Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204856.roa
File:                     AS204856.roa (raw, json)
Hash identifier:          0tPci5is85hUbCQu2Uuv832yNUUfMNlw4SKhT2fbM5k=
Subject key identifier:   B9:7A:FD:15:40:57:14:CB:43:EF:6E:D8:CB:68:13:1F:AA:52:FC:D3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       59835E4AA76E44DE36E35A5511B5AF04A7FFD6A6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204856.roa
Signing time:             Wed 29 Oct 2025 03:38:32 +0000
ROA not before:           Wed 29 Oct 2025 03:33:32 +0000
ROA not after:            Wed 28 Oct 2026 03:38:32 +0000
asID:                     204856
IP address blocks:        2a0f:85c1:d90::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:83:5e:4a:a7:6e:44:de:36:e3:5a:55:11:b5:af:04:a7:ff:d6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Oct 29 03:33:32 2025 GMT
            Not After : Oct 28 03:38:32 2026 GMT
        Subject: CN=B97AFD15405714CB43EF6ED8CB68131FAA52FCD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:c5:d1:fb:c9:9b:1f:a5:29:f5:24:d1:c7:c2:
                    5c:95:79:d4:2d:5d:f8:6f:90:6c:f5:59:dc:ac:0e:
                    60:e8:a6:1f:9b:0e:72:94:95:83:f6:18:89:da:af:
                    72:2e:78:2d:d7:6a:7d:08:2e:ba:c6:06:12:3b:88:
                    6d:17:6d:26:90:0a:f0:ad:39:7a:70:8b:f1:97:51:
                    5f:9b:ca:b6:c5:a6:89:89:fd:d4:dc:df:ef:96:d9:
                    44:10:2a:52:f4:0f:01:6c:04:0e:cb:50:7d:f7:b3:
                    87:7b:74:a0:60:db:2a:0e:fd:22:75:91:fc:50:4d:
                    f9:47:04:76:68:8e:24:4e:dc:9c:b9:f0:b1:74:82:
                    46:c4:f1:c4:0a:42:20:55:06:ef:f9:53:66:9c:3b:
                    d5:f0:05:d1:bd:db:9c:88:0b:fe:0f:9f:cb:03:de:
                    6c:9d:43:08:fc:8e:29:56:88:fe:02:a6:1b:6a:cd:
                    a0:45:c0:5e:0a:7e:0d:16:87:a9:b5:5f:2a:35:94:
                    c0:ef:cb:35:b6:35:4f:31:72:ce:db:7f:bd:d6:c2:
                    78:e6:31:c0:8d:2c:b0:4f:45:25:e1:7d:26:c3:81:
                    34:3d:e0:90:8e:24:28:4a:c6:70:81:01:eb:6f:c5:
                    a9:c3:15:82:0b:56:db:b4:bb:c7:03:fd:62:1b:27:
                    d6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7A:FD:15:40:57:14:CB:43:EF:6E:D8:CB:68:13:1F:AA:52:FC:D3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS204856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:d90::/48

    Signature Algorithm: sha256WithRSAEncryption
         c8:03:66:26:d0:85:ee:7e:4b:d4:20:f1:1a:3c:6d:6a:10:11:
         82:86:b1:16:cc:ee:43:7d:8a:b6:64:f7:49:8c:20:fc:23:bc:
         e8:de:f4:7c:5d:ec:9c:8d:bf:b3:d0:74:97:17:7a:60:f1:f4:
         e4:74:06:da:90:d0:8f:b9:53:b1:eb:cd:66:67:88:2c:fd:fd:
         bd:68:b6:f6:de:67:ef:ab:00:1e:86:4c:a7:85:2f:0e:8a:49:
         65:e2:ea:bf:f6:52:b8:3f:3e:f5:11:17:52:dd:6a:0f:e7:e0:
         87:41:f9:68:2e:c2:39:16:ed:f1:c8:e2:0d:a7:09:a9:e0:a5:
         34:01:e9:3e:32:b7:b8:72:1d:50:42:b5:9f:6f:65:2e:95:21:
         ed:03:76:50:e8:a4:5d:31:8a:2f:de:79:08:23:bc:76:7c:97:
         c6:d3:33:19:81:58:d5:07:5b:75:45:97:fc:ef:02:65:9f:d7:
         6d:39:3d:5d:67:a7:56:6a:e6:78:b4:39:47:4c:2a:0d:a3:09:
         1a:25:d3:ff:46:c7:89:11:8d:d0:20:df:16:f0:61:3f:18:23:
         ff:31:b1:db:4b:58:f1:44:ef:fc:11:68:3f:6c:7b:8a:f5:89:
         2f:53:f6:6e:5f:0f:70:96:27:95:86:20:62:f0:b1:2b:87:39:
         4e:53:7e:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUWYNeSqduRN4241pVEbWvBKf/1qYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTEwMjkwMzMzMzJaFw0yNjEwMjgwMzM4MzJaMDMxMTAvBgNV
BAMTKEI5N0FGRDE1NDA1NzE0Q0I0M0VGNkVEOENCNjgxMzFGQUE1MkZDRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnxdH7yZsfpSn1JNHHwlyVedQt
XfhvkGz1WdysDmDoph+bDnKUlYP2GInar3IueC3Xan0ILrrGBhI7iG0XbSaQCvCt
OXpwi/GXUV+byrbFpomJ/dTc3++W2UQQKlL0DwFsBA7LUH33s4d7dKBg2yoO/SJ1
kfxQTflHBHZojiRO3Jy58LF0gkbE8cQKQiBVBu/5U2acO9XwBdG925yIC/4Pn8sD
3mydQwj8jilWiP4CphtqzaBFwF4Kfg0Wh6m1Xyo1lMDvyzW2NU8xcs7bf73Wwnjm
McCNLLBPRSXhfSbDgTQ94JCOJChKxnCBAetvxanDFYILVtu0u8cD/WIbJ9ZFAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUuXr9FUBXFMtD727Yy2gTH6pS/NMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0ODU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ2QMA0GCSqGSIb3DQEBCwUAA4IBAQDIA2Ym0IXufkvUIPEaPG1qEBGChrEWzO5D
fYq2ZPdJjCD8I7zo3vR8Xeycjb+z0HSXF3pg8fTkdAbakNCPuVOx681mZ4gs/f29
aLb23mfvqwAehkynhS8Oikll4uq/9lK4Pz71ERdS3WoP5+CHQfloLsI5Fu3xyOIN
pwmp4KU0Aek+Mre4ch1QQrWfb2UulSHtA3ZQ6KRdMYov3nkII7x2fJfG0zMZgVjV
B1t1RZf87wJln9dtOT1dZ6dWauZ4tDlHTCoNowkaJdP/RseJEY3QIN8W8GE/GCP/
MbHbS1jxRO/8EWg/bHuK9YkvU/ZuXw9wlieVhiBi8LErhzlOU36d
-----END CERTIFICATE-----