Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207781.roa
File:                     AS207781.roa (raw, json)
Hash identifier:          rJSSjlSb6MxHlwltAjeCdFUosX+uluwowVuN8qJPv8s=
Subject key identifier:   21:21:25:32:EC:F8:BC:85:67:65:BF:A6:E9:02:C4:2A:C8:09:AD:FA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       11EBC8491EEB0C055D9A386A2D3E8A4085E0339B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207781.roa
Signing time:             Fri 25 Jul 2025 08:07:39 +0000
ROA not before:           Fri 25 Jul 2025 08:02:39 +0000
ROA not after:            Fri 24 Jul 2026 08:07:39 +0000
asID:                     207781
IP address blocks:        2a0f:85c1:beef::/48 maxlen: 48
                          2a0f:85c1:cafe::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:eb:c8:49:1e:eb:0c:05:5d:9a:38:6a:2d:3e:8a:40:85:e0:33:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:39 2025 GMT
            Not After : Jul 24 08:07:39 2026 GMT
        Subject: CN=21212532ECF8BC856765BFA6E902C42AC809ADFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:21:8e:aa:df:6c:57:b2:b4:6d:ad:73:9f:50:
                    ae:4f:90:34:b1:e2:9b:c1:39:45:60:7f:93:ef:35:
                    af:7b:21:a4:57:17:7b:34:ee:29:ab:12:0a:91:4f:
                    c1:d8:c5:82:b2:24:ff:6a:6a:da:b9:21:9d:e5:00:
                    1e:9d:aa:22:5b:6d:fc:07:2e:b4:8f:27:db:43:1b:
                    5b:94:c8:8b:51:3d:ee:14:52:61:39:a0:38:39:00:
                    d2:7b:e3:5f:19:59:34:d3:71:fc:97:1f:c3:3a:27:
                    20:e3:14:1c:fc:12:64:60:0e:31:45:d3:00:f2:32:
                    aa:8a:b0:c7:a4:d1:94:07:25:d4:65:ef:90:7e:c6:
                    f5:b7:7e:76:1e:c5:4f:a8:2b:8e:62:88:f3:73:b1:
                    49:07:01:33:6f:18:af:76:69:0e:67:9d:00:8d:56:
                    e7:7f:6c:b9:9a:1a:48:bd:fa:33:66:05:c1:53:0a:
                    af:54:9a:0e:89:4a:95:b0:ba:b3:0e:7f:43:a3:d8:
                    50:d0:42:cd:b5:4c:5c:87:94:ee:d2:44:e5:d9:54:
                    f8:4c:4c:23:78:7c:02:66:69:c4:98:e1:ea:c0:3b:
                    e3:e1:57:9d:25:40:94:62:f4:43:79:ae:f7:5f:03:
                    77:68:c3:50:f7:77:f1:f1:41:f1:8a:91:7a:1e:e1:
                    2f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:21:25:32:EC:F8:BC:85:67:65:BF:A6:E9:02:C4:2A:C8:09:AD:FA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207781.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:beef::/48
                  2a0f:85c1:cafe::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:93:c2:ba:29:ce:72:eb:86:ab:b8:4b:32:07:6c:a9:36:80:
         dd:51:82:39:a8:26:cd:33:cb:a7:3e:fb:43:ed:fa:92:0d:a8:
         22:a4:ed:b4:f4:c6:98:a0:fd:d8:fa:1c:03:54:00:a5:87:1f:
         b1:91:80:49:fd:b9:14:3f:ea:c9:06:98:26:92:89:4b:d4:d0:
         24:3a:55:ae:b5:61:e0:d2:2b:e0:3c:e2:e4:13:4f:bb:78:02:
         d2:bf:9a:7b:46:67:5a:c3:8a:e5:14:c7:6f:03:93:30:99:d5:
         62:ca:34:5f:9d:40:d2:1b:15:96:79:38:59:66:f0:d2:c1:2a:
         18:5d:0a:1d:91:e7:46:f7:78:00:be:6f:25:b1:b0:05:69:11:
         14:7e:03:ea:ae:53:88:a6:4c:dd:f5:9a:5e:70:9c:c0:7a:8c:
         a7:97:86:14:13:27:35:c1:4f:6b:40:da:db:e9:d2:87:7b:b3:
         af:58:70:69:d3:42:61:35:b7:20:44:ad:f2:ce:bd:e6:77:d3:
         1b:78:6d:f4:2c:76:b6:7f:28:01:4b:f6:4e:e3:b8:1e:d1:50:
         2f:fd:5e:dd:0b:9d:ec:be:dd:24:ca:44:91:b4:7b:49:4e:13:
         55:16:a4:a3:bc:f5:bf:1b:1f:89:4a:f9:5c:59:34:81:2e:bd:
         3c:1d:1a:98
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUEevISR7rDAVdmjhqLT6KQIXgM5swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzlaFw0yNjA3MjQwODA3MzlaMDMxMTAvBgNV
BAMTKDIxMjEyNTMyRUNGOEJDODU2NzY1QkZBNkU5MDJDNDJBQzgwOUFERkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpIY6q32xXsrRtrXOfUK5PkDSx
4pvBOUVgf5PvNa97IaRXF3s07imrEgqRT8HYxYKyJP9qatq5IZ3lAB6dqiJbbfwH
LrSPJ9tDG1uUyItRPe4UUmE5oDg5ANJ7418ZWTTTcfyXH8M6JyDjFBz8EmRgDjFF
0wDyMqqKsMek0ZQHJdRl75B+xvW3fnYexU+oK45iiPNzsUkHATNvGK92aQ5nnQCN
Vud/bLmaGki9+jNmBcFTCq9Umg6JSpWwurMOf0Oj2FDQQs21TFyHlO7SROXZVPhM
TCN4fAJmacSY4erAO+PhV50lQJRi9EN5rvdfA3dow1D3d/HxQfGKkXoe4S/RAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUISElMuz4vIVnZb+m6QLEKsgJrfowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3NzgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wb7vAwcAKg+Fwcr+MA0GCSqGSIb3DQEBCwUAA4IBAQAAk8K6Kc5y64aruEsyB2yp
NoDdUYI5qCbNM8unPvtD7fqSDagipO209MaYoP3Y+hwDVAClhx+xkYBJ/bkUP+rJ
BpgmkolL1NAkOlWutWHg0ivgPOLkE0+7eALSv5p7Rmdaw4rlFMdvA5MwmdViyjRf
nUDSGxWWeThZZvDSwSoYXQodkedG93gAvm8lsbAFaREUfgPqrlOIpkzd9ZpecJzA
eoynl4YUEyc1wU9rQNrb6dKHe7OvWHBp00JhNbcgRK3yzr3md9MbeG30LHa2fygB
S/ZO47ge0VAv/V7dC53svt0kykSRtHtJThNVFqSjvPW/Gx+JSvlcWTSBLr08HRqY
-----END CERTIFICATE-----