Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205245.roa
File:                     AS205245.roa (raw, json)
Hash identifier:          mJeNXL0pUtTW4UBiPL+RDO6fmUXEryj7zKGF7TrJ0Es=
Subject key identifier:   3D:C8:60:66:94:B6:CD:01:E5:CE:13:61:5B:74:43:02:6C:3D:E3:30
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4ADE382CE643709D084631FFD568D3F034A06E0D
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205245.roa
Signing time:             Tue 06 Jan 2026 01:00:48 +0000
ROA not before:           Tue 06 Jan 2026 00:55:48 +0000
ROA not after:            Tue 05 Jan 2027 01:00:48 +0000
asID:                     205245
IP address blocks:        2a14:7580:f200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:de:38:2c:e6:43:70:9d:08:46:31:ff:d5:68:d3:f0:34:a0:6e:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jan  6 00:55:48 2026 GMT
            Not After : Jan  5 01:00:48 2027 GMT
        Subject: CN=3DC8606694B6CD01E5CE13615B7443026C3DE330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:cd:c0:89:f3:a8:09:64:78:3e:6c:87:f2:71:
                    bf:35:03:9f:07:84:c5:fc:87:42:50:6f:0f:46:7a:
                    ed:0a:bf:fb:c5:e0:8a:a6:c4:05:19:c5:91:4c:ea:
                    d4:8b:1b:91:68:9d:ed:0d:18:e0:13:ba:be:16:c8:
                    0d:03:b0:b2:cb:5d:ca:96:87:61:d1:b0:c3:1a:86:
                    1e:26:59:d1:2c:ac:0a:9a:50:42:bc:2a:2f:df:bd:
                    5a:35:ae:27:cd:38:4f:92:ab:b6:71:0f:64:82:3f:
                    c6:82:66:48:7e:47:aa:36:6a:82:cb:ea:e8:b5:24:
                    65:51:12:b7:c5:49:c3:e4:f3:61:eb:3e:65:62:c0:
                    a3:94:33:58:d8:9e:34:fa:c3:16:67:f7:ec:9b:83:
                    03:b3:d1:6c:64:ba:67:c3:59:7b:85:ef:59:84:40:
                    eb:ba:cb:64:7d:99:22:b3:f2:81:0f:0f:52:d1:02:
                    0c:d6:be:0a:93:31:1f:bd:56:af:84:7d:4e:07:4f:
                    bd:89:b8:b9:ad:99:a5:58:c1:25:7e:79:25:11:1b:
                    6c:f3:fa:5c:25:29:3a:5b:16:78:41:33:3f:2a:23:
                    e4:d0:88:69:49:75:4e:54:11:f8:91:ee:b7:05:5e:
                    20:35:75:5c:1c:9a:57:8a:78:ad:5d:34:bf:d5:6f:
                    29:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:C8:60:66:94:B6:CD:01:E5:CE:13:61:5B:74:43:02:6C:3D:E3:30
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS205245.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:f200::/40

    Signature Algorithm: sha256WithRSAEncryption
         64:d3:16:a6:6f:b9:2d:1e:90:fa:6e:e0:b4:e0:37:ae:95:24:
         5f:6a:3c:4a:36:da:c5:9d:63:57:76:a6:42:95:58:4a:27:2a:
         ff:88:b8:88:19:67:24:a6:a1:24:62:e3:8e:ae:f6:2d:58:88:
         98:d3:44:dc:6c:06:bb:32:e0:ed:81:31:55:0a:77:36:28:fb:
         39:a3:2d:ca:75:25:87:21:b1:dc:cd:32:59:ee:ab:9f:3c:d7:
         6d:93:af:18:be:f5:ec:32:49:06:6e:f0:2f:99:4b:ce:e9:ca:
         98:c4:79:ef:57:de:34:1c:6f:40:db:17:55:82:b2:28:40:3b:
         2e:56:d8:4b:9a:3c:f7:b9:60:b6:6c:b8:cf:5e:64:e8:1b:f4:
         54:d0:fd:f7:1b:19:1b:1a:56:92:e1:6e:dc:34:9e:3d:fa:5a:
         3d:0b:ef:03:ce:95:7c:91:b7:3d:06:44:72:7b:c1:ce:cb:b8:
         25:17:17:81:46:01:2e:bc:6f:10:4c:48:0d:95:97:1b:83:87:
         27:d8:5c:ff:33:8e:3a:35:84:04:48:10:15:e3:71:19:a0:96:
         4d:f3:fc:b3:47:b0:ce:03:25:f7:f7:54:0f:fb:07:20:71:9a:
         23:e1:c4:5c:df:7f:3e:e9:de:e4:9b:41:20:45:d8:ee:39:ca:
         54:34:c9:46
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUSt44LOZDcJ0IRjH/1WjT8DSgbg0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAxMDYwMDU1NDhaFw0yNzAxMDUwMTAwNDhaMDMxMTAvBgNV
BAMTKDNEQzg2MDY2OTRCNkNEMDFFNUNFMTM2MTVCNzQ0MzAyNkMzREUzMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuzcCJ86gJZHg+bIfycb81A58H
hMX8h0JQbw9Geu0Kv/vF4IqmxAUZxZFM6tSLG5Fone0NGOATur4WyA0DsLLLXcqW
h2HRsMMahh4mWdEsrAqaUEK8Ki/fvVo1rifNOE+Sq7ZxD2SCP8aCZkh+R6o2aoLL
6ui1JGVRErfFScPk82HrPmViwKOUM1jYnjT6wxZn9+ybgwOz0WxkumfDWXuF71mE
QOu6y2R9mSKz8oEPD1LRAgzWvgqTMR+9Vq+EfU4HT72JuLmtmaVYwSV+eSURG2zz
+lwlKTpbFnhBMz8qI+TQiGlJdU5UEfiR7rcFXiA1dVwcmleKeK1dNL/VbylrAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUPchgZpS2zQHlzhNhW3RDAmw94zAwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA1MjQ1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gPIwDQYJKoZIhvcNAQELBQADggEBAGTTFqZvuS0ekPpu4LTgN66VJF9qPEo22sWd
Y1d2pkKVWEonKv+IuIgZZySmoSRi446u9i1YiJjTRNxsBrsy4O2BMVUKdzYo+zmj
Lcp1JYchsdzNMlnuq588122Trxi+9ewySQZu8C+ZS87pypjEee9X3jQcb0DbF1WC
sihAOy5W2EuaPPe5YLZsuM9eZOgb9FTQ/fcbGRsaVpLhbtw0nj36Wj0L7wPOlXyR
tz0GRHJ7wc7LuCUXF4FGAS68bxBMSA2VlxuDhyfYXP8zjjo1hARIEBXjcRmglk3z
/LNHsM4DJff3VA/7ByBxmiPhxFzffz7p3uSbQSBF2O45ylQ0yUY=
-----END CERTIFICATE-----