Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa
File:                     AS205659.roa (raw, json)
Hash identifier:          /qcGdUs/Eqr+ai6E6Q9mcRb0r68hpDWuNXLs9lBjaro=
Subject key identifier:   86:FF:5F:01:23:87:34:99:6F:AE:C6:27:1F:1B:F6:D6:AB:C1:45:13
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       42FEB1C85B9AF2FE17F6B63FE03545B6993CF9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa
Signing time:             Thu 12 Jun 2025 14:16:27 +0000
ROA not before:           Thu 12 Jun 2025 14:11:27 +0000
ROA not after:            Thu 11 Jun 2026 14:16:27 +0000
asID:                     205659
IP address blocks:        2a0a:a601::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:fe:b1:c8:5b:9a:f2:fe:17:f6:b6:3f:e0:35:45:b6:99:3c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:27 2025 GMT
            Not After : Jun 11 14:16:27 2026 GMT
        Subject: CN=86FF5F01238734996FAEC6271F1BF6D6ABC14513
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:cb:4f:1f:4a:fe:e2:eb:13:d8:a8:16:0a:13:
                    98:96:78:98:b1:66:f5:fd:a9:6c:b9:1c:f4:8c:80:
                    f9:01:3a:cd:11:02:31:d1:d8:c0:e0:8f:dc:3a:af:
                    ca:12:0b:e8:3e:30:3e:40:51:29:07:a2:8c:de:ba:
                    db:0f:ac:2d:bc:bf:3c:06:cd:02:9f:4f:2e:a4:fc:
                    a9:52:f9:42:dc:dc:93:cc:c0:12:22:51:eb:7e:bc:
                    ee:73:53:7e:d7:1c:e2:7f:18:ea:f8:89:2e:3d:70:
                    a5:e5:de:66:b6:9b:29:cf:07:ff:ef:9e:e4:09:65:
                    0b:60:f8:90:a3:16:fe:7c:11:3e:02:43:76:29:3c:
                    c9:a3:02:51:0a:e6:1e:9d:1f:b0:8e:59:1e:a3:49:
                    f1:ef:00:a5:3d:a7:8a:92:ce:fa:ff:9d:8d:c7:9b:
                    1b:87:6c:08:39:ae:61:50:bf:ac:71:35:22:e4:61:
                    bd:af:40:63:68:cf:87:f6:1d:35:de:04:13:86:c4:
                    04:91:6d:3d:cd:31:71:98:e7:66:bc:0a:4f:a3:54:
                    d6:c9:a8:16:25:7a:78:78:59:9d:29:ab:95:c7:c8:
                    bf:c9:4b:03:fd:a8:65:ab:3d:31:54:e6:49:48:2f:
                    47:4a:cf:17:3c:bf:c9:27:73:dd:ef:b0:c0:c8:1f:
                    f5:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:FF:5F:01:23:87:34:99:6F:AE:C6:27:1F:1B:F6:D6:AB:C1:45:13
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205659.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a601::/32

    Signature Algorithm: sha256WithRSAEncryption
         b6:a4:6e:f8:38:74:b1:9e:5c:52:e6:7c:83:9d:76:5d:19:2b:
