Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204768.roa
File:                     AS204768.roa (raw, json)
Hash identifier:          3Yh/0GA8vUN8cLJk4kQyXGSYHkbSHhfdp26d1wEqMuE=
Subject key identifier:   F6:BA:FF:03:DF:F8:AC:4F:3D:1A:2E:05:25:DD:0E:76:90:D0:E3:54
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       33954A1299166A1764FCE7C229E8E2DFDA4D21DD
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204768.roa
Signing time:             Wed 29 Oct 2025 03:43:06 +0000
ROA not before:           Wed 29 Oct 2025 03:38:06 +0000
ROA not after:            Wed 28 Oct 2026 03:43:06 +0000
asID:                     204768
IP address blocks:        2a0f:85c1:d93::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:95:4a:12:99:16:6a:17:64:fc:e7:c2:29:e8:e2:df:da:4d:21:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 29 03:38:06 2025 GMT
            Not After : Oct 28 03:43:06 2026 GMT
        Subject: CN=F6BAFF03DFF8AC4F3D1A2E0525DD0E7690D0E354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d6:f9:5e:c6:ab:0d:d5:90:81:40:b8:71:20:
                    58:75:53:40:6c:6d:ea:5a:9b:39:56:67:e9:f8:96:
                    5b:5d:be:da:c4:e5:e8:78:5b:89:2e:2b:c8:a0:11:
                    67:bf:1a:65:cf:e0:ff:6d:08:31:bd:22:4f:13:bc:
                    09:39:9b:f2:fa:e8:0f:71:94:5b:05:e4:6e:e0:b0:
                    79:ed:bc:fb:f9:fe:fa:27:40:d0:bc:95:be:e8:4e:
                    39:a1:bd:6f:06:28:2c:e5:0e:c8:f1:c0:5f:3e:14:
                    7d:c6:1c:72:52:75:f9:09:3b:25:be:1a:cc:e5:7c:
                    c2:45:54:12:80:b9:53:90:2c:78:2d:32:06:93:ef:
                    32:d0:ab:8c:f1:4a:4b:c1:09:cf:4a:27:af:07:a0:
                    5f:00:43:df:db:d2:e7:75:4b:58:54:75:03:46:55:
                    c0:81:d0:b6:f6:ef:ad:8e:44:af:cd:d0:7e:9b:81:
                    15:b6:be:3f:fc:89:8a:36:7b:7c:8f:df:24:19:5e:
                    73:e9:ac:62:10:06:26:9a:5c:d7:f5:e3:48:09:4c:
                    af:c5:2f:c9:73:a1:3d:fd:d4:ed:a1:85:fd:d9:07:
                    5b:3f:6d:85:90:51:b3:79:7f:2c:e1:50:51:46:91:
                    b1:60:45:66:31:51:62:da:bf:1b:47:44:79:ab:6a:
                    8d:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:BA:FF:03:DF:F8:AC:4F:3D:1A:2E:05:25:DD:0E:76:90:D0:E3:54
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d93::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:ff:ca:7d:db:2d:e9:df:2c:24:24:1e:6a:58:fc:69:12:ad:
         3e:40:46:43:96:91:91:e4:27:14:72:49:54:6b:05:71:03:80:
         8c:b9:9f:e3:41:fb:cb:c7:60:6c:d4:68:a4:3f:f6:51:1b:33:
         de:b4:67:e0:ba:d2:20:36:38:28:5f:c5:18:73:84:23:81:5b:
         df:b5:7c:e5:1d:2b:e7:af:5b:79:cf:f6:ab:88:9d:c2:0a:e2:
         e3:27:b9:3a:4e:f6:61:80:3c:50:79:82:40:53:ea:f1:74:2e:
         18:4b:c4:9f:73:f4:23:1f:8a:97:72:92:e4:57:e6:f3:98:4e:
         dc:40:06:62:ea:b0:3a:d1:63:25:2c:5a:94:97:83:d1:c1:04:
         aa:91:d1:dd:07:39:03:54:81:a9:de:13:22:e4:f2:0f:19:40:
         0b:26:3d:57:09:24:f9:1d:7a:1f:aa:fd:83:73:e1:ce:ce:be:
         4a:01:0b:25:ee:46:aa:31:a5:07:a0:85:14:65:0a:2b:cc:61:
         cc:0a:99:4c:77:c7:cb:62:fb:b1:12:1e:ab:ae:94:87:08:ff:
         1c:1c:f9:d6:5a:6f:50:5b:7d:5a:3d:0a:ef:70:ec:22:bb:92:
         53:5c:b4:5b:d0:56:76:66:20:bf:8c:5b:d1:7a:45:80:8d:04:
         58:59:e4:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUM5VKEpkWahdk/OfCKeji39pNId0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMjkwMzM4MDZaFw0yNjEwMjgwMzQzMDZaMDMxMTAvBgNV
BAMTKEY2QkFGRjAzREZGOEFDNEYzRDFBMkUwNTI1REQwRTc2OTBEMEUzNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn1vlexqsN1ZCBQLhxIFh1U0Bs
bepamzlWZ+n4lltdvtrE5eh4W4kuK8igEWe/GmXP4P9tCDG9Ik8TvAk5m/L66A9x
lFsF5G7gsHntvPv5/vonQNC8lb7oTjmhvW8GKCzlDsjxwF8+FH3GHHJSdfkJOyW+
GszlfMJFVBKAuVOQLHgtMgaT7zLQq4zxSkvBCc9KJ68HoF8AQ9/b0ud1S1hUdQNG
VcCB0Lb2762ORK/N0H6bgRW2vj/8iYo2e3yP3yQZXnPprGIQBiaaXNf140gJTK/F
L8lzoT391O2hhf3ZB1s/bYWQUbN5fyzhUFFGkbFgRWYxUWLavxtHRHmrao3NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU9rr/A9/4rE89Gi4FJd0OdpDQ41QwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ2TMA0GCSqGSIb3DQEBCwUAA4IBAQBZ/8p92y3p3ywkJB5qWPxpEq0+QEZDlpGR
5CcUcklUawVxA4CMuZ/jQfvLx2Bs1GikP/ZRGzPetGfgutIgNjgoX8UYc4QjgVvf
tXzlHSvnr1t5z/ariJ3CCuLjJ7k6TvZhgDxQeYJAU+rxdC4YS8Sfc/QjH4qXcpLk
V+bzmE7cQAZi6rA60WMlLFqUl4PRwQSqkdHdBzkDVIGp3hMi5PIPGUALJj1XCST5
HXofqv2Dc+HOzr5KAQsl7kaqMaUHoIUUZQorzGHMCplMd8fLYvuxEh6rrpSHCP8c
HPnWWm9QW31aPQrvcOwiu5JTXLRb0FZ2ZiC/jFvRekWAjQRYWeRH
-----END CERTIFICATE-----