Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa
File:                     AS207317.roa (raw, json)
Hash identifier:          1vijPQBXdC8O2cMfvsOSwg6qzL4R13V1J9U+ojLGE3c=
Subject key identifier:   74:4F:5C:44:D9:52:C3:DD:3D:25:43:57:E4:ED:B5:A9:1E:C8:1B:B3
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       3B261E5B9026B78C8118F1D174051BB3879C6FC7
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa
Signing time:             Sun 07 Jun 2026 07:00:11 +0000
ROA not before:           Sun 07 Jun 2026 06:55:11 +0000
ROA not after:            Sun 06 Jun 2027 07:00:11 +0000
asID:                     207317
IP address blocks:        2a14:7581:3400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:26:1e:5b:90:26:b7:8c:81:18:f1:d1:74:05:1b:b3:87:9c:6f:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  7 06:55:11 2026 GMT
            Not After : Jun  6 07:00:11 2027 GMT
        Subject: CN=744F5C44D952C3DD3D254357E4EDB5A91EC81BB3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:27:ce:76:1f:6b:90:c2:ba:0f:27:2c:8d:77:
                    65:02:7a:64:50:3b:6c:19:30:9d:d2:24:d0:a4:55:
                    4e:df:a4:80:09:b6:d9:28:e6:54:60:e4:82:d1:43:
                    20:8a:15:b6:ae:cd:a4:82:d3:91:76:55:c2:fe:8f:
                    ef:92:a1:c3:42:5c:a6:e5:f9:8e:38:62:21:ef:c1:
                    a0:fe:fa:60:af:68:f8:3e:25:fe:24:95:2f:04:7c:
                    35:20:af:dd:c0:f5:fe:27:d0:78:34:90:11:6d:f1:
                    ef:ae:f6:2c:f9:42:e5:39:8f:89:3b:8d:c1:6e:5f:
                    3b:6b:7e:b2:8b:49:bf:06:38:80:44:99:95:a8:c4:
                    71:f0:6a:d6:ee:fe:e3:cf:7a:bf:c4:81:24:9c:aa:
                    d4:1a:0b:83:0c:04:a7:17:7f:58:d1:9c:cc:d7:1b:
                    89:54:67:e7:9f:cc:23:a8:6b:bc:a7:78:16:38:56:
                    cf:12:5a:ad:e4:07:52:18:db:cb:c5:00:31:0f:c5:
                    52:c7:9e:85:81:3a:11:fc:ca:86:4a:62:7d:98:87:
                    8f:74:4d:1c:e7:38:52:24:5f:64:07:5a:7c:61:39:
                    63:7e:69:7f:29:e1:ad:1d:20:a5:6e:d1:dd:18:a5:
                    33:3c:6a:eb:1b:a3:4f:a8:76:d1:34:91:fa:f1:a4:
                    2c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:4F:5C:44:D9:52:C3:DD:3D:25:43:57:E4:ED:B5:A9:1E:C8:1B:B3
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207317.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3400::/40

    Signature Algorithm: sha256WithRSAEncryption
         6a:51:51:33:bd:85:9d:6e:60:b1:ee:30:c7:17:9e:f3:bb:c9:
         af:32:72:20:e5:b0:d6:7b:55:de:f9:5a:46:cb:d1:59:6b:48:
         20:3a:6b:a7:a1:38:76:da:3a:4c:f3:24:8a:64:a3:64:07:4c:
         e0:ab:b4:41:4c:8e:5c:d1:38:07:dc:54:87:4f:1e:fa:f5:14:
         22:32:21:fe:bd:78:e2:06:6b:db:74:6d:fe:61:60:17:c4:ea:
         36:69:ec:2b:18:11:c3:1d:71:3d:40:73:6d:67:7e:24:86:2b:
         fc:c9:a8:f5:f1:90:80:b5:2f:63:9e:13:40:ee:02:06:19:75:
         48:5d:d0:05:e6:09:59:04:b4:5a:07:d7:a2:a8:de:ca:2e:cc:
         b5:b4:b8:59:b4:7c:e8:49:80:ff:ce:aa:85:e5:1b:dd:04:e9:
         be:cc:4e:d7:0b:27:2e:d3:8d:de:09:5c:d3:98:59:d9:a4:43:
         2a:9c:e4:3c:67:1d:b3:77:b0:e6:b3:fc:55:80:d1:e0:9c:f5:
         f9:db:ef:51:60:30:e6:4e:7b:7c:c0:0f:8a:74:8e:3d:88:09:
         3a:cf:bc:4e:63:0d:8e:c2:ee:95:13:fe:0c:40:2d:32:52:f9:
         88:11:34:2b:43:b4:5f:17:16:e1:5a:ee:88:20:8d:4a:42:2b:
         39:99:dd:6b
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUOyYeW5Amt4yBGPHRdAUbs4ecb8cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MDcwNjU1MTFaFw0yNzA2MDYwNzAwMTFaMDMxMTAvBgNV
BAMTKDc0NEY1QzQ0RDk1MkMzREQzRDI1NDM1N0U0RURCNUE5MUVDODFCQjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNJ852H2uQwroPJyyNd2UCemRQ
O2wZMJ3SJNCkVU7fpIAJttko5lRg5ILRQyCKFbauzaSC05F2VcL+j++SocNCXKbl
+Y44YiHvwaD++mCvaPg+Jf4klS8EfDUgr93A9f4n0Hg0kBFt8e+u9iz5QuU5j4k7
jcFuXztrfrKLSb8GOIBEmZWoxHHwatbu/uPPer/EgSScqtQaC4MMBKcXf1jRnMzX
G4lUZ+efzCOoa7yneBY4Vs8SWq3kB1IY28vFADEPxVLHnoWBOhH8yoZKYn2Yh490
TRznOFIkX2QHWnxhOWN+aX8p4a0dIKVu0d0YpTM8ausbo0+odtE0kfrxpCwBAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUdE9cRNlSw909JUNX5O21qR7IG7MwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3MzE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTQwDQYJKoZIhvcNAQELBQADggEBAGpRUTO9hZ1uYLHuMMcXnvO7ya8yciDlsNZ7
Vd75WkbL0VlrSCA6a6ehOHbaOkzzJIpko2QHTOCrtEFMjlzROAfcVIdPHvr1FCIy
If69eOIGa9t0bf5hYBfE6jZp7CsYEcMdcT1Ac21nfiSGK/zJqPXxkIC1L2OeE0Du
AgYZdUhd0AXmCVkEtFoH16Ko3souzLW0uFm0fOhJgP/OqoXlG90E6b7MTtcLJy7T
jd4JXNOYWdmkQyqc5DxnHbN3sOaz/FWA0eCc9fnb71FgMOZOe3zAD4p0jj2ICTrP
vE5jDY7C7pUT/gxALTJS+YgRNCtDtF8XFuFa7oggjUpCKzmZ3Ws=
-----END CERTIFICATE-----