Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206847.roa
File:                     AS206847.roa (raw, json)
Hash identifier:          8/D11TydSc33SPvTrR6J0OEmUElRHRXLpfeyZuKnxac=
Subject key identifier:   49:FE:83:15:E0:48:2E:D5:B3:CF:FA:17:D6:64:22:82:D6:5D:DD:BC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       6AE5377DA04F71E6E4C496491DA20C49CBA32186
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206847.roa
Signing time:             Wed 11 Jun 2025 07:26:01 +0000
ROA not before:           Wed 11 Jun 2025 07:21:01 +0000
ROA not after:            Wed 10 Jun 2026 07:26:01 +0000
asID:                     206847
IP address blocks:        2a0c:fa42::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:e5:37:7d:a0:4f:71:e6:e4:c4:96:49:1d:a2:0c:49:cb:a3:21:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun 11 07:21:01 2025 GMT
            Not After : Jun 10 07:26:01 2026 GMT
        Subject: CN=49FE8315E0482ED5B3CFFA17D6642282D65DDDBC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a5:2f:26:d0:88:37:37:0c:ea:5f:58:96:ce:
                    22:ff:d9:23:f2:1d:ed:5e:5c:fc:33:b5:05:df:2f:
                    a8:de:9d:70:01:df:96:28:56:16:3f:d9:a0:5b:09:
                    f7:c7:d8:4e:2e:77:8d:bc:e1:33:ae:55:db:37:c8:
                    04:c6:07:97:dd:a7:a9:1d:ba:3b:ef:2b:bf:15:17:
                    04:0c:b9:87:d8:66:0c:6d:90:df:83:8d:23:b5:06:
                    40:2d:ce:d2:6d:b8:70:26:78:b5:07:c1:ee:7f:b1:
                    84:fe:98:52:75:53:86:dc:f8:8b:ab:18:d1:60:9e:
                    d4:86:0f:aa:96:98:02:83:93:3e:73:7f:87:14:99:
                    15:11:7d:28:06:be:ef:e1:3a:92:f3:0d:f4:92:54:
                    1d:07:24:90:e7:fa:f4:de:7b:2d:4d:32:c2:cf:06:
                    01:91:62:cd:44:ea:62:0d:91:e2:d6:27:7c:e2:6c:
                    42:8c:46:bb:47:64:33:ed:0d:eb:bf:cf:77:78:17:
                    f5:e3:35:7d:9c:ec:d3:7c:c0:37:eb:24:29:16:ae:
                    83:dc:b4:ca:38:29:e8:aa:d4:5e:63:c4:87:d1:81:
                    96:a1:0c:5d:60:48:0a:b7:bc:8f:d4:75:b3:f1:b7:
                    94:e2:5b:7e:4a:3d:f8:7f:e8:0f:4d:6b:42:44:de:
                    c1:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:FE:83:15:E0:48:2E:D5:B3:CF:FA:17:D6:64:22:82:D6:5D:DD:BC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS206847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:fa42::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:58:6e:cc:9c:76:a2:76:7e:3c:2b:31:51:c3:cd:b9:d7:f2:
         e2:55:c8:0d:02:49:3d:bc:a1:2a:2c:ac:31:1f:aa:c0:3c:d7:
         d2:9f:78:79:3a:2b:b1:6e:98:97:16:52:b3:0b:57:09:8d:47:
         91:93:84:d9:1e:2a:75:40:40:38:02:ed:99:95:39:a3:9a:98:
         a1:be:70:7d:d3:fb:f6:32:ef:79:4b:aa:d0:df:a1:25:a0:3b:
         0a:0e:68:1e:83:43:3d:7e:3e:5a:d9:ca:b3:44:cf:66:03:6b:
         23:5a:e2:a4:f5:1d:d8:9f:60:8c:f1:c5:4d:e1:e0:c7:87:96:
         95:1a:28:78:49:20:3f:e5:d4:b5:23:6f:94:59:fc:4a:fc:4a:
         dd:be:77:28:9f:bb:4a:d1:62:7e:bc:2a:7f:d6:a0:d0:92:eb:
         6b:e2:e0:ed:23:21:85:17:28:1b:cb:d0:be:aa:1f:b1:9c:0a:
         60:e0:6b:ea:8e:ef:1f:1a:f6:f0:95:ca:89:67:1c:8d:88:25:
         dc:bb:52:51:77:e5:11:d2:d3:29:78:66:76:4d:4c:58:5e:0e:
         1c:3e:1a:39:3a:a4:3d:a3:e6:0f:2e:7b:76:b0:cc:a0:00:9a:
         ca:6f:84:0c:c3:4d:20:99:06:8b:13:4b:46:e0:16:0c:43:9a:
         4c:a7:c2:3d
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUauU3faBPcebkxJZJHaIMScujIYYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MTEwNzIxMDFaFw0yNjA2MTAwNzI2MDFaMDMxMTAvBgNV
BAMTKDQ5RkU4MzE1RTA0ODJFRDVCM0NGRkExN0Q2NjQyMjgyRDY1REREQkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWpS8m0Ig3NwzqX1iWziL/2SPy
He1eXPwztQXfL6jenXAB35YoVhY/2aBbCffH2E4ud4284TOuVds3yATGB5fdp6kd
ujvvK78VFwQMuYfYZgxtkN+DjSO1BkAtztJtuHAmeLUHwe5/sYT+mFJ1U4bc+Iur
GNFgntSGD6qWmAKDkz5zf4cUmRURfSgGvu/hOpLzDfSSVB0HJJDn+vTeey1NMsLP
BgGRYs1E6mINkeLWJ3zibEKMRrtHZDPtDeu/z3d4F/XjNX2c7NN8wDfrJCkWroPc
tMo4Keiq1F5jxIfRgZahDF1gSAq3vI/UdbPxt5TiW35KPfh/6A9Na0JE3sG3AgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUSf6DFeBILtWzz/oX1mQigtZd3bwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA2ODQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgz6
QjANBgkqhkiG9w0BAQsFAAOCAQEAf1huzJx2onZ+PCsxUcPNudfy4lXIDQJJPbyh
KiysMR+qwDzX0p94eTorsW6YlxZSswtXCY1HkZOE2R4qdUBAOALtmZU5o5qYob5w
fdP79jLveUuq0N+hJaA7Cg5oHoNDPX4+WtnKs0TPZgNrI1ripPUd2J9gjPHFTeHg
x4eWlRooeEkgP+XUtSNvlFn8SvxK3b53KJ+7StFifrwqf9ag0JLra+Lg7SMhhRco
G8vQvqofsZwKYOBr6o7vHxr28JXKiWccjYgl3LtSUXflEdLTKXhmdk1MWF4OHD4a
OTqkPaPmDy57drDMoACaym+EDMNNIJkGixNLRuAWDEOaTKfCPQ==
-----END CERTIFICATE-----