Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206898.roa
File:                     AS206898.roa (raw, json)
Hash identifier:          JZbHTthUIsnBD9CxXyyIE7L/HLtRxtcmwfA3k2U6aWQ=
Subject key identifier:   15:38:4B:5F:7D:CF:A1:53:8E:26:90:D7:81:B5:31:12:06:B0:C8:13
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       5214FF5827460C213EA07126B6B08C25AA6D6C56
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206898.roa
Signing time:             Mon 16 Jun 2025 17:15:54 +0000
ROA not before:           Mon 16 Jun 2025 17:10:54 +0000
ROA not after:            Mon 15 Jun 2026 17:15:54 +0000
asID:                     206898
IP address blocks:        2a0f:85c1:c6a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:14:ff:58:27:46:0c:21:3e:a0:71:26:b6:b0:8c:25:aa:6d:6c:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 16 17:10:54 2025 GMT
            Not After : Jun 15 17:15:54 2026 GMT
        Subject: CN=15384B5F7DCFA1538E2690D781B5311206B0C813
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ab:bb:8e:db:ad:37:f5:51:81:37:81:23:c4:
                    db:1e:ff:d5:18:b0:89:36:9b:c5:1f:b6:7e:08:85:
                    69:38:73:2e:08:d7:80:b3:c7:ae:5e:fc:50:4b:0d:
                    37:4b:a0:db:89:19:aa:89:81:25:de:c5:55:b4:5b:
                    ab:99:24:e8:ea:8f:68:94:c4:8e:33:57:8d:41:4d:
                    22:47:b3:0d:a1:36:8b:d8:99:10:ef:9f:4a:a0:5e:
                    69:8f:22:11:d9:a4:33:67:48:4b:a8:ae:4e:e9:4f:
                    eb:86:58:bd:68:6e:3f:41:43:15:f7:f0:1b:67:f7:
                    c5:30:09:52:c4:50:56:d7:14:57:14:70:6d:9e:fa:
                    e5:e5:58:1c:5f:4c:16:4b:ec:60:74:d6:59:ea:c1:
                    51:44:ad:08:a9:d0:62:e4:c9:0f:fa:2a:a9:b2:99:
                    a7:e3:8c:15:77:cf:62:f1:7d:af:9e:3e:46:f2:b9:
                    c3:0e:2d:e2:8b:d1:ec:7e:3c:e0:8a:a0:8b:13:09:
                    41:f5:de:75:1f:4d:d5:85:59:f9:9c:0b:65:20:47:
                    51:1d:f5:4f:b7:a9:c0:8d:cb:33:a5:63:46:e7:1a:
                    a0:81:3c:69:e8:ad:bd:66:b8:26:70:bf:b9:27:3c:
                    c6:a4:8b:4a:cf:94:9a:ae:22:a0:61:14:06:2d:7e:
                    1a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:38:4B:5F:7D:CF:A1:53:8E:26:90:D7:81:B5:31:12:06:B0:C8:13
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS206898.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c6a::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:27:8a:5f:a3:a9:42:6d:7b:d3:2b:94:fb:4f:d1:00:58:85:
         27:8b:be:63:00:a7:75:a6:ce:55:9d:33:f8:81:1e:0b:2b:be:
         16:a0:4d:59:63:9a:5b:52:2b:03:2f:76:75:25:be:21:49:99:
         de:dd:54:74:21:46:cc:30:97:eb:a4:b1:75:fd:16:8d:f0:59:
         6b:cb:06:b4:c2:50:3f:3a:a4:d3:53:05:2d:eb:c6:c4:b8:02:
         e1:bd:0d:2b:d5:27:5a:c3:15:f1:61:6a:19:d9:c8:5b:91:db:
         d4:19:27:30:6f:ad:06:6d:ad:9d:75:06:be:1e:dd:f6:6d:26:
         b9:de:4a:f4:49:5f:23:5b:c5:70:77:6d:db:5b:93:65:42:79:
         ad:14:38:dd:a6:1c:01:c3:2d:ff:6f:f3:ea:c0:c8:93:94:f3:
         60:a4:aa:44:94:c1:90:b9:bf:69:0f:ba:82:47:87:d3:af:7b:
         27:a5:fd:9e:a2:29:a4:9b:85:c7:1c:8a:35:24:f7:28:3a:08:
         f1:e6:0d:b5:d8:d4:89:c3:42:61:38:64:c2:40:8b:d6:d5:48:
         97:31:5f:d2:f9:02:be:21:56:2e:eb:7f:ae:e6:be:65:93:1d:
         0f:36:b0:74:f4:23:71:7d:8a:0d:21:54:c0:41:9c:cc:2b:37:
         c9:5f:5e:83
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUUhT/WCdGDCE+oHEmtrCMJaptbFYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA2MTYxNzEwNTRaFw0yNjA2MTUxNzE1NTRaMDMxMTAvBgNV
BAMTKDE1Mzg0QjVGN0RDRkExNTM4RTI2OTBENzgxQjUzMTEyMDZCMEM4MTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfq7uO26039VGBN4EjxNse/9UY
sIk2m8Uftn4IhWk4cy4I14Czx65e/FBLDTdLoNuJGaqJgSXexVW0W6uZJOjqj2iU
xI4zV41BTSJHsw2hNovYmRDvn0qgXmmPIhHZpDNnSEuork7pT+uGWL1obj9BQxX3
8Btn98UwCVLEUFbXFFcUcG2e+uXlWBxfTBZL7GB01lnqwVFErQip0GLkyQ/6Kqmy
mafjjBV3z2Lxfa+ePkbyucMOLeKL0ex+POCKoIsTCUH13nUfTdWFWfmcC2UgR1Ed
9U+3qcCNyzOlY0bnGqCBPGnorb1muCZwv7knPMaki0rPlJquIqBhFAYtfhqRAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUFThLX33PoVOOJpDXgbUxEgawyBMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA2ODk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQxqMA0GCSqGSIb3DQEBCwUAA4IBAQAPJ4pfo6lCbXvTK5T7T9EAWIUni75jAKd1
ps5VnTP4gR4LK74WoE1ZY5pbUisDL3Z1Jb4hSZne3VR0IUbMMJfrpLF1/RaN8Flr
ywa0wlA/OqTTUwUt68bEuALhvQ0r1SdawxXxYWoZ2chbkdvUGScwb60Gba2ddQa+
Ht32bSa53kr0SV8jW8Vwd23bW5NlQnmtFDjdphwBwy3/b/PqwMiTlPNgpKpElMGQ
ub9pD7qCR4fTr3snpf2eoimkm4XHHIo1JPcoOgjx5g212NSJw0JhOGTCQIvW1UiX
MV/S+QK+IVYu63+u5r5lkx0PNrB09CNxfYoNIVTAQZzMKzfJX16D
-----END CERTIFICATE-----