Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207842.roa
File:                     AS207842.roa (raw, json)
Hash identifier:          Ako++Y4Z5gHeowLotJWIf4fIzQH3q9fvujcr4PVdk30=
Subject key identifier:   CF:47:92:CB:6B:FD:B9:AA:95:C6:4A:BE:17:1F:B8:B5:30:44:E1:18
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       682989BC83BFBE35FD196F462F77C350A29F8E7F
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207842.roa
Signing time:             Fri 25 Jul 2025 08:07:43 +0000
ROA not before:           Fri 25 Jul 2025 08:02:43 +0000
ROA not after:            Fri 24 Jul 2026 08:07:43 +0000
asID:                     207842
IP address blocks:        2a0f:85c1:220::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:29:89:bc:83:bf:be:35:fd:19:6f:46:2f:77:c3:50:a2:9f:8e:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:43 2025 GMT
            Not After : Jul 24 08:07:43 2026 GMT
        Subject: CN=CF4792CB6BFDB9AA95C64ABE171FB8B53044E118
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:53:a7:d5:34:cb:36:d7:8b:2f:d1:cd:4b:68:
                    45:48:7d:f5:04:5c:95:75:c8:00:0c:79:c5:ec:9b:
                    4a:97:fd:f1:e3:ec:89:31:96:6a:1c:60:1b:6d:b2:
                    cf:81:20:c1:c1:2f:ed:5e:ad:70:bc:91:c4:57:9c:
                    c9:5a:74:3b:b0:55:2e:45:e4:e6:ad:36:a3:b2:63:
                    48:6f:f0:2c:47:99:f2:0a:5f:00:fa:b4:3a:21:7e:
                    91:46:aa:1a:76:bc:e8:d3:56:c2:a6:87:0a:4e:68:
                    d7:ec:79:20:da:55:37:32:01:78:64:5e:00:bf:68:
                    c9:54:72:9c:71:76:d3:8b:30:de:06:c6:dc:4b:63:
                    15:61:91:b3:f5:52:03:30:b4:65:09:6e:57:38:bd:
                    3e:f5:41:22:56:b4:90:e2:f3:fc:1d:66:7b:16:2a:
                    dc:b7:f1:70:ec:bb:47:fa:95:89:ca:44:ce:f4:d3:
                    1a:e7:ae:25:0f:8f:c5:5b:cb:f2:9c:b4:c2:d7:9b:
                    81:6d:28:28:bb:f7:89:0d:ac:e1:88:08:d7:b3:d2:
                    c0:93:b8:a8:99:47:3a:37:e2:cf:c6:41:aa:a5:22:
                    0d:a4:b9:63:5b:6d:c8:38:5c:00:90:49:2e:36:9c:
                    bc:14:2d:e2:61:a3:21:8f:7d:e1:ec:13:4c:fe:ca:
                    ac:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:47:92:CB:6B:FD:B9:AA:95:C6:4A:BE:17:1F:B8:B5:30:44:E1:18
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207842.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:220::/44

    Signature Algorithm: sha256WithRSAEncryption
         55:5c:db:5e:ee:6c:af:6e:f1:66:0c:a4:23:9f:60:ad:38:37:
         4d:70:c7:17:28:43:f7:85:be:3f:9d:3f:24:7b:5c:ad:68:ef:
         cf:dc:b8:4d:10:e7:a2:a7:3c:78:a4:72:06:ad:9f:12:d4:83:
         68:98:83:95:1e:48:06:73:a8:79:0a:56:00:2a:37:73:7b:c7:
         f7:09:77:21:b1:bf:39:2f:d0:07:f7:9e:e4:8e:c3:57:21:aa:
         2c:09:c7:9b:ee:8b:ea:6f:00:45:95:01:43:ac:0b:e0:3a:e2:
         83:0f:f6:6b:58:45:29:e9:a2:5e:09:c5:31:5e:bd:fd:0a:47:
         64:f1:99:12:d5:a3:50:02:e2:dd:c2:0c:1a:31:ca:99:37:77:
         ad:b8:b4:44:bd:f2:11:0a:61:bb:fe:eb:e3:63:60:76:79:74:
         ac:ee:82:28:1d:43:ec:e0:c0:72:bd:36:18:c9:e0:8f:9d:50:
         7e:fa:e7:b8:9f:55:25:5f:a7:b3:9a:d2:db:38:88:1e:3b:4c:
         fb:ab:a3:3d:86:3a:8e:91:6d:3a:19:ef:c7:77:92:44:97:a7:
         c5:98:53:9c:fc:eb:be:cb:d2:7f:f5:96:4b:95:50:f4:53:1d:
         15:c3:5f:8a:bf:43:ba:4f:23:9f:72:16:96:b9:1c:50:25:03:
         73:d0:21:96
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUaCmJvIO/vjX9GW9GL3fDUKKfjn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDNaFw0yNjA3MjQwODA3NDNaMDMxMTAvBgNV
BAMTKENGNDc5MkNCNkJGREI5QUE5NUM2NEFCRTE3MUZCOEI1MzA0NEUxMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNU6fVNMs214sv0c1LaEVIffUE
XJV1yAAMecXsm0qX/fHj7IkxlmocYBttss+BIMHBL+1erXC8kcRXnMladDuwVS5F
5OatNqOyY0hv8CxHmfIKXwD6tDohfpFGqhp2vOjTVsKmhwpOaNfseSDaVTcyAXhk
XgC/aMlUcpxxdtOLMN4GxtxLYxVhkbP1UgMwtGUJblc4vT71QSJWtJDi8/wdZnsW
Kty38XDsu0f6lYnKRM700xrnriUPj8Vby/KctMLXm4FtKCi794kNrOGICNez0sCT
uKiZRzo34s/GQaqlIg2kuWNbbcg4XACQSS42nLwULeJhoyGPfeHsE0z+yqxlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUz0eSy2v9uaqVxkq+Fx+4tTBE4RgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3ODQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQIgMA0GCSqGSIb3DQEBCwUAA4IBAQBVXNte7myvbvFmDKQjn2CtODdNcMcXKEP3
hb4/nT8ke1ytaO/P3LhNEOeipzx4pHIGrZ8S1INomIOVHkgGc6h5ClYAKjdze8f3
CXchsb85L9AH957kjsNXIaosCceb7ovqbwBFlQFDrAvgOuKDD/ZrWEUp6aJeCcUx
Xr39Ckdk8ZkS1aNQAuLdwgwaMcqZN3etuLREvfIRCmG7/uvjY2B2eXSs7oIoHUPs
4MByvTYYyeCPnVB++ue4n1UlX6ezmtLbOIgeO0z7q6M9hjqOkW06Ge/Hd5JEl6fF
mFOc/Ou+y9J/9ZZLlVD0Ux0Vw1+Kv0O6TyOfchaWuRxQJQNz0CGW
-----END CERTIFICATE-----