Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208751.roa
File:                     AS208751.roa (raw, json)
Hash identifier:          qRunUIVf/hocCBD+StzXC3Kj83fpmy1pIAKSBsdo7Vw=
Subject key identifier:   58:C0:A0:2D:E7:AA:1C:5A:1B:A9:72:B9:A6:6F:0E:0F:35:97:E4:E7
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       48318D18ECF9AC81416C5645D74517A29E9B0CC6
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208751.roa
Signing time:             Fri 25 Jul 2025 08:07:45 +0000
ROA not before:           Fri 25 Jul 2025 08:02:45 +0000
ROA not after:            Fri 24 Jul 2026 08:07:45 +0000
asID:                     208751
IP address blocks:        2a0f:85c0:910::/44 maxlen: 44
                          2a0f:85c1:10::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:31:8d:18:ec:f9:ac:81:41:6c:56:45:d7:45:17:a2:9e:9b:0c:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:45 2025 GMT
            Not After : Jul 24 08:07:45 2026 GMT
        Subject: CN=58C0A02DE7AA1C5A1BA972B9A66F0E0F3597E4E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:82:9b:4f:1a:c0:67:1f:b3:3b:d9:fa:93:95:
                    08:13:ba:44:01:d9:02:61:22:8c:2f:99:45:5e:74:
                    53:bf:74:d2:8b:2f:87:e4:3e:73:d9:5d:03:7d:6f:
                    18:bf:f7:fe:ec:77:bb:19:12:5d:e8:00:fe:a2:94:
                    0d:e8:e8:91:16:7c:43:af:11:2e:10:22:e0:05:9f:
                    c9:9f:53:bd:e6:07:64:ca:47:56:74:73:88:9b:f8:
                    00:09:56:a6:28:bc:40:3c:d8:a6:fc:a4:58:e4:e8:
                    18:0b:67:d7:82:20:4a:55:a6:70:91:4a:c3:6e:23:
                    7f:a0:20:e7:59:fc:b0:38:57:b5:93:43:0c:81:da:
                    c8:2b:dd:08:b2:27:83:56:57:af:c1:99:58:73:2f:
                    7e:0d:7c:32:d1:19:b1:fa:5e:ab:2c:cb:40:42:fe:
                    d8:e4:3f:a6:0e:b8:af:14:a6:fc:44:74:98:ab:28:
                    4b:a0:45:cc:7b:fc:32:58:5d:e8:ee:0b:22:ce:1b:
                    63:69:45:b8:b1:17:d3:54:8b:86:50:9f:c9:6a:74:
                    89:aa:ed:88:26:f3:6d:04:73:d5:dc:49:f7:dd:1d:
                    70:0c:e1:c6:fd:1a:63:f6:ce:44:cc:f7:60:3d:60:
                    3f:ba:47:f9:d8:f5:40:1c:a9:ff:ea:5c:10:7f:af:
                    2a:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:C0:A0:2D:E7:AA:1C:5A:1B:A9:72:B9:A6:6F:0E:0F:35:97:E4:E7
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS208751.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c0:910::/44
                  2a0f:85c1:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         af:9d:7a:f8:71:9f:c3:b1:25:23:e5:52:d6:81:9e:10:af:6e:
         99:0b:f9:8b:bd:25:82:48:77:99:be:8e:d3:ef:9f:ca:3e:88:
         d6:ba:01:66:16:07:06:37:0b:69:f0:a9:d5:8e:a6:c7:03:96:
         92:c7:d4:04:11:ae:1e:82:6d:8e:9d:9a:07:e6:fe:d5:a2:9e:
         54:9e:05:d9:18:ad:d3:55:c6:f7:a3:b1:c7:45:42:45:30:51:
         f5:2c:39:5d:26:8c:0d:22:0f:74:74:c0:f8:e7:99:8b:59:3e:
         e5:65:33:50:1f:7a:2f:71:3b:35:25:06:19:8f:ef:af:3a:9c:
         81:27:60:84:21:cf:97:c2:08:99:b0:9a:7f:e1:65:fe:c7:9f:
         f3:c6:e1:65:3d:1e:76:56:62:3a:54:8f:f8:6a:eb:49:64:53:
         4f:b6:66:d0:c7:40:b4:7e:bb:21:8e:76:5d:fd:44:0f:ce:81:
         44:05:c7:99:fc:37:92:81:eb:97:4e:e9:b6:20:dc:79:ed:3b:
         aa:82:c4:03:f1:14:35:30:37:bf:5d:4b:9d:9b:d9:f0:e0:81:
         db:52:02:d8:38:b9:ec:7b:d1:22:03:6b:19:30:b0:84:96:1c:
         d6:08:1e:84:11:1f:4f:d9:e5:1e:b9:e9:39:11:99:d8:23:e9:
         7f:10:1a:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUSDGNGOz5rIFBbFZF10UXop6bDMYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyNDVaFw0yNjA3MjQwODA3NDVaMDMxMTAvBgNV
BAMTKDU4QzBBMDJERTdBQTFDNUExQkE5NzJCOUE2NkYwRTBGMzU5N0U0RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtgptPGsBnH7M72fqTlQgTukQB
2QJhIowvmUVedFO/dNKLL4fkPnPZXQN9bxi/9/7sd7sZEl3oAP6ilA3o6JEWfEOv
ES4QIuAFn8mfU73mB2TKR1Z0c4ib+AAJVqYovEA82Kb8pFjk6BgLZ9eCIEpVpnCR
SsNuI3+gIOdZ/LA4V7WTQwyB2sgr3QiyJ4NWV6/BmVhzL34NfDLRGbH6Xqssy0BC
/tjkP6YOuK8UpvxEdJirKEugRcx7/DJYXejuCyLOG2NpRbixF9NUi4ZQn8lqdImq
7Ygm820Ec9XcSffdHXAM4cb9GmP2zkTM92A9YD+6R/nY9UAcqf/qXBB/ryo9AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUWMCgLeeqHFobqXK5pm8ODzWX5OcwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA4NzUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg+F
wAkQAwcEKg+FwQAQMA0GCSqGSIb3DQEBCwUAA4IBAQCvnXr4cZ/DsSUj5VLWgZ4Q
r26ZC/mLvSWCSHeZvo7T75/KPojWugFmFgcGNwtp8KnVjqbHA5aSx9QEEa4egm2O
nZoH5v7Vop5UngXZGK3TVcb3o7HHRUJFMFH1LDldJowNIg90dMD455mLWT7lZTNQ
H3ovcTs1JQYZj++vOpyBJ2CEIc+XwgiZsJp/4WX+x5/zxuFlPR52VmI6VI/4autJ
ZFNPtmbQx0C0frshjnZd/UQPzoFEBceZ/DeSgeuXTum2INx57TuqgsQD8RQ1MDe/
XUudm9nw4IHbUgLYOLnse9EiA2sZMLCElhzWCB6EER9P2eUeuek5EZnYI+l/EBr4
-----END CERTIFICATE-----