Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207847.roa
File:                     AS207847.roa (raw, json)
Hash identifier:          JTJiS3QKOI/gCYRnfInl1lSyW4b1pCSKGZSTcI75+oU=
Subject key identifier:   C6:5C:8B:F5:5F:EB:CB:DF:76:9C:AA:75:7A:6E:EA:E3:2A:28:AB:37
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7DA72263AA822BE87B548EAC41A8C91C2F573E83
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207847.roa
Signing time:             Tue 05 Aug 2025 07:08:59 +0000
ROA not before:           Tue 05 Aug 2025 07:03:59 +0000
ROA not after:            Tue 04 Aug 2026 07:08:59 +0000
asID:                     207847
IP address blocks:        192.166.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 22:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:a7:22:63:aa:82:2b:e8:7b:54:8e:ac:41:a8:c9:1c:2f:57:3e:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug  5 07:03:59 2025 GMT
            Not After : Aug  4 07:08:59 2026 GMT
        Subject: CN=C65C8BF55FEBCBDF769CAA757A6EEAE32A28AB37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:14:13:48:86:e4:ca:8e:73:e4:fc:1a:1e:47:
                    0b:5a:3d:76:b7:64:d7:6b:10:5e:20:4e:16:ec:e1:
                    45:13:33:ad:02:bf:8d:5d:00:88:42:f8:01:1b:1f:
                    8c:4f:c1:98:3d:9b:5a:4d:3b:26:a7:0d:98:ff:72:
                    a3:b5:0c:8a:f8:86:ff:e7:c0:24:34:3b:84:88:c6:
                    c5:03:28:3e:b7:96:f6:b2:27:88:60:02:ee:53:e1:
                    c5:45:6b:55:65:f6:af:95:bc:dc:77:cd:44:8f:d4:
                    75:f6:50:db:64:c0:c2:68:b1:ce:d9:a2:45:0f:e4:
                    43:0b:53:d6:12:37:bc:63:dd:4d:e8:dc:4f:4c:d9:
                    ea:50:90:53:97:f2:bc:85:9d:2b:21:41:52:bd:10:
                    06:da:c9:ed:83:25:de:7d:1e:e6:c4:fc:9e:07:ca:
                    f0:26:02:2f:88:00:aa:02:fa:72:c1:e4:fc:e4:0e:
                    e3:51:ab:d9:d3:dc:53:ef:e3:e8:f1:9b:4b:90:c2:
                    f8:ac:af:0f:3b:eb:ef:72:06:56:72:0f:27:d3:fe:
                    ed:1d:a0:46:5d:30:c8:b6:74:e0:98:1a:85:42:5e:
                    46:10:3c:e4:25:00:bb:01:33:42:4e:be:b5:2a:ce:
                    83:02:a4:2d:aa:04:f0:8b:4d:3c:24:e8:6a:45:fa:
                    6a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:5C:8B:F5:5F:EB:CB:DF:76:9C:AA:75:7A:6E:EA:E3:2A:28:AB:37
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS207847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:a7:94:ef:76:d6:51:5e:e1:8a:7b:2b:e2:82:98:ce:e6:62:
         9f:ad:4f:9e:6a:e6:a6:85:f2:d9:aa:00:9c:05:10:03:b6:8c:
         5d:19:fd:0d:22:54:f9:09:00:5a:2c:43:48:ae:15:54:19:8a:
         a0:97:20:f2:75:3f:2f:1d:99:93:db:e8:ed:61:aa:98:bf:e1:
         8f:23:4f:1b:2b:c6:88:4f:46:0a:4c:5e:6c:15:a8:a5:4a:d4:
         de:b2:7f:28:a9:76:64:99:82:2d:e7:b4:24:3e:e2:e4:82:cf:
         04:f7:32:84:85:59:72:0c:d4:f5:9a:e4:5c:0f:92:21:d5:a7:
         07:97:a7:7d:53:15:42:ac:42:85:bd:11:16:b8:7e:37:dc:b3:
         5d:df:60:1e:c8:5a:9f:99:79:5a:90:08:9a:a7:f9:66:96:8b:
         93:b7:cb:35:09:89:d2:72:75:df:2c:f6:0f:23:b8:54:9f:56:
         99:f2:37:24:a7:be:51:c8:f1:96:63:cb:86:a9:9b:c5:b0:b1:
         24:c8:cf:c1:2a:68:90:c0:b3:ef:89:bc:e3:7f:65:cb:f8:d4:
         6d:9d:bd:af:65:f9:df:aa:ed:ab:ca:a3:b4:64:20:9e:2c:57:
         87:37:71:7c:9f:96:d6:e7:fd:db:5b:1f:3a:27:69:4b:f0:6b:
         e1:3f:94:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfaciY6qCK+h7VI6sQajJHC9XPoMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MDUwNzAzNTlaFw0yNjA4MDQwNzA4NTlaMDMxMTAvBgNV
BAMTKEM2NUM4QkY1NUZFQkNCREY3NjlDQUE3NTdBNkVFQUUzMkEyOEFCMzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaFBNIhuTKjnPk/BoeRwtaPXa3
ZNdrEF4gThbs4UUTM60Cv41dAIhC+AEbH4xPwZg9m1pNOyanDZj/cqO1DIr4hv/n
wCQ0O4SIxsUDKD63lvayJ4hgAu5T4cVFa1Vl9q+VvNx3zUSP1HX2UNtkwMJosc7Z
okUP5EMLU9YSN7xj3U3o3E9M2epQkFOX8ryFnSshQVK9EAbaye2DJd59HubE/J4H
yvAmAi+IAKoC+nLB5PzkDuNRq9nT3FPv4+jxm0uQwvisrw876+9yBlZyDyfT/u0d
oEZdMMi2dOCYGoVCXkYQPOQlALsBM0JOvrUqzoMCpC2qBPCLTTwk6GpF+mrxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUxlyL9V/ry992nKp1em7q4yooqzcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA3ODQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKZS
MA0GCSqGSIb3DQEBCwUAA4IBAQB5p5TvdtZRXuGKeyvigpjO5mKfrU+eauamhfLZ
qgCcBRADtoxdGf0NIlT5CQBaLENIrhVUGYqglyDydT8vHZmT2+jtYaqYv+GPI08b
K8aIT0YKTF5sFailStTesn8oqXZkmYIt57QkPuLkgs8E9zKEhVlyDNT1muRcD5Ih
1acHl6d9UxVCrEKFvREWuH433LNd32AeyFqfmXlakAiap/lmlouTt8s1CYnScnXf
LPYPI7hUn1aZ8jckp75RyPGWY8uGqZvFsLEkyM/BKmiQwLPvibzjf2XL+NRtnb2v
Zfnfqu2ryqO0ZCCeLFeHN3F8n5bW5/3bWx86J2lL8GvhP5R7
-----END CERTIFICATE-----