Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204728.roa
File:                     AS204728.roa (raw, json)
Hash identifier:          f0u5NTUtGMJESieRE/zbcHWY5JNjoFqtTrwGWR53PJ4=
Subject key identifier:   44:D1:E7:EE:CC:9B:92:2E:95:1C:63:1D:02:0E:EA:3C:9D:1D:4D:59
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4D7A699210D94AFA55F41BF7382803C2AF396BD0
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204728.roa
Signing time:             Wed 29 Oct 2025 03:40:14 +0000
ROA not before:           Wed 29 Oct 2025 03:35:14 +0000
ROA not after:            Wed 28 Oct 2026 03:40:14 +0000
asID:                     204728
IP address blocks:        2a0f:85c1:d96::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4d:7a:69:92:10:d9:4a:fa:55:f4:1b:f7:38:28:03:c2:af:39:6b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 29 03:35:14 2025 GMT
            Not After : Oct 28 03:40:14 2026 GMT
        Subject: CN=44D1E7EECC9B922E951C631D020EEA3C9D1D4D59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:4c:af:f5:75:05:43:e0:79:12:bc:15:3d:28:
                    0b:7e:7b:7e:8a:a8:91:7c:b5:4a:1a:cb:38:f9:fd:
                    8b:98:05:1d:8c:02:41:0a:66:18:d8:75:cf:d7:d2:
                    75:56:ba:1d:57:84:48:df:ce:7f:5a:c7:38:5e:c9:
                    1f:ea:dd:80:d5:41:36:49:91:d2:57:8b:6e:a6:1e:
                    8a:f1:17:0a:61:ce:b3:0a:6f:aa:17:e1:8a:28:48:
                    e3:cd:f9:52:b5:9e:9d:72:46:81:ff:f2:44:8c:71:
                    65:9f:21:da:7b:76:3f:2f:7f:c0:4a:76:1b:3c:18:
                    dc:28:a1:e9:57:03:20:9e:d7:30:14:6d:bc:32:ff:
                    c1:11:3a:40:38:fa:7b:cd:5a:31:35:82:bc:e6:85:
                    75:f4:16:e1:0b:24:4d:b6:cb:5e:93:db:fb:91:34:
                    20:89:44:1a:51:44:d1:e9:a1:b6:66:bd:ef:9a:b8:
                    31:1f:b3:17:ec:94:11:9a:41:28:20:19:dd:93:bd:
                    27:e8:2a:15:60:48:0b:7e:6a:92:49:32:d5:e6:46:
                    3d:32:e2:e1:11:f4:7d:17:5b:6d:bd:28:e3:a5:7a:
                    4f:ec:f4:53:9f:a5:b6:bf:bc:6e:b3:4f:53:6c:d0:
                    70:8d:be:17:be:a0:50:8a:55:1a:88:2c:00:d1:30:
                    e4:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:D1:E7:EE:CC:9B:92:2E:95:1C:63:1D:02:0E:EA:3C:9D:1D:4D:59
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204728.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d96::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:f1:de:a8:99:f8:30:31:dd:28:58:bb:98:be:7d:75:a3:b9:
         6c:fa:2a:f8:55:2d:7e:7a:95:92:bd:ad:d2:27:55:38:90:f3:
         32:80:68:3d:d1:df:c9:40:8e:29:b8:0c:ee:77:f0:b3:3d:b9:
         98:fb:2e:1a:fd:1c:3f:81:40:eb:07:82:12:9a:f0:31:eb:20:
         d9:07:9f:40:19:4f:fd:c7:80:85:e5:ed:a2:ef:22:3d:67:cd:
         c3:66:d7:54:a7:97:98:97:61:de:2d:43:0c:fc:db:d8:ea:ef:
         a5:ee:82:f4:26:19:49:d4:88:ea:95:11:28:ce:70:e6:42:a5:
         6e:7c:f6:f8:77:e6:fd:03:17:a0:0c:e7:cd:8c:f9:ec:41:b1:
         17:1c:85:97:14:66:c0:bd:da:1a:37:ed:e8:51:53:f1:30:b3:
         f2:1e:2c:14:f5:05:29:78:ec:b2:fd:29:98:60:42:32:3f:76:
         36:46:51:bb:f9:f0:ef:40:50:10:9d:c3:1b:c5:00:df:f5:35:
         bb:e0:6d:e8:09:68:be:be:51:49:e1:70:04:c4:91:3d:df:fc:
         69:87:5d:ec:5a:13:f2:bf:f4:86:51:a0:35:7c:b6:ac:77:5c:
         05:02:2d:5a:5b:f5:4f:93:a6:6e:c9:4d:fd:18:d8:38:55:85:
         23:18:26:ea
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUTXppkhDZSvpV9Bv3OCgDwq85a9AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMjkwMzM1MTRaFw0yNjEwMjgwMzQwMTRaMDMxMTAvBgNV
BAMTKDQ0RDFFN0VFQ0M5QjkyMkU5NTFDNjMxRDAyMEVFQTNDOUQxRDRENTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtTK/1dQVD4HkSvBU9KAt+e36K
qJF8tUoayzj5/YuYBR2MAkEKZhjYdc/X0nVWuh1XhEjfzn9axzheyR/q3YDVQTZJ
kdJXi26mHorxFwphzrMKb6oX4YooSOPN+VK1np1yRoH/8kSMcWWfIdp7dj8vf8BK
dhs8GNwooelXAyCe1zAUbbwy/8EROkA4+nvNWjE1grzmhXX0FuELJE22y16T2/uR
NCCJRBpRRNHpobZmve+auDEfsxfslBGaQSggGd2TvSfoKhVgSAt+apJJMtXmRj0y
4uER9H0XW229KOOlek/s9FOfpba/vG6zT1Ns0HCNvhe+oFCKVRqILADRMOTrAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQURNHn7sybki6VHGMdAg7qPJ0dTVkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0NzI4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ2WMA0GCSqGSIb3DQEBCwUAA4IBAQAS8d6omfgwMd0oWLuYvn11o7ls+ir4VS1+
epWSva3SJ1U4kPMygGg90d/JQI4puAzud/CzPbmY+y4a/Rw/gUDrB4ISmvAx6yDZ
B59AGU/9x4CF5e2i7yI9Z83DZtdUp5eYl2HeLUMM/NvY6u+l7oL0JhlJ1IjqlREo
znDmQqVufPb4d+b9AxegDOfNjPnsQbEXHIWXFGbAvdoaN+3oUVPxMLPyHiwU9QUp
eOyy/SmYYEIyP3Y2RlG7+fDvQFAQncMbxQDf9TW74G3oCWi+vlFJ4XAExJE93/xp
h13sWhPyv/SGUaA1fLasd1wFAi1aW/VPk6ZuyU39GNg4VYUjGCbq
-----END CERTIFICATE-----