         4c:84:0d:13:e6:cf:3b:a5:b0:04:ca:43:d4:a2:0f:41:16:85:
         64:58:6c:e1:b9:ff:fd:fe:2f:8f:e2:52:fc:e7:cf:c3:cb:dd:
         72:7b:f6:32:1d:0c:30:76:7e:97:63:48:f6:f2:ad:da:56:f6:
         91:fe:2c:e0:4b:1e:99:a9:df:3b:f5:f7:e4:06:90:81:7b:75:
         f9:6b:cb:a4:a5:65:69:a5:aa:13:a8:5d:70:8e:cc:45:88:8f:
         15:db:5a:a1:8a:92:ab:d0:d2:f7:51:f2:70:3d:0e:fd:00:6d:
         a0:42:d5:af:07:31:6b:ef:eb:af:0e:40:35:4e:e6:14:53:68:
         de:d2:25:41:cf:58:22:11:3c:e4:5d:f7:7a:0c:ff:d2:cf:31:
         4d:a7:b1:6d:b0:41:b3:7e:c4:72:30:5f:f1:d4:e8:3d:ba:a5:
         47:8f:13:5d:76:24:a5:f5:20:41:47:40:38:34:2b:e3:c3:73:
         94:57:e5:a5:11:f6:b2:20:4f:6b:4c:75:d6:0f:fb:d9:d2:60:
         c3:10:d2:5f:ff:de:3c:11:c6:6d:68:3a:9b:c7:2f:48:b1:b4:
         76:ef:16:40:a4:87:81:d1:2f:c1:5a:06:06:41:2f:a9:c0:46:
         84:8c:45:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgITQv6xyFua8v4X9rY/4DVFtpk8+TANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEyg2MWIxYmI0NDQ3NzE4ZjE2YjNkMzY2NzVkMjA1YzRkZWE0
MWJiYTBhMB4XDTI1MDYxMjE0MTEyN1oXDTI2MDYxMTE0MTYyN1owMzExMC8GA1UE
AxMoODZGRjVGMDEyMzg3MzQ5OTZGQUVDNjI3MUYxQkY2RDZBQkMxNDUxMzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3LTx9K/uLrE9ioFgoTmJZ4mLFm
9f2pbLkc9IyA+QE6zRECMdHYwOCP3DqvyhIL6D4wPkBRKQeijN662w+sLby/PAbN
Ap9PLqT8qVL5Qtzck8zAEiJR63687nNTftcc4n8Y6viJLj1wpeXeZrabKc8H/++e
5AllC2D4kKMW/nwRPgJDdik8yaMCUQrmHp0fsI5ZHqNJ8e8ApT2nipLO+v+djceb
G4dsCDmuYVC/rHE1IuRhva9AY2jPh/YdNd4EE4bEBJFtPc0xcZjnZrwKT6NU1smo
FiV6eHhZnSmrlcfIv8lLA/2oZas9MVTmSUgvR0rPFzy/ySdz3e+wwMgf9QcCAwEA
AaOCAgswggIHMB0GA1UdDgQWBBSG/18BI4c0mW+uxicfG/bWq8FFEzAfBgNVHSME
GDAWgBRhsbtER3GPFrPTZnXSBcTepBu6CjAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS81Mzc0NTllNy0yYTgzLTQzZDEtOWFhMS01ODQxN2FiYWM0
YjYvMS82MUIxQkI0NDQ3NzE4RjE2QjNEMzY2NzVEMjA1QzRERUE0MUJCQTBBLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvWWJHN1JFZHhqeGF6MDJaMTBnWEUzcVFi
dWdvLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00
M2QxLTlhYTEtNTg0MTdhYmFjNGI2LzEvQVMyMDU2NTkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIAYIKwYBBQUHAQcBAf8EETAPMA0EAgACMAcDBQAqCqYB
MA0GCSqGSIb3DQEBCwUAA4IBAQC2pG74OHSxnlxS5nyDnXZdGStMhA0T5s87pbAE
ykPUog9BFoVkWGzhuf/9/i+P4lL858/Dy91ye/YyHQwwdn6XY0j28q3aVvaR/izg
Sx6Zqd879ffkBpCBe3X5a8ukpWVppaoTqF1wjsxFiI8V21qhipKr0NL3UfJwPQ79
AG2gQtWvBzFr7+uvDkA1TuYUU2je0iVBz1giETzkXfd6DP/SzzFNp7FtsEGzfsRy
MF/x1Og9uqVHjxNddiSl9SBBR0A4NCvjw3OUV+WlEfayIE9rTHXWD/vZ0mDDENJf
/948EcZtaDqbxy9IsbR27xZApIeB0S/BWgYGQS+pwEaEjEUI
-----END CERTIFICATE-----