Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210724.roa
File:                     AS210724.roa (raw, json)
Hash identifier:          fcKDWnIUoc5xMBwqTleI1sLP1ytifnQ5tBX9N/9RgB8=
Subject key identifier:   D7:55:01:78:2C:2F:DD:DE:95:C8:6B:ED:94:95:9A:5A:2D:B7:9A:BF
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       67CE07D3291ED4BD2A857C8EA1180ACEB2180DAB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210724.roa
Signing time:             Thu 07 Aug 2025 10:15:57 +0000
ROA not before:           Thu 07 Aug 2025 10:10:57 +0000
ROA not after:            Thu 06 Aug 2026 10:15:57 +0000
asID:                     210724
IP address blocks:        2a0f:85c1:c13::/48 maxlen: 48
                          2a0f:85c1:c70::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 08 Aug 2025 08:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:ce:07:d3:29:1e:d4:bd:2a:85:7c:8e:a1:18:0a:ce:b2:18:0d:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug  7 10:10:57 2025 GMT
            Not After : Aug  6 10:15:57 2026 GMT
        Subject: CN=D75501782C2FDDDE95C86BED94959A5A2DB79ABF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:fd:ac:ac:1f:72:e1:03:76:d7:6e:f2:5d:61:
                    d3:ab:51:44:b7:4b:1d:b6:cb:ec:fd:d2:f6:5d:15:
                    12:bf:87:fb:2b:0d:a3:23:67:85:79:93:b5:85:0c:
                    08:10:ff:d9:a1:a0:53:c2:e0:a8:2a:28:ba:86:71:
                    44:ab:36:9b:d9:dd:68:74:0e:6a:ff:11:8e:7b:f2:
                    6b:2c:5c:37:30:8e:57:79:5f:ad:06:4a:82:b9:57:
                    c3:af:da:98:e5:3c:97:98:43:ec:24:d9:a2:5e:8b:
                    5d:7a:90:f3:04:6d:77:2b:cb:d7:3c:b2:cb:ca:37:
                    d1:d7:d0:9e:94:bb:01:37:d8:c1:ef:8b:f6:ca:76:
                    5a:21:07:61:b7:a7:35:c7:39:0a:8e:83:01:20:1a:
                    f8:7b:6b:13:89:57:fb:49:b7:57:f2:8b:d2:b5:09:
                    02:f0:0d:a2:ae:ed:15:79:6c:b5:a3:dc:fb:07:25:
                    42:08:2d:db:0c:cc:40:d6:39:13:11:3b:ed:07:47:
                    f8:14:41:14:f4:6d:dc:03:0c:0c:6c:80:b0:16:15:
                    8b:a1:08:5f:4c:55:c8:b9:2d:3a:ce:ea:d3:dd:cc:
                    af:36:56:63:dc:93:c1:25:52:43:e0:24:1c:10:ab:
                    64:5f:67:05:86:3c:17:51:f5:c2:40:86:c4:83:31:
                    96:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:55:01:78:2C:2F:DD:DE:95:C8:6B:ED:94:95:9A:5A:2D:B7:9A:BF
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS210724.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c13::/48
                  2a0f:85c1:c70::/44

    Signature Algorithm: sha256WithRSAEncryption
         d8:12:3d:24:b0:02:d7:a5:14:9b:f7:6d:9e:84:9e:29:02:c0:
         41:1e:5b:ba:b5:77:c2:a3:65:44:46:09:e3:7c:78:4e:37:68:
         d1:00:fe:38:33:0f:eb:38:e7:99:09:dc:61:fd:99:01:cf:54:
         6b:1e:90:87:5d:1a:f7:0f:93:82:35:91:ec:cc:f1:e2:7e:5e:
         8a:8c:43:95:4d:ee:5e:e6:b3:13:f7:e9:ae:20:a7:61:8f:e4:
         26:25:84:0b:ed:fa:c5:da:9e:5d:aa:7f:a0:c9:42:28:6c:3b:
         f5:b9:5f:74:19:b4:9b:e7:e4:7a:a1:74:cb:92:b1:bc:13:d5:
         71:27:83:d7:25:dd:c0:58:8f:ba:ff:7d:e5:77:1d:6e:23:d0:
         c7:b1:2d:b6:53:3f:64:1d:0d:26:db:79:6a:3c:c6:4b:30:89:
         19:b3:70:d8:ec:12:f2:02:27:f4:8f:05:65:4c:38:e3:c7:ff:
         25:53:94:ac:20:4f:c7:2f:5c:24:34:cf:d3:0c:72:ce:c7:fd:
         2b:7b:6f:d8:9f:33:e2:06:9d:b2:99:06:4f:70:4d:1f:36:c2:
         ef:a6:df:95:54:a2:8d:7c:4a:d2:0f:ae:f2:bd:52:d5:40:49:
         a3:ef:b6:54:88:79:95:47:86:04:93:83:4e:fa:30:0e:9f:7b:
         68:3a:87:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUZ84H0yke1L0qhXyOoRgKzrIYDaswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA4MDcxMDEwNTdaFw0yNjA4MDYxMDE1NTdaMDMxMTAvBgNV
BAMTKEQ3NTUwMTc4MkMyRkREREU5NUM4NkJFRDk0OTU5QTVBMkRCNzlBQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDn/aysH3LhA3bXbvJdYdOrUUS3
Sx22y+z90vZdFRK/h/srDaMjZ4V5k7WFDAgQ/9mhoFPC4KgqKLqGcUSrNpvZ3Wh0
Dmr/EY578mssXDcwjld5X60GSoK5V8Ov2pjlPJeYQ+wk2aJei116kPMEbXcry9c8
ssvKN9HX0J6UuwE32MHvi/bKdlohB2G3pzXHOQqOgwEgGvh7axOJV/tJt1fyi9K1
CQLwDaKu7RV5bLWj3PsHJUIILdsMzEDWORMRO+0HR/gUQRT0bdwDDAxsgLAWFYuh
CF9MVci5LTrO6tPdzK82VmPck8ElUkPgJBwQq2RfZwWGPBdR9cJAhsSDMZaTAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU11UBeCwv3d6VyGvtlJWaWi23mr8wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjEwNzI0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+F
wQwTAwcEKg+FwQxwMA0GCSqGSIb3DQEBCwUAA4IBAQDYEj0ksALXpRSb922ehJ4p
AsBBHlu6tXfCo2VERgnjfHhON2jRAP44Mw/rOOeZCdxh/ZkBz1RrHpCHXRr3D5OC
NZHszPHifl6KjEOVTe5e5rMT9+muIKdhj+QmJYQL7frF2p5dqn+gyUIobDv1uV90
GbSb5+R6oXTLkrG8E9VxJ4PXJd3AWI+6/33ldx1uI9DHsS22Uz9kHQ0m23lqPMZL
MIkZs3DY7BLyAif0jwVlTDjjx/8lU5SsIE/HL1wkNM/TDHLOx/0re2/YnzPiBp2y
mQZPcE0fNsLvpt+VVKKNfErSD67yvVLVQEmj77ZUiHmVR4YEk4NO+jAOn3toOofW
-----END CERTIFICATE-----