Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202905.roa
File:                     AS202905.roa (raw, json)
Hash identifier:          fSj1I18TChm/N8uukDh1ISg4LvzFfDs49UEF7jKjgfc=
Subject key identifier:   2D:39:F9:62:D7:E1:88:AF:39:C8:DC:6E:79:90:DD:8A:D1:83:58:A6
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4F4E838DEFAC200F5A1311B3A02BECA44BA69260
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202905.roa
Signing time:             Fri 10 Apr 2026 01:18:39 +0000
ROA not before:           Fri 10 Apr 2026 01:13:39 +0000
ROA not after:            Fri 09 Apr 2027 01:18:39 +0000
asID:                     202905
IP address blocks:        2a0f:85c1:e12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:4e:83:8d:ef:ac:20:0f:5a:13:11:b3:a0:2b:ec:a4:4b:a6:92:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 10 01:13:39 2026 GMT
            Not After : Apr  9 01:18:39 2027 GMT
        Subject: CN=2D39F962D7E188AF39C8DC6E7990DD8AD18358A6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:12:8a:f8:56:57:c0:b5:95:1b:ce:c1:5a:54:
                    a6:2b:cb:cb:6a:61:f2:4f:8c:0e:a1:1c:e5:95:d1:
                    6e:67:e0:6c:ad:27:bb:23:95:93:8a:ca:30:92:4a:
                    e5:63:b1:21:06:a9:89:bf:21:e2:87:78:dc:32:94:
                    13:c8:a8:09:3d:3e:54:8b:2f:fa:dc:c4:e4:19:21:
                    a8:0e:b8:b6:7c:2e:ad:95:74:87:97:36:48:a5:06:
                    03:ce:81:d4:da:c5:06:25:67:85:81:36:f8:0e:a0:
                    3b:43:26:1f:8d:a0:ab:6c:c9:5b:9f:a7:a1:cb:a6:
                    1a:4a:9c:a0:31:f0:82:df:af:31:97:72:4e:8f:96:
                    20:f6:be:80:9e:f4:cf:30:33:75:76:86:1c:e0:ed:
                    0f:b3:59:1b:90:85:38:9c:94:78:19:9e:99:30:05:
                    8a:f1:58:5a:25:04:6a:6e:47:e0:bb:f1:2d:2e:a8:
                    7e:74:04:15:83:e0:e4:17:26:de:2a:6f:6b:92:84:
                    7a:2b:31:e4:41:e1:d1:35:ce:fd:54:92:d4:b9:29:
                    3e:93:b0:0f:3b:48:f8:63:dd:d7:a5:0a:dd:1b:28:
                    7a:d1:e9:16:3a:54:f4:a6:f3:71:a5:8f:42:63:2a:
                    92:48:06:97:1f:73:d7:7d:8f:b1:86:58:a5:20:05:
                    aa:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:39:F9:62:D7:E1:88:AF:39:C8:DC:6E:79:90:DD:8A:D1:83:58:A6
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202905.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:e12::/48

    Signature Algorithm: sha256WithRSAEncryption
         cf:ae:7e:08:b5:fe:05:5c:4f:84:17:df:82:76:60:7d:b0:5f:
         db:f7:fb:26:1b:10:f9:de:db:ea:5e:1f:95:31:07:ca:df:0e:
         f5:25:27:de:76:6a:1f:2c:b2:0f:bf:96:72:f0:53:dc:dd:bf:
         1f:52:91:32:f0:50:51:d7:53:e5:24:1c:b9:38:59:f2:5c:d8:
         f6:a1:06:5c:40:8a:df:b0:b2:67:e7:a9:42:68:65:25:0d:90:
         3e:6c:18:3a:fb:59:78:0f:03:9e:7a:ee:22:ae:dc:d7:a2:1b:
         da:e5:30:11:c1:c4:7f:8b:e8:c9:e7:88:f3:f2:59:94:c2:13:
         39:d5:37:b8:ca:8a:74:ef:15:19:4c:13:3c:f9:5e:27:52:84:
         db:34:73:7a:2b:38:85:f5:de:c3:bc:95:97:c4:35:d6:c1:15:
         f0:7e:8c:60:1b:8c:64:48:a0:61:34:40:bf:84:dc:66:e1:69:
         ee:c3:cc:e5:34:e2:6f:99:f2:97:b5:f7:f8:5e:31:37:d8:b3:
         86:c7:f9:41:65:34:82:d1:1c:bb:be:6d:fa:08:7c:e2:1f:c7:
         b1:5b:eb:f5:97:c1:4e:1f:6a:50:57:e5:42:aa:85:04:f5:09:
         75:6c:5e:42:fd:ea:42:9c:c6:83:1d:cc:7e:55:82:9f:1b:48:
         95:91:4f:57
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUT06Dje+sIA9aExGzoCvspEumkmAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MTAwMTEzMzlaFw0yNzA0MDkwMTE4MzlaMDMxMTAvBgNV
BAMTKDJEMzlGOTYyRDdFMTg4QUYzOUM4REM2RTc5OTBERDhBRDE4MzU4QTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkEor4VlfAtZUbzsFaVKYry8tq
YfJPjA6hHOWV0W5n4GytJ7sjlZOKyjCSSuVjsSEGqYm/IeKHeNwylBPIqAk9PlSL
L/rcxOQZIagOuLZ8Lq2VdIeXNkilBgPOgdTaxQYlZ4WBNvgOoDtDJh+NoKtsyVuf
p6HLphpKnKAx8ILfrzGXck6PliD2voCe9M8wM3V2hhzg7Q+zWRuQhTiclHgZnpkw
BYrxWFolBGpuR+C78S0uqH50BBWD4OQXJt4qb2uShHorMeRB4dE1zv1UktS5KT6T
sA87SPhj3delCt0bKHrR6RY6VPSm83Glj0JjKpJIBpcfc9d9j7GGWKUgBapHAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQULTn5YtfhiK85yNxueZDditGDWKYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyOTA1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ4SMA0GCSqGSIb3DQEBCwUAA4IBAQDPrn4Itf4FXE+EF9+CdmB9sF/b9/smGxD5
3tvqXh+VMQfK3w71JSfedmofLLIPv5Zy8FPc3b8fUpEy8FBR11PlJBy5OFnyXNj2
oQZcQIrfsLJn56lCaGUlDZA+bBg6+1l4DwOeeu4irtzXohva5TARwcR/i+jJ54jz
8lmUwhM51Te4yop07xUZTBM8+V4nUoTbNHN6KziF9d7DvJWXxDXWwRXwfoxgG4xk
SKBhNEC/hNxm4Wnuw8zlNOJvmfKXtff4XjE32LOGx/lBZTSC0Ry7vm36CHziH8ex
W+v1l8FOH2pQV+VCqoUE9Ql1bF5C/epCnMaDHcx+VYKfG0iVkU9X
-----END CERTIFICATE-----