Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa
File:                     AS207432.roa (raw, json)
Hash identifier:          VoCUqlJZKMti5JHyoZH5iKnA3vHPjaT1ts89Qo122Ks=
Subject key identifier:   71:27:1B:58:29:9C:0C:4F:19:1B:4D:5F:FF:04:BE:BB:21:30:86:BA
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       160752EFD3B8E8103CDF88A8D2C74764A56C6BA3
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa
Signing time:             Thu 04 Jun 2026 07:00:10 +0000
ROA not before:           Thu 04 Jun 2026 06:55:10 +0000
ROA not after:            Thu 03 Jun 2027 07:00:10 +0000
asID:                     207432
IP address blocks:        2a14:7581:3300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:07:52:ef:d3:b8:e8:10:3c:df:88:a8:d2:c7:47:64:a5:6c:6b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  4 06:55:10 2026 GMT
            Not After : Jun  3 07:00:10 2027 GMT
        Subject: CN=71271B58299C0C4F191B4D5FFF04BEBB213086BA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0e:c7:22:43:65:62:6e:9a:68:9f:25:af:7d:
                    7d:b3:7d:03:e5:84:f0:51:81:2f:9e:53:36:8d:02:
                    85:03:05:c3:9c:d9:4a:8b:f5:09:f8:3e:38:cb:43:
                    03:c7:43:20:b8:9a:dc:32:b2:8f:66:c8:94:db:59:
                    4d:e6:42:d1:b6:65:d4:d6:f9:a3:46:dc:ca:2f:92:
                    41:70:1b:e2:13:52:2e:65:87:80:5c:1d:f9:ce:09:
                    17:a9:df:6d:08:86:b5:34:b5:e6:8b:fe:33:0d:8c:
                    6e:56:e1:38:da:38:d9:55:3d:10:dc:d5:9f:0a:d7:
                    b4:1b:08:ed:7c:d9:41:9b:b4:32:a7:7f:80:9c:fa:
                    62:31:f4:24:7f:64:b1:b2:26:5f:c7:c1:ec:70:bf:
                    67:f6:f0:29:07:f6:f3:77:1b:b0:1c:9a:15:b6:c0:
                    d5:73:48:56:f3:28:77:e8:69:05:4b:db:23:b0:74:
                    ca:8c:cd:55:a4:90:c0:33:cc:35:ac:93:6b:85:82:
                    fc:ea:fc:b8:cf:fe:f1:2a:d0:63:26:31:d9:4d:74:
                    e6:0d:4c:37:bd:57:82:6e:dc:74:04:3d:2b:48:03:
                    b6:18:fe:72:da:59:5b:c6:a8:cc:51:56:98:6d:8a:
                    71:36:5a:7b:8b:d7:2f:dd:70:2b:c3:85:34:8e:b4:
                    a2:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:27:1B:58:29:9C:0C:4F:19:1B:4D:5F:FF:04:BE:BB:21:30:86:BA
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS207432.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:3300::/40

    Signature Algorithm: sha256WithRSAEncryption
         3b:c4:9a:a0:42:c1:d9:95:1f:8f:dd:52:25:71:0d:b9:63:26:
         2b:ea:ed:f6:42:5c:e3:69:fc:63:f8:f0:07:95:9e:ad:4a:8c:
         66:d7:f3:95:a3:36:bf:32:4c:65:52:97:d2:08:be:7a:95:9f:
         ce:8b:c1:fa:f1:bf:69:6a:74:0f:ba:91:9f:51:70:4f:6b:ea:
         e9:55:32:c0:50:fa:27:c7:9f:1b:c6:b4:66:c1:39:09:29:21:
         d7:48:9c:b0:70:c6:69:6d:bf:f6:32:5a:97:c3:22:d3:b5:67:
         19:54:1a:e7:03:40:b7:58:eb:da:b2:e4:1d:1f:43:29:e9:68:
         12:2c:49:10:34:81:25:67:42:26:6f:b3:1d:59:05:15:ff:df:
         20:c9:30:43:bd:00:27:ae:7b:b3:56:7c:1b:d4:93:0e:cd:56:
         b5:c4:3c:7d:9a:be:0e:e3:64:dd:38:4d:00:79:7b:82:83:43:
         48:23:4e:32:5d:e9:07:f0:54:14:57:ad:29:05:fb:6a:39:d1:
         6e:55:b7:21:b0:c5:a9:d6:7e:0c:58:af:6f:df:a2:94:46:8b:
         b9:2a:0b:70:0a:4d:9c:37:0e:1c:86:e4:53:0b:68:29:17:e4:
         66:ac:42:f5:56:9a:4b:de:bc:d7:33:09:64:20:3b:e7:d9:e6:
         16:63:f3:c0
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUFgdS79O46BA834io0sdHZKVsa6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MDQwNjU1MTBaFw0yNzA2MDMwNzAwMTBaMDMxMTAvBgNV
BAMTKDcxMjcxQjU4Mjk5QzBDNEYxOTFCNEQ1RkZGMDRCRUJCMjEzMDg2QkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzDsciQ2VibpponyWvfX2zfQPl
hPBRgS+eUzaNAoUDBcOc2UqL9Qn4PjjLQwPHQyC4mtwyso9myJTbWU3mQtG2ZdTW
+aNG3MovkkFwG+ITUi5lh4BcHfnOCRep320IhrU0teaL/jMNjG5W4TjaONlVPRDc
1Z8K17QbCO182UGbtDKnf4Cc+mIx9CR/ZLGyJl/Hwexwv2f28CkH9vN3G7AcmhW2
wNVzSFbzKHfoaQVL2yOwdMqMzVWkkMAzzDWsk2uFgvzq/LjP/vEq0GMmMdlNdOYN
TDe9V4Ju3HQEPStIA7YY/nLaWVvGqMxRVphtinE2WnuL1y/dcCvDhTSOtKLFAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUcScbWCmcDE8ZG01f/wS+uyEwhrowHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA3NDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhR1
gTMwDQYJKoZIhvcNAQELBQADggEBADvEmqBCwdmVH4/dUiVxDbljJivq7fZCXONp
/GP48AeVnq1KjGbX85WjNr8yTGVSl9IIvnqVn86Lwfrxv2lqdA+6kZ9RcE9r6ulV
MsBQ+ifHnxvGtGbBOQkpIddInLBwxmltv/YyWpfDItO1ZxlUGucDQLdY69qy5B0f
QynpaBIsSRA0gSVnQiZvsx1ZBRX/3yDJMEO9ACeue7NWfBvUkw7NVrXEPH2avg7j
ZN04TQB5e4KDQ0gjTjJd6QfwVBRXrSkF+2o50W5VtyGwxanWfgxYr2/fopRGi7kq
C3AKTZw3DhyG5FMLaCkX5GasQvVWmkvevNczCWQgO+fZ5hZj88A=
-----END CERTIFICATE-----