Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa
File:                     AS206286.roa (raw, json)
Hash identifier:          UTKtpNaCgae3EIcXP8J+40xSuNu30Agph95QsQKFFL0=
Subject key identifier:   84:26:AC:8B:09:AC:98:07:66:4C:C6:9F:D5:A1:8A:20:0A:40:06:04
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1D76584C16B445D61A1E94F34C9C09FC643AE877
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa
Signing time:             Wed 25 Feb 2026 04:53:53 +0000
ROA not before:           Wed 25 Feb 2026 04:48:53 +0000
ROA not after:            Wed 24 Feb 2027 04:53:53 +0000
asID:                     206286
IP address blocks:        141.11.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:76:58:4c:16:b4:45:d6:1a:1e:94:f3:4c:9c:09:fc:64:3a:e8:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 25 04:48:53 2026 GMT
            Not After : Feb 24 04:53:53 2027 GMT
        Subject: CN=8426AC8B09AC9807664CC69FD5A18A200A400604
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ad:63:91:d6:2f:b0:47:33:5e:0d:b5:ba:a4:
                    e9:84:b7:e3:f0:b0:bc:0c:bc:bd:db:9d:a5:4f:66:
                    c3:47:dd:ca:1b:7a:85:b8:2c:71:b6:c4:e1:41:fe:
                    de:6b:2d:a9:a7:f7:8e:ab:ae:6b:07:12:03:44:c3:
                    17:c5:6f:ab:19:a5:dc:70:67:33:64:26:d2:08:7d:
                    f4:8a:44:6c:c3:2e:cd:a0:d3:26:c7:5f:b0:76:34:
                    07:b8:b8:9e:56:ad:8f:40:60:59:85:07:d3:9d:fe:
                    fd:49:d0:5a:96:d1:83:4c:49:27:ae:a5:89:5f:5b:
                    5b:1f:75:b3:55:c7:c8:16:2a:fd:ee:4b:03:ff:98:
                    a3:e7:a3:75:39:12:e9:8a:e0:cf:a8:e2:62:c2:74:
                    27:dd:46:03:cf:73:9d:32:99:24:63:df:f3:8a:0f:
                    ae:38:86:6b:a1:55:81:2d:d7:4b:4b:e8:01:b9:3a:
                    5e:e7:7d:c6:6b:a2:ec:8c:7f:85:a7:17:22:c4:1a:
                    ff:af:29:10:d2:40:a8:3e:53:27:d9:56:81:1a:4b:
                    5c:cc:57:76:cc:76:87:bf:70:46:14:0b:10:03:39:
                    ff:a9:6a:43:2a:f1:88:e7:8f:21:92:45:95:6a:26:
                    60:85:17:e8:51:b6:75:99:fc:99:a7:93:82:af:4c:
                    d1:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:26:AC:8B:09:AC:98:07:66:4C:C6:9F:D5:A1:8A:20:0A:40:06:04
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS206286.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:c9:9c:c2:64:16:22:85:cf:52:a5:ad:d3:14:04:0d:92:c5:
         57:07:f7:9e:d5:f7:d8:c0:c2:7d:ec:a1:64:74:5e:3b:20:62:
         06:42:4e:ee:73:b6:99:cd:3c:4a:5e:a4:ea:1f:2f:94:ce:5f:
         11:30:37:8d:bf:8e:a4:2e:92:58:89:25:a5:12:02:f8:49:e9:
         e5:a8:22:db:00:6b:53:2d:e6:7b:e4:95:93:32:cb:15:84:fa:
         55:10:2b:d5:7f:f6:04:c1:b7:10:79:a9:d1:68:fe:64:0b:5a:
         f0:51:19:d3:90:e2:fb:cf:6e:32:bb:fd:b1:fd:29:fb:b6:cc:
         65:10:ea:46:ad:f5:75:2f:3e:80:ae:6c:30:66:e9:b1:bd:f4:
         0f:3d:04:52:8b:64:2c:cb:6f:bb:92:e6:94:82:12:44:cc:ab:
         f8:14:d6:e8:e9:89:16:4d:58:71:60:4a:91:92:f9:89:7e:a9:
         28:4c:b8:bf:4d:39:8d:2a:e7:8a:6b:f0:6d:8f:1d:06:b1:2b:
         7c:4c:ee:c2:21:70:ad:71:e1:79:d4:19:f4:48:1e:1d:f5:30:
         81:84:f0:57:53:df:16:05:7b:cc:22:18:9f:b9:c2:3f:97:a5:
         7e:2d:26:e5:f7:f2:e0:dd:47:94:75:b2:36:3b:c1:e6:18:c8:
         a9:6b:25:a5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHXZYTBa0RdYaHpTzTJwJ/GQ66HcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMjUwNDQ4NTNaFw0yNzAyMjQwNDUzNTNaMDMxMTAvBgNV
BAMTKDg0MjZBQzhCMDlBQzk4MDc2NjRDQzY5RkQ1QTE4QTIwMEE0MDA2MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfrWOR1i+wRzNeDbW6pOmEt+Pw
sLwMvL3bnaVPZsNH3cobeoW4LHG2xOFB/t5rLamn946rrmsHEgNEwxfFb6sZpdxw
ZzNkJtIIffSKRGzDLs2g0ybHX7B2NAe4uJ5WrY9AYFmFB9Od/v1J0FqW0YNMSSeu
pYlfW1sfdbNVx8gWKv3uSwP/mKPno3U5EumK4M+o4mLCdCfdRgPPc50ymSRj3/OK
D644hmuhVYEt10tL6AG5Ol7nfcZrouyMf4WnFyLEGv+vKRDSQKg+UyfZVoEaS1zM
V3bMdoe/cEYUCxADOf+pakMq8YjnjyGSRZVqJmCFF+hRtnWZ/Jmnk4KvTNFhAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhCasiwmsmAdmTMaf1aGKIApABgQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA2Mjg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvG
MA0GCSqGSIb3DQEBCwUAA4IBAQA5yZzCZBYihc9Spa3TFAQNksVXB/ee1ffYwMJ9
7KFkdF47IGIGQk7uc7aZzTxKXqTqHy+Uzl8RMDeNv46kLpJYiSWlEgL4SenlqCLb
AGtTLeZ75JWTMssVhPpVECvVf/YEwbcQeanRaP5kC1rwURnTkOL7z24yu/2x/Sn7
tsxlEOpGrfV1Lz6ArmwwZumxvfQPPQRSi2Qsy2+7kuaUghJEzKv4FNbo6YkWTVhx
YEqRkvmJfqkoTLi/TTmNKueKa/Btjx0GsSt8TO7CIXCtceF51Bn0SB4d9TCBhPBX
U98WBXvMIhifucI/l6V+LSbl9/Lg3UeUdbI2O8HmGMipayWl
-----END CERTIFICATE-----