Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa
File:                     AS207432.roa (raw, json)
Hash identifier:          JgOnQt4JxIBNdOx98PZEaHFsUa1K1Byaop2tWSJ9Ths=
Subject key identifier:   E8:7A:EB:61:F6:FA:3F:9F:EB:F7:83:B1:71:34:7F:B8:05:40:7D:75
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       2C668AE3FA989F26872725894E59BECBBFA62C42
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa
Signing time:             Wed 04 Jun 2025 12:17:30 +0000
ROA not before:           Wed 04 Jun 2025 12:12:30 +0000
ROA not after:            Wed 03 Jun 2026 12:17:30 +0000
asID:                     207432
IP address blocks:        2a14:7580:fff3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:66:8a:e3:fa:98:9f:26:87:27:25:89:4e:59:be:cb:bf:a6:2c:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  4 12:12:30 2025 GMT
            Not After : Jun  3 12:17:30 2026 GMT
        Subject: CN=E87AEB61F6FA3F9FEBF783B171347FB805407D75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:27:2f:8e:72:68:20:79:50:8f:57:be:8d:42:
                    7d:c1:d9:64:c9:95:43:aa:0b:84:dd:a6:a4:bf:da:
                    d7:27:06:49:84:36:b1:56:f0:e6:8c:a5:98:d2:2e:
                    9a:5b:0c:25:d9:06:b5:20:f0:2a:5a:1e:82:12:40:
                    92:4d:cc:04:72:eb:ed:21:d8:39:3f:94:db:5d:90:
                    8e:28:17:6a:58:8c:0e:27:35:c4:dd:e5:15:5f:7a:
                    17:b4:92:be:48:57:56:3c:2c:69:6d:af:ab:13:52:
                    e7:ea:01:b8:2e:7d:90:98:43:75:1c:c3:58:30:5e:
                    d3:90:5c:ee:0d:aa:11:a3:40:83:7c:17:b0:c6:20:
                    2f:b5:c2:a3:61:dc:1b:0c:fc:40:4d:86:fe:34:c1:
                    99:62:f1:29:58:59:2a:59:1e:60:29:d7:51:de:a8:
                    fd:fd:9f:4b:b3:d3:ae:8f:41:6c:a2:72:2a:29:6b:
                    19:2f:32:fb:e2:5d:ba:3f:c8:ab:00:eb:37:f1:21:
                    9b:e0:6a:99:e7:99:96:56:ab:fd:16:7f:0f:a2:f3:
                    44:5a:01:62:c5:5a:57:ae:07:8e:88:be:3f:07:31:
                    80:25:22:7c:ec:7c:06:9a:c8:1f:6b:fe:5d:87:b7:
                    39:e1:58:11:a6:cf:6b:9b:47:2d:fa:d1:7c:21:fd:
                    d0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:7A:EB:61:F6:FA:3F:9F:EB:F7:83:B1:71:34:7F:B8:05:40:7D:75
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:fff3::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:81:f9:af:65:95:f5:f2:eb:11:b6:93:d9:02:66:c6:47:33:
         dc:57:c2:47:6b:b0:f6:23:8f:f7:1a:95:3f:d4:57:b7:c2:94:
         61:e9:f0:02:35:64:42:3c:71:fc:be:ed:6a:e3:18:77:8e:ac:
         f5:1a:ee:fa:ff:8b:45:83:e6:05:3e:45:56:2f:8e:2a:b4:9f:
         3f:37:5d:d7:e4:95:e1:45:e6:e5:95:e2:33:c3:62:f5:c0:8d:
         5b:ad:77:3f:3c:c2:f6:cc:ec:f5:a7:49:fb:dd:3a:08:88:f5:
         fe:96:21:96:47:57:51:a3:49:0d:f7:97:25:5a:30:dd:22:3b:
         17:cb:6e:cd:c8:6a:7c:bf:34:28:1e:a2:ef:5c:f8:c2:a9:bc:
         d4:03:ff:68:58:7b:f4:15:78:40:47:1e:43:58:dc:6d:32:c8:
         10:11:99:74:38:ad:ba:3a:40:76:21:9b:42:17:2d:ce:c1:1d:
         59:54:eb:92:e8:c2:3d:9b:6b:5b:e8:db:17:6b:bb:c0:12:f9:
         f6:1c:53:ac:3e:2c:f4:83:25:e1:08:e8:4a:6f:56:c1:f8:14:
         db:d4:2b:2c:43:d8:b4:61:7d:62:2b:f1:3a:42:5c:6c:4e:3b:
         7d:55:dd:6a:2c:aa:85:db:cd:38:e9:9d:4f:28:d5:5a:e0:6b:
         37:9c:24:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULGaK4/qYnyaHJyWJTlm+y7+mLEIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MDQxMjEyMzBaFw0yNjA2MDMxMjE3MzBaMDMxMTAvBgNV
BAMTKEU4N0FFQjYxRjZGQTNGOUZFQkY3ODNCMTcxMzQ3RkI4MDU0MDdENzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNJy+OcmggeVCPV76NQn3B2WTJ
lUOqC4TdpqS/2tcnBkmENrFW8OaMpZjSLppbDCXZBrUg8CpaHoISQJJNzARy6+0h
2Dk/lNtdkI4oF2pYjA4nNcTd5RVfehe0kr5IV1Y8LGltr6sTUufqAbgufZCYQ3Uc
w1gwXtOQXO4NqhGjQIN8F7DGIC+1wqNh3BsM/EBNhv40wZli8SlYWSpZHmAp11He
qP39n0uz066PQWyiciopaxkvMvviXbo/yKsA6zfxIZvgapnnmZZWq/0Wfw+i80Ra
AWLFWleuB46Ivj8HMYAlInzsfAaayB9r/l2HtznhWBGmz2ubRy360Xwh/dChAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU6HrrYfb6P5/r94OxcTR/uAVAfXUwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
gP/zMA0GCSqGSIb3DQEBCwUAA4IBAQCCgfmvZZX18usRtpPZAmbGRzPcV8JHa7D2
I4/3GpU/1Fe3wpRh6fACNWRCPHH8vu1q4xh3jqz1Gu76/4tFg+YFPkVWL44qtJ8/
N13X5JXhReblleIzw2L1wI1brXc/PML2zOz1p0n73ToIiPX+liGWR1dRo0kN95cl
WjDdIjsXy27NyGp8vzQoHqLvXPjCqbzUA/9oWHv0FXhARx5DWNxtMsgQEZl0OK26
OkB2IZtCFy3OwR1ZVOuS6MI9m2tb6NsXa7vAEvn2HFOsPiz0gyXhCOhKb1bB+BTb
1CssQ9i0YX1iK/E6QlxsTjt9Vd1qLKqF28046Z1PKNVa4Gs3nCSG
-----END CERTIFICATE-----