Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205964.roa
File:                     AS205964.roa (raw, json)
Hash identifier:          7dpEbH6LFRW3K7g5vcLdip4bDqm9P8kFR/RA1FnVcp8=
Subject key identifier:   F8:9C:0B:D3:A8:89:0F:99:26:8E:FD:AC:8F:E1:04:D0:2C:84:BE:32
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       2CAC001A1D5BE3CD33C9ED39E04F482858C7CD5A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205964.roa
Signing time:             Thu 12 Jun 2025 14:16:29 +0000
ROA not before:           Thu 12 Jun 2025 14:11:29 +0000
ROA not after:            Thu 11 Jun 2026 14:16:29 +0000
asID:                     205964
IP address blocks:        2a0a:a602::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:ac:00:1a:1d:5b:e3:cd:33:c9:ed:39:e0:4f:48:28:58:c7:cd:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 12 14:11:29 2025 GMT
            Not After : Jun 11 14:16:29 2026 GMT
        Subject: CN=F89C0BD3A8890F99268EFDAC8FE104D02C84BE32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a7:4a:b4:cf:cf:04:5f:18:f4:2a:04:d6:d0:
                    66:74:63:0d:f7:2a:8e:10:bb:2b:83:97:3d:d2:16:
                    5c:8b:be:63:18:d7:63:e4:1e:6d:b7:d1:b8:c8:39:
                    4f:c0:18:9c:26:12:6e:ad:5e:6a:1c:38:92:dc:62:
                    47:51:1c:b4:75:60:17:1f:0f:15:88:d2:c8:6d:18:
                    c4:89:4e:bc:2b:f4:67:2c:fa:8d:57:f2:51:6d:27:
                    6f:a9:a6:ff:62:f8:6e:07:f6:6d:fe:1c:b8:4e:23:
                    e4:23:2d:29:26:cf:39:59:56:ea:b8:85:af:de:da:
                    58:09:73:88:ae:18:00:fd:3b:c3:05:de:96:65:5e:
                    f1:71:48:b9:a8:9b:b8:36:cc:f8:1c:da:45:aa:63:
                    3d:e3:56:be:b1:75:e0:60:dd:d4:7e:6c:6e:af:2a:
                    5b:f5:bf:c5:a7:ee:44:4f:98:f0:e1:a5:14:78:51:
                    6d:38:b6:a8:c7:66:e9:f1:02:54:9d:da:47:c2:98:
                    37:f1:60:c3:4c:59:7e:b0:c9:2f:bd:fb:87:c3:83:
                    9b:c8:90:ee:2c:e5:2c:59:b9:24:65:b6:ab:9c:75:
                    b0:81:a4:5a:f4:e5:a8:15:aa:6f:9c:04:73:f0:2b:
                    f5:c6:9f:84:90:32:45:03:0f:17:71:5e:08:9c:60:
                    be:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:9C:0B:D3:A8:89:0F:99:26:8E:FD:AC:8F:E1:04:D0:2C:84:BE:32
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS205964.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0a:a602::/32

    Signature Algorithm: sha256WithRSAEncryption
         07:fa:df:62:47:97:72:79:7c:c1:84:30:28:e6:9c:6d:ab:56:
         1c:bd:21:e4:1f:af:4b:7d:78:de:97:3a:01:e5:4d:6b:45:f2:
         b0:c9:2f:13:3e:69:13:57:d2:b2:18:62:24:4b:e0:78:9b:6d:
         07:a2:86:c1:1f:44:3d:be:9f:93:fa:94:f3:4d:fd:90:de:e3:
         1c:20:d6:35:82:78:bf:fb:02:a0:60:c8:47:29:3b:5c:ea:fd:
         53:bd:05:d9:e6:89:df:0c:77:89:41:56:68:31:6a:c1:cc:7e:
         aa:52:dd:4d:c1:0a:0e:2f:7d:a5:ec:ca:82:e2:f0:b3:8f:2d:
         42:b7:9e:e9:57:65:57:40:0d:dd:c3:5f:f0:0f:76:9e:bc:84:
         c7:03:28:67:46:a4:cc:95:2b:98:db:9d:8c:d8:64:5a:56:5c:
         e9:44:95:73:0c:30:70:31:2e:e0:29:0a:1e:5f:64:2e:3d:84:
         d3:b3:ad:ee:03:8c:e5:0a:83:3c:32:85:36:27:24:eb:06:c2:
         4f:3a:de:b5:4d:3a:31:6c:88:0f:3e:e7:cc:ca:f3:8e:17:90:
         0c:b5:8d:58:81:e0:12:4d:38:46:ed:00:f0:77:5a:7f:34:09:
         4f:7e:c2:2b:a3:b3:2d:d7:70:15:4f:5f:ef:9d:32:c9:03:23:
         53:63:87:ae
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIULKwAGh1b480zye054E9IKFjHzVowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTIxNDExMjlaFw0yNjA2MTExNDE2MjlaMDMxMTAvBgNV
BAMTKEY4OUMwQkQzQTg4OTBGOTkyNjhFRkRBQzhGRTEwNEQwMkM4NEJFMzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9p0q0z88EXxj0KgTW0GZ0Yw33
Ko4QuyuDlz3SFlyLvmMY12PkHm230bjIOU/AGJwmEm6tXmocOJLcYkdRHLR1YBcf
DxWI0shtGMSJTrwr9Gcs+o1X8lFtJ2+ppv9i+G4H9m3+HLhOI+QjLSkmzzlZVuq4
ha/e2lgJc4iuGAD9O8MF3pZlXvFxSLmom7g2zPgc2kWqYz3jVr6xdeBg3dR+bG6v
Klv1v8Wn7kRPmPDhpRR4UW04tqjHZunxAlSd2kfCmDfxYMNMWX6wyS+9+4fDg5vI
kO4s5SxZuSRltqucdbCBpFr05agVqm+cBHPwK/XGn4SQMkUDDxdxXgicYL5NAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU+JwL06iJD5kmjv2sj+EE0CyEvjIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA1OTY0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgqm
AjANBgkqhkiG9w0BAQsFAAOCAQEAB/rfYkeXcnl8wYQwKOacbatWHL0h5B+vS314
3pc6AeVNa0XysMkvEz5pE1fSshhiJEvgeJttB6KGwR9EPb6fk/qU8039kN7jHCDW
NYJ4v/sCoGDIRyk7XOr9U70F2eaJ3wx3iUFWaDFqwcx+qlLdTcEKDi99pezKguLw
s48tQree6VdlV0AN3cNf8A92nryExwMoZ0akzJUrmNudjNhkWlZc6USVcwwwcDEu
4CkKHl9kLj2E07Ot7gOM5QqDPDKFNick6wbCTzretU06MWyIDz7nzMrzjheQDLWN
WIHgEk04Ru0A8HdafzQJT37CK6OzLddwFU9f750yyQMjU2OHrg==
-----END CERTIFICATE-----