Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa
File:                     AS207609.roa (raw, json)
Hash identifier:          OKwA6XRVlFfhslDM0W8OAuPtWAMu2LGpv6F1V7ENRTc=
Subject key identifier:   75:B7:74:FF:45:37:9A:D5:F9:E2:3D:A5:10:DA:AA:B4:69:E2:A2:BD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1B1F083F22449DF25EC934427FCFCA214C9C2A35
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa
Signing time:             Fri 25 Jul 2025 08:07:37 +0000
ROA not before:           Fri 25 Jul 2025 08:02:37 +0000
ROA not after:            Fri 24 Jul 2026 08:07:37 +0000
asID:                     207609
IP address blocks:        2a0f:85c1:c080::/41 maxlen: 48
                          2a0f:85c1:c0d0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:1f:08:3f:22:44:9d:f2:5e:c9:34:42:7f:cf:ca:21:4c:9c:2a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:37 2025 GMT
            Not After : Jul 24 08:07:37 2026 GMT
        Subject: CN=75B774FF45379AD5F9E23DA510DAAAB469E2A2BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:15:0e:d7:36:87:0b:04:86:7a:0c:ca:2b:ce:
                    b2:d4:c9:21:6f:99:1c:ab:1f:2a:e1:96:a4:45:cd:
                    b0:80:2a:c0:45:d7:15:ad:0a:f4:e1:29:a7:4d:4e:
                    32:b5:a7:6c:28:17:d9:b9:d2:8d:6f:d8:57:1a:c5:
                    92:37:77:f5:91:4b:76:85:5e:fb:83:a1:37:e9:50:
                    42:00:46:89:45:02:56:58:7c:2f:6a:08:28:10:f6:
                    28:94:a3:d7:6c:c7:a4:3c:2e:52:88:34:d1:3b:73:
                    ac:05:2f:2b:cc:33:07:a3:93:7f:77:26:d9:95:5d:
                    b5:e5:52:ef:b9:d9:13:f9:22:d9:ef:e0:b4:a5:c2:
                    32:71:b7:9a:76:ab:22:ff:24:f5:85:c2:ed:9f:a2:
                    93:f3:70:15:0d:a5:04:47:30:ac:5d:52:ff:4c:9c:
                    8f:ae:f8:1c:73:1e:72:01:0d:e7:41:6f:45:25:50:
                    a3:48:94:d3:5b:8b:00:a4:ff:9e:90:7c:b4:9b:5d:
                    75:a2:69:32:71:0b:fc:da:34:b7:0e:a7:b4:2b:79:
                    df:9d:a2:73:19:52:d9:3d:45:cb:1a:f3:59:44:4b:
                    a7:da:a4:2f:4b:33:0a:ee:79:53:f5:9a:d0:3f:95:
                    9b:e5:d8:2e:a2:4a:84:2b:78:32:5a:5a:3b:f8:54:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:B7:74:FF:45:37:9A:D5:F9:E2:3D:A5:10:DA:AA:B4:69:E2:A2:BD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c080::/41

    Signature Algorithm: sha256WithRSAEncryption
         49:29:7e:bd:63:d0:6e:cd:e2:70:73:ae:ec:10:42:87:1e:16:
         93:1c:6b:92:c6:69:0b:d2:7e:75:bb:18:ce:18:12:60:11:e0:
         8b:c2:30:f9:2e:b3:28:88:73:46:75:d5:7b:bc:9e:f7:74:e5:
         66:60:cf:48:e1:36:9b:24:45:83:30:27:1e:3a:72:1b:d3:6c:
         71:32:82:92:31:03:f2:a3:c8:18:d1:15:41:28:34:94:68:06:
         95:d9:ca:ca:12:08:eb:55:25:6a:54:77:f3:16:6e:d5:9b:d6:
         a2:80:61:a9:5b:03:cd:60:ff:ce:5a:a6:bc:dc:b1:a5:fc:c0:
         31:1a:30:27:6e:d8:24:ba:78:b1:09:85:c6:5f:ba:8e:97:60:
         dc:6a:c1:93:d6:ef:31:05:32:7c:e0:8c:23:8d:84:85:21:b3:
         5a:33:47:d9:37:c3:ab:a9:2e:6d:95:cb:a5:68:32:a4:30:81:
         49:56:2e:06:0f:2a:3a:a4:de:17:ca:29:90:94:c2:9e:ce:10:
         10:fd:47:09:f3:43:fb:da:77:b3:e6:db:19:38:c5:2e:e8:5c:
         64:14:85:2d:2e:da:af:6d:66:90:b8:d2:1c:6a:98:a4:ee:47:
         6f:5d:bb:cc:77:8e:ce:29:86:c6:c4:c0:28:7b:ed:92:cc:fb:
         40:69:83:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUGx8IPyJEnfJeyTRCf8/KIUycKjUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzdaFw0yNjA3MjQwODA3MzdaMDMxMTAvBgNV
BAMTKDc1Qjc3NEZGNDUzNzlBRDVGOUUyM0RBNTEwREFBQUI0NjlFMkEyQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmFQ7XNocLBIZ6DMorzrLUySFv
mRyrHyrhlqRFzbCAKsBF1xWtCvThKadNTjK1p2woF9m50o1v2FcaxZI3d/WRS3aF
XvuDoTfpUEIARolFAlZYfC9qCCgQ9iiUo9dsx6Q8LlKINNE7c6wFLyvMMwejk393
JtmVXbXlUu+52RP5Itnv4LSlwjJxt5p2qyL/JPWFwu2fopPzcBUNpQRHMKxdUv9M
nI+u+BxzHnIBDedBb0UlUKNIlNNbiwCk/56QfLSbXXWiaTJxC/zaNLcOp7Qred+d
onMZUtk9Rcsa81lES6fapC9LMwrueVP1mtA/lZvl2C6iSoQreDJaWjv4VKdPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUdbd0/0U3mtX54j2lENqqtGnior0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3NjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcHKg+F
wcCAMA0GCSqGSIb3DQEBCwUAA4IBAQBJKX69Y9BuzeJwc67sEEKHHhaTHGuSxmkL
0n51uxjOGBJgEeCLwjD5LrMoiHNGddV7vJ73dOVmYM9I4TabJEWDMCceOnIb02xx
MoKSMQPyo8gY0RVBKDSUaAaV2crKEgjrVSVqVHfzFm7Vm9aigGGpWwPNYP/OWqa8
3LGl/MAxGjAnbtgkunixCYXGX7qOl2DcasGT1u8xBTJ84IwjjYSFIbNaM0fZN8Or
qS5tlculaDKkMIFJVi4GDyo6pN4XyimQlMKezhAQ/UcJ80P72nez5tsZOMUu6Fxk
FIUtLtqvbWaQuNIcapik7kdvXbvMd47OKYbGxMAoe+2SzPtAaYP4
-----END CERTIFICATE-----
Generated at Thu Aug 7 11:21:17 2025 by rpki-client