Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206115.roa
File:                     AS206115.roa (raw, json)
Hash identifier:          g8S3sRy8PhYVQavrw1OMHaodUjUVxvK3zo/lFzCCMhc=
Subject key identifier:   E2:A5:59:74:C0:21:F9:80:2F:B4:EE:94:50:73:A5:C7:47:88:7F:55
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       621D6F9371AE074A7D722393C6B5B816AFC8813E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206115.roa
Signing time:             Sat 26 Jul 2025 16:27:36 +0000
ROA not before:           Sat 26 Jul 2025 16:22:36 +0000
ROA not after:            Sat 25 Jul 2026 16:27:36 +0000
asID:                     206115
IP address blocks:        2a14:7581:3a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:52:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:1d:6f:93:71:ae:07:4a:7d:72:23:93:c6:b5:b8:16:af:c8:81:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jul 26 16:22:36 2025 GMT
            Not After : Jul 25 16:27:36 2026 GMT
        Subject: CN=E2A55974C021F9802FB4EE945073A5C747887F55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6d:e3:72:d9:de:75:0a:c9:d6:d0:e8:20:e2:
                    13:09:64:07:8f:d0:ff:15:4b:57:7e:49:41:76:c7:
                    15:b4:c9:ec:88:3b:44:e4:c2:aa:e8:7a:61:9b:24:
                    66:12:c8:ca:87:2e:b9:85:0a:d0:aa:88:79:37:ea:
                    83:ac:8d:e2:47:2e:ac:83:bf:1e:96:32:fc:3b:1d:
                    1a:3b:32:fa:6f:c3:50:24:7d:27:8d:79:bf:01:e6:
                    1f:61:0e:75:05:cb:c1:f8:85:99:2f:87:2b:36:1c:
                    ff:a5:fb:28:23:77:5d:91:e3:9f:eb:b6:3f:f8:bb:
                    e7:76:76:ef:52:fe:5e:28:30:0e:3f:40:52:55:af:
                    8d:fa:b9:a3:eb:59:db:b5:fb:c0:8f:7f:ea:82:ea:
                    2a:2d:18:55:c2:bb:67:1d:ee:b2:83:88:6d:fb:b2:
                    84:42:f5:7a:81:58:f2:34:7e:4a:8e:8a:53:7d:aa:
                    ab:b7:6b:21:d3:63:22:51:78:19:06:95:35:33:05:
                    b7:e8:41:41:f5:42:72:80:8b:60:9f:7d:c5:5b:3c:
                    fa:f5:cc:77:78:3a:fe:0e:70:7f:b9:eb:c8:63:0e:
                    62:9d:54:f4:8d:46:d8:95:43:2b:a4:51:6e:fb:b1:
                    4d:15:dc:ab:80:b0:fa:8e:92:95:21:94:1c:1e:86:
                    96:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:A5:59:74:C0:21:F9:80:2F:B4:EE:94:50:73:A5:C7:47:88:7F:55
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS206115.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         4a:42:03:e2:4a:e5:fe:51:ea:6c:ed:fa:8b:ce:cd:83:9e:2e:
         a2:d4:6d:dd:df:71:6b:66:01:fd:33:b9:cb:61:b5:b0:77:2c:
         4e:16:fa:84:02:b5:80:0a:69:a4:da:8d:5e:eb:2c:27:91:a6:
         a8:83:30:f3:f9:b4:62:41:2e:23:e5:10:85:8b:97:51:e1:83:
         4a:b2:38:fb:78:37:c5:b1:cc:b0:ff:9c:9c:d4:4e:be:82:62:
         5b:47:da:d7:d3:90:d5:7b:a5:74:c6:00:85:46:6a:ce:7e:09:
         fa:cb:11:b0:ba:99:34:46:c3:a6:c3:d9:ee:ac:8c:a4:86:cf:
         ef:14:74:b5:2f:71:34:4b:45:22:25:ff:e2:f1:d4:a2:a7:7c:
         55:2b:1f:21:16:f8:f8:f4:74:db:45:eb:14:82:da:1e:54:ad:
         a9:bf:16:c7:cf:fa:93:4e:fd:e8:11:7a:3b:e0:55:85:2d:3c:
         15:93:a2:f9:13:85:57:b6:dc:f5:81:96:6a:31:8e:63:2e:88:
         17:a0:22:66:df:af:04:5c:66:fe:b3:8d:3a:8c:25:21:98:37:
         e3:f3:a2:c4:53:33:1c:b1:94:e6:97:33:de:32:f4:b1:1e:52:
         c4:20:e2:8c:a9:7e:27:3d:23:b9:be:f3:c0:91:51:47:3f:52:
         11:60:8c:26
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUYh1vk3GuB0p9ciOTxrW4Fq/IgT4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA3MjYxNjIyMzZaFw0yNjA3MjUxNjI3MzZaMDMxMTAvBgNV
BAMTKEUyQTU1OTc0QzAyMUY5ODAyRkI0RUU5NDUwNzNBNUM3NDc4ODdGNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2beNy2d51CsnW0Ogg4hMJZAeP
0P8VS1d+SUF2xxW0yeyIO0TkwqroemGbJGYSyMqHLrmFCtCqiHk36oOsjeJHLqyD
vx6WMvw7HRo7Mvpvw1AkfSeNeb8B5h9hDnUFy8H4hZkvhys2HP+l+ygjd12R45/r
tj/4u+d2du9S/l4oMA4/QFJVr436uaPrWdu1+8CPf+qC6iotGFXCu2cd7rKDiG37
soRC9XqBWPI0fkqOilN9qqu3ayHTYyJReBkGlTUzBbfoQUH1QnKAi2CffcVbPPr1
zHd4Ov4OcH+568hjDmKdVPSNRtiVQyukUW77sU0V3KuAsPqOkpUhlBwehpbLAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU4qVZdMAh+YAvtO6UUHOlx0eIf1UwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA2MTE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTowDQYJKoZIhvcNAQELBQADggEBAEpCA+JK5f5R6mzt+ovOzYOeLqLUbd3fcWtm
Af0zucthtbB3LE4W+oQCtYAKaaTajV7rLCeRpqiDMPP5tGJBLiPlEIWLl1Hhg0qy
OPt4N8WxzLD/nJzUTr6CYltH2tfTkNV7pXTGAIVGas5+CfrLEbC6mTRGw6bD2e6s
jKSGz+8UdLUvcTRLRSIl/+Lx1KKnfFUrHyEW+Pj0dNtF6xSC2h5Uram/FsfP+pNO
/egRejvgVYUtPBWTovkThVe23PWBlmoxjmMuiBegImbfrwRcZv6zjTqMJSGYN+Pz
osRTMxyxlOaXM94y9LEeUsQg4oypfic9I7m+88CRUUc/UhFgjCY=
-----END CERTIFICATE-----