Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202912.roa
File:                     AS202912.roa (raw, json)
Hash identifier:          q6bKJjsvLtu7CCFLElde9CPvhlad8LGT7dc1pxO2ICM=
Subject key identifier:   08:05:DA:8E:CC:0A:13:16:18:F7:85:CC:A1:10:5A:86:AD:BE:7E:E6
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       229851FACCAC1F2254C9DDB428E4B6697BDACDCF
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202912.roa
Signing time:             Tue 27 Jan 2026 16:08:47 +0000
ROA not before:           Tue 27 Jan 2026 16:03:47 +0000
ROA not after:            Tue 26 Jan 2027 16:08:47 +0000
asID:                     202912
IP address blocks:        2a0f:85c1:e2a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:98:51:fa:cc:ac:1f:22:54:c9:dd:b4:28:e4:b6:69:7b:da:cd:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jan 27 16:03:47 2026 GMT
            Not After : Jan 26 16:08:47 2027 GMT
        Subject: CN=0805DA8ECC0A131618F785CCA1105A86ADBE7EE6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:78:0c:22:c6:5d:6a:01:1b:75:27:b7:2e:af:
                    eb:bf:5f:e4:61:dd:9b:23:52:e7:0a:72:08:5b:4c:
                    4a:1c:45:77:a7:34:e3:5c:3f:ab:8b:49:b3:d7:4b:
                    03:75:c2:9e:a7:af:fe:80:5d:a1:02:a9:9a:c9:59:
                    8e:7c:93:64:34:78:be:78:c2:70:bf:66:a8:85:1f:
                    af:9e:57:c3:7c:1c:3d:a4:8b:7a:b2:82:14:91:83:
                    db:27:00:04:cc:b4:b7:48:90:86:64:e8:c9:74:7d:
                    b0:68:44:a6:b6:3e:3d:96:9f:96:b9:77:7e:48:c7:
                    d3:36:eb:f1:f2:e9:b5:77:e7:26:86:41:ea:b8:5c:
                    b2:4a:07:4b:54:33:08:94:0a:c7:b7:a9:93:0c:f9:
                    b2:a7:c3:1f:5c:d5:67:88:cd:74:29:c8:8c:48:10:
                    98:bf:96:ef:33:83:3a:c0:d7:19:12:e0:40:c1:00:
                    66:51:30:63:77:ec:dd:7a:4d:25:3f:c8:54:24:40:
                    16:ad:d7:e2:5a:5e:42:80:72:51:48:ef:49:c0:cd:
                    68:f7:03:32:59:f4:95:dd:7c:0a:03:6e:d0:93:40:
                    3c:b8:02:55:e8:0d:0e:57:59:b8:b3:f4:81:f1:5b:
                    69:c8:ef:10:3f:d7:01:b6:12:f6:84:4c:34:92:06:
                    6c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:05:DA:8E:CC:0A:13:16:18:F7:85:CC:A1:10:5A:86:AD:BE:7E:E6
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS202912.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:e2a::/48

    Signature Algorithm: sha256WithRSAEncryption
         9a:b2:8f:40:f2:2b:f1:45:39:bb:db:b4:e0:eb:d0:8a:da:c1:
         e8:24:91:44:e0:18:d4:1e:66:02:a9:3c:2b:44:74:92:29:13:
         ea:c0:9e:e0:e6:98:0a:85:07:e6:ee:1d:8a:5e:7d:7f:3e:77:
         d1:bb:c9:00:0f:40:9b:c5:e9:4f:07:53:08:da:e8:a4:56:0d:
         3b:f9:cc:fa:fd:34:e9:a3:ea:8c:52:14:3b:8f:0a:53:d1:a4:
         b7:1a:f0:d0:49:00:7c:51:c2:31:63:df:fe:0d:76:b7:b4:14:
         a7:35:3e:82:e7:90:c4:2f:4d:0f:06:7f:b6:33:1b:dc:19:10:
         45:16:a7:0d:07:f2:8f:48:f4:e3:cc:1a:20:98:87:87:3c:e0:
         8d:a2:02:8b:fc:76:6d:f7:95:b8:47:1f:a6:00:56:fb:83:87:
         1c:2f:ca:1b:8a:07:25:a5:31:60:0c:9b:7d:fe:bf:fc:da:ce:
         cf:bc:5b:d2:cf:cc:20:ca:cd:d9:59:f7:2c:f9:bc:c5:73:9e:
         3f:ad:1e:6d:6b:02:5d:11:60:f9:bd:ea:df:b5:a2:c5:54:7d:
         f3:9c:1f:ae:ae:6f:ca:1d:a5:9f:4b:ee:3f:ad:b8:1e:b6:c0:
         bb:c2:ab:f7:56:5b:ee:dd:26:fa:18:0b:9d:c9:7c:b3:93:8e:
         20:ca:8a:ba
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUIphR+sysHyJUyd20KOS2aXvazc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAxMjcxNjAzNDdaFw0yNzAxMjYxNjA4NDdaMDMxMTAvBgNV
BAMTKDA4MDVEQThFQ0MwQTEzMTYxOEY3ODVDQ0ExMTA1QTg2QURCRTdFRTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5eAwixl1qARt1J7cur+u/X+Rh
3ZsjUucKcghbTEocRXenNONcP6uLSbPXSwN1wp6nr/6AXaECqZrJWY58k2Q0eL54
wnC/ZqiFH6+eV8N8HD2ki3qyghSRg9snAATMtLdIkIZk6Ml0fbBoRKa2Pj2Wn5a5
d35Ix9M26/Hy6bV35yaGQeq4XLJKB0tUMwiUCse3qZMM+bKnwx9c1WeIzXQpyIxI
EJi/lu8zgzrA1xkS4EDBAGZRMGN37N16TSU/yFQkQBat1+JaXkKAclFI70nAzWj3
AzJZ9JXdfAoDbtCTQDy4AlXoDQ5XWbiz9IHxW2nI7xA/1wG2EvaETDSSBmyXAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUCAXajswKExYY94XMoRBahq2+fuYwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjAyOTEyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ4qMA0GCSqGSIb3DQEBCwUAA4IBAQCaso9A8ivxRTm727Tg69CK2sHoJJFE4BjU
HmYCqTwrRHSSKRPqwJ7g5pgKhQfm7h2KXn1/PnfRu8kAD0CbxelPB1MI2uikVg07
+cz6/TTpo+qMUhQ7jwpT0aS3GvDQSQB8UcIxY9/+DXa3tBSnNT6C55DEL00PBn+2
MxvcGRBFFqcNB/KPSPTjzBogmIeHPOCNogKL/HZt95W4Rx+mAFb7g4ccL8obigcl
pTFgDJt9/r/82s7PvFvSz8wgys3ZWfcs+bzFc54/rR5tawJdEWD5verftaLFVH3z
nB+urm/KHaWfS+4/rbgetsC7wqv3Vlvu3Sb6GAudyXyzk44gyoq6
-----END CERTIFICATE-----