Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207451.roa
File:                     AS207451.roa (raw, json)
Hash identifier:          vc6CfMz1/SKHAMVNMA8MtLqH0H9vkrs0o49HLBtJ76c=
Subject key identifier:   29:2F:F5:7E:06:C0:6C:13:17:24:30:94:37:1C:67:A6:D5:77:90:ED
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1C80E74ADB366193F8E8138430416F8CC596AD56
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207451.roa
Signing time:             Fri 25 Jul 2025 08:07:45 +0000
ROA not before:           Fri 25 Jul 2025 08:02:45 +0000
ROA not after:            Fri 24 Jul 2026 08:07:45 +0000
asID:                     207451
IP address blocks:        2a0f:85c1:213::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:80:e7:4a:db:36:61:93:f8:e8:13:84:30:41:6f:8c:c5:96:ad:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:45 2025 GMT
            Not After : Jul 24 08:07:45 2026 GMT
        Subject: CN=292FF57E06C06C1317243094371C67A6D57790ED
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:f5:09:f2:88:6f:a0:e7:f2:f0:b4:a7:75:02:
                    64:ad:a3:45:f1:89:8d:44:5e:e5:ba:6e:86:42:30:
                    68:0d:19:e5:e2:83:2c:97:f7:17:ca:e9:59:47:27:
                    85:6b:24:cb:ef:fe:2a:75:bc:f2:a8:4e:be:09:da:
                    75:ae:36:26:bb:78:45:66:24:16:dd:0e:38:26:4c:
                    25:43:fd:4d:e4:45:23:b1:a5:fb:58:7a:78:ae:6f:
                    57:03:0e:a7:52:6a:55:0a:8c:33:45:5f:51:59:04:
                    94:3f:3a:e9:af:ed:bb:23:82:01:6b:6a:6e:bf:84:
                    f2:97:bb:9d:6b:a0:dc:12:dc:a3:42:a6:44:2d:aa:
                    04:1d:2a:cf:0c:7a:4d:ed:64:3a:95:24:5a:20:49:
                    e1:e7:28:ce:04:29:6a:41:a8:e6:5d:2f:e5:34:89:
                    b3:16:70:52:3f:74:e2:51:dc:80:83:62:ac:99:a9:
                    46:a2:f5:ca:8e:ae:96:b2:64:b3:e1:4f:83:df:a7:
                    89:cd:13:a8:de:12:63:ab:ae:86:7e:37:e7:d4:5a:
                    9a:b2:63:1e:8d:b5:00:e6:e4:6c:42:7f:ad:65:95:
                    e0:a2:b6:b7:a2:fa:94:b6:35:5c:28:3f:f0:fa:71:
                    d3:5a:01:61:b2:12:90:36:b1:7f:cd:6d:5d:22:e7:
                    f2:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:2F:F5:7E:06:C0:6C:13:17:24:30:94:37:1C:67:A6:D5:77:90:ED
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207451.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:213::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:80:f8:39:ab:6f:02:4e:5d:d1:b0:3d:20:38:e0:92:82:3e:
         ba:c0:81:98:32:6e:31:c7:27:f9:ff:90:1f:10:0d:e9:42:7b:
         e5:09:1c:eb:19:04:9d:09:e3:e6:a9:0e:0a:dd:1f:b1:fc:6d:
         b3:ec:fe:f9:64:91:24:08:a3:93:20:a0:85:99:cf:76:be:6d:
         3f:a1:fd:a2:ce:b0:b5:28:03:82:25:f4:75:07:db:b7:3d:13:
         48:98:e7:d3:f0:71:e9:18:a4:55:68:74:79:8d:15:1b:e4:c5:
         6a:b7:fa:1b:e2:9c:d6:54:4d:4e:c8:49:2b:ba:48:b9:42:67:
         86:a8:dd:25:3f:27:38:77:21:52:13:9f:c6:4c:fa:ae:1f:9c:
         0f:c8:a5:33:4c:cb:f9:79:72:7d:05:31:3a:35:6d:b6:62:f1:
         65:44:76:ea:b1:40:f1:16:e9:55:72:ec:6e:70:f2:a9:b6:52:
         ca:64:e9:b5:5a:2a:23:8f:6c:09:f6:55:5c:0f:d1:3d:1e:c0:
         17:a0:fb:5b:a8:c6:7b:ed:65:4e:8a:37:68:26:17:ea:65:97:
         de:eb:bf:59:e2:f4:3a:ac:d4:c9:8b:b2:18:1a:26:91:db:cf:
         86:f3:e1:ee:6f:a8:5b:2b:de:2c:01:34:e9:2c:f6:9a:1a:b4:
         67:82:bf:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHIDnSts2YZP46BOEMEFvjMWWrVYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDVaFw0yNjA3MjQwODA3NDVaMDMxMTAvBgNV
BAMTKDI5MkZGNTdFMDZDMDZDMTMxNzI0MzA5NDM3MUM2N0E2RDU3NzkwRUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD09QnyiG+g5/LwtKd1AmSto0Xx
iY1EXuW6boZCMGgNGeXigyyX9xfK6VlHJ4VrJMvv/ip1vPKoTr4J2nWuNia7eEVm
JBbdDjgmTCVD/U3kRSOxpftYeniub1cDDqdSalUKjDNFX1FZBJQ/Oumv7bsjggFr
am6/hPKXu51roNwS3KNCpkQtqgQdKs8Mek3tZDqVJFogSeHnKM4EKWpBqOZdL+U0
ibMWcFI/dOJR3ICDYqyZqUai9cqOrpayZLPhT4Pfp4nNE6jeEmOrroZ+N+fUWpqy
Yx6NtQDm5GxCf61lleCitrei+pS2NVwoP/D6cdNaAWGyEpA2sX/NbV0i5/LDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUKS/1fgbAbBMXJDCUNxxnptV3kO0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3NDUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQITMA0GCSqGSIb3DQEBCwUAA4IBAQBRgPg5q28CTl3RsD0gOOCSgj66wIGYMm4x
xyf5/5AfEA3pQnvlCRzrGQSdCePmqQ4K3R+x/G2z7P75ZJEkCKOTIKCFmc92vm0/
of2izrC1KAOCJfR1B9u3PRNImOfT8HHpGKRVaHR5jRUb5MVqt/ob4pzWVE1OyEkr
uki5QmeGqN0lPyc4dyFSE5/GTPquH5wPyKUzTMv5eXJ9BTE6NW22YvFlRHbqsUDx
FulVcuxucPKptlLKZOm1Wiojj2wJ9lVcD9E9HsAXoPtbqMZ77WVOijdoJhfqZZfe
679Z4vQ6rNTJi7IYGiaR28+G8+Hub6hbK94sATTpLPaaGrRngr/D
-----END CERTIFICATE-----