Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS205733.roa
File:                     AS205733.roa (raw, json)
Hash identifier:          7TdfKb7WeUfVtFIJn1P1SdHXptfmtSMdBQ299hL1gCk=
Subject key identifier:   C5:34:E0:0B:26:04:BA:0F:86:63:D7:E7:D2:E8:20:4A:5E:39:44:5C
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       7CABBA88E7AEB910BF96A5F1B78106AA08069357
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS205733.roa
Signing time:             Wed 15 Apr 2026 16:59:14 +0000
ROA not before:           Wed 15 Apr 2026 16:54:14 +0000
ROA not after:            Wed 14 Apr 2027 16:59:14 +0000
asID:                     205733
IP address blocks:        31.40.196.0/24 maxlen: 24
                          185.231.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:16:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:ab:ba:88:e7:ae:b9:10:bf:96:a5:f1:b7:81:06:aa:08:06:93:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 15 16:54:14 2026 GMT
            Not After : Apr 14 16:59:14 2027 GMT
        Subject: CN=C534E00B2604BA0F8663D7E7D2E8204A5E39445C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:5f:cb:59:2a:c0:0f:a0:a5:31:79:82:ad:10:
                    b0:a0:4e:ec:2b:9c:d5:36:89:07:74:d2:51:19:3c:
                    22:77:52:30:da:0d:c4:c5:d9:bc:ed:df:69:1d:8d:
                    8e:8b:3d:6c:02:26:35:4a:61:be:fc:a0:db:2b:d7:
                    c5:f4:f2:b5:32:91:90:41:93:39:48:63:ed:79:ef:
                    be:1d:a4:01:f3:05:7f:9d:37:a6:e0:c3:4e:96:59:
                    88:5c:29:74:8e:fe:f6:29:d9:e4:22:64:ab:66:31:
                    a6:ac:c9:81:d3:31:58:c0:d9:29:8b:a3:72:48:a0:
                    c3:03:7b:8f:54:03:27:83:c1:1f:90:61:65:b1:40:
                    90:7e:e2:f1:2c:8d:d3:89:91:2d:d7:1c:71:98:b1:
                    28:7a:f0:af:ad:ab:5b:1c:10:c1:d3:12:81:33:7e:
                    db:08:78:4b:e4:66:cd:35:01:14:ae:2c:9b:6f:cb:
                    76:61:e0:75:80:52:da:a4:ea:8c:67:65:a0:42:56:
                    54:a1:4e:6e:b5:5b:95:a1:a4:f7:50:f6:29:b8:90:
                    48:69:4a:16:6c:b5:b8:ed:ed:87:9b:2c:ed:a7:53:
                    b8:0c:6d:a9:1a:d3:2b:c7:4e:48:17:42:fb:42:9d:
                    2d:68:86:0c:4d:60:f2:79:39:2a:c8:39:a7:1b:ed:
                    14:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:34:E0:0B:26:04:BA:0F:86:63:D7:E7:D2:E8:20:4A:5E:39:44:5C
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS205733.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/24
                  185.231.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:8f:05:fd:47:6b:0d:98:55:e7:9e:a4:60:33:98:50:d3:1d:
         23:ec:0a:13:e4:fb:0f:86:ce:43:f0:49:9a:bf:b4:ad:df:ff:
         52:4a:fd:54:25:16:3e:51:3d:06:a7:d2:56:32:5a:bf:41:32:
         dc:f4:02:a7:0d:f9:62:71:41:86:97:6f:fb:7a:be:0a:62:8b:
         c7:79:e7:9c:07:66:11:12:8a:ba:98:81:82:5e:4c:ec:32:97:
         f0:aa:a0:c0:8f:04:8b:21:5b:e0:30:ac:d3:39:d5:52:5c:83:
         de:05:db:b6:1d:e8:a5:1a:fc:20:ee:e1:a7:cf:93:d6:1c:d5:
         a0:6d:82:d9:b4:60:dc:b4:1c:50:0d:b8:fa:24:02:06:35:23:
         11:4d:d6:ae:ff:54:9d:f6:99:79:55:b8:2a:df:d6:51:0c:63:
         a3:46:fe:22:57:7e:6a:ed:91:73:21:f7:e0:e4:d8:9c:a5:52:
         5b:40:4a:b8:1c:eb:d2:1a:a6:f1:51:68:93:cc:db:fb:05:10:
         5c:fb:85:22:ca:71:f9:4f:18:2e:ca:29:02:ed:59:13:94:54:
         49:5e:42:e7:73:7b:8f:61:37:7a:7a:52:29:f1:ac:00:ad:51:
         71:c4:47:52:fe:75:89:fa:79:16:c8:0b:93:76:56:dd:ab:1f:
         c2:5e:21:fb
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfKu6iOeuuRC/lqXxt4EGqggGk1cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MTUxNjU0MTRaFw0yNzA0MTQxNjU5MTRaMDMxMTAvBgNV
BAMTKEM1MzRFMDBCMjYwNEJBMEY4NjYzRDdFN0QyRTgyMDRBNUUzOTQ0NUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3X8tZKsAPoKUxeYKtELCgTuwr
nNU2iQd00lEZPCJ3UjDaDcTF2bzt32kdjY6LPWwCJjVKYb78oNsr18X08rUykZBB
kzlIY+15774dpAHzBX+dN6bgw06WWYhcKXSO/vYp2eQiZKtmMaasyYHTMVjA2SmL
o3JIoMMDe49UAyeDwR+QYWWxQJB+4vEsjdOJkS3XHHGYsSh68K+tq1scEMHTEoEz
ftsIeEvkZs01ARSuLJtvy3Zh4HWAUtqk6oxnZaBCVlShTm61W5WhpPdQ9im4kEhp
ShZstbjt7YebLO2nU7gMbaka0yvHTkgXQvtCnS1ohgxNYPJ5OSrIOacb7RQfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUxTTgCyYEug+GY9fn0uggSl45RFwwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjA1NzMzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHyjE
AwQAuefiMA0GCSqGSIb3DQEBCwUAA4IBAQCljwX9R2sNmFXnnqRgM5hQ0x0j7AoT
5PsPhs5D8Emav7St3/9SSv1UJRY+UT0Gp9JWMlq/QTLc9AKnDflicUGGl2/7er4K
YovHeeecB2YREoq6mIGCXkzsMpfwqqDAjwSLIVvgMKzTOdVSXIPeBdu2HeilGvwg
7uGnz5PWHNWgbYLZtGDctBxQDbj6JAIGNSMRTdau/1Sd9pl5Vbgq39ZRDGOjRv4i
V35q7ZFzIffg5NicpVJbQEq4HOvSGqbxUWiTzNv7BRBc+4UiynH5TxguyikC7VkT
lFRJXkLnc3uPYTd6elIp8awArVFxxEdS/nWJ+nkWyAuTdlbdqx/CXiH7
-----END CERTIFICATE-----