ec:
         9b:e7:1d:b2:d8:0c:e3:7e:d5:ef:0d:f6:e3:5f:0d:a4:29:f8:
         41:7d:0b:9f
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUAhe8BLwQrH7lvw3BEW2srqfo0tkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDA1MjZaFw0yNjA2MTExNDEwMjZaMDMxMTAvBgNV
BAMTKDJCRUU1QzRCNjI4RjU4RjQxNTRCRDlDMDA0NzY0Q0JFQjdERjcxMjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCydTAXdEbGpV7APNDsuUxvdov3
lyhNBeub5gnHJdy99NIUdBJuv9z8xB8McrMYKFPelK83AWf20H8uKM08MxVUJYTT
Y6afi60tLCDYQwykpKehls0drmUDxWjbEvlMLFHf0qh7TT5+CTa7ztLQPXmeYu3g
FVlEu/1YWkZr3OH4a/Dzb1v5j5NlCuzEDIPu68aqOySkr8XVetOjS/RUWH7MOyv8
6RWehJ+LXR3Xjrs9MJJosdvTcDpdvL9qjJmBJ5C8sMnrezv/XKSJeBsI7nZFcw6H
f5EkWq+t7TBzLFWyEylPwa92oUXbQEuUDdiHDSien2mNrV2dchZKpsYBv8lXAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUK+5cS2KPWPQVS9nABHZMvrffcSMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjAyMDQ0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqe
BDANBgkqhkiG9w0BAQsFAAOCAQEAbbu7Vs23+kNfb84ci3ja4URCipyqJDNwWsRO
yN6OFMHI9Ia+vU0vUso4CuTq4sbb/PWjRuDThZ8kfl/XaHoc70QNQuTxNdIcJm8B
ZBh/66pTppqNLw3y4PrH0s7P7V/4aypa9Huy6/AcUrtm5O4sRoGwzPY5nKd2v05I
tBV4ITBsWyoQ8ut3xHjLflg5D8M02EX+GxWiniFlXVxKeTocIs4kEr6IuklOJmum
jT/0Q+zD3Fszs4CUopelvpzZeYfAxtsgp1qSULTUhDFHjLmMyID7SCYbhW12wr7z
onUEwvAJTjV6gN7MYJzsm+cdstgM437V7w32418NpCn4QX0Lnw==
-----END CERTIFICATE-----