Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa
File:                     AS207019.roa (raw, json)
Hash identifier:          hq0DZ18B84OuHzMUpK2NKAqX5oKSOJg31XQt7wFRdPw=
Subject key identifier:   FF:9F:5E:A9:57:3F:E0:9A:7C:F5:43:5C:60:55:72:6A:3F:9C:06:D0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       547D14EE41042C6FD23CA0D6704D456301CFC865
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa
Signing time:             Wed 24 Sep 2025 06:41:20 +0000
ROA not before:           Wed 24 Sep 2025 06:36:20 +0000
ROA not after:            Wed 23 Sep 2026 06:41:20 +0000
asID:                     207019
IP address blocks:        155.117.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:7d:14:ee:41:04:2c:6f:d2:3c:a0:d6:70:4d:45:63:01:cf:c8:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 24 06:36:20 2025 GMT
            Not After : Sep 23 06:41:20 2026 GMT
        Subject: CN=FF9F5EA9573FE09A7CF5435C6055726A3F9C06D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0c:10:a3:4d:51:ef:44:58:c2:58:5b:90:dc:
                    43:ef:e8:3b:90:49:dd:b6:4c:63:6f:4f:c8:40:35:
                    11:6d:02:13:34:9c:94:27:07:88:44:a4:23:ed:dc:
                    24:5c:27:f2:fc:9f:70:2e:7e:6f:c4:4e:4c:0f:d7:
                    6e:12:66:8f:0f:98:7b:d1:39:fd:83:14:3d:ac:f6:
                    44:dd:1a:3b:27:81:0b:f3:f2:f0:9d:07:4c:c5:d2:
                    dd:6e:a9:e2:01:69:be:4b:30:a1:dd:22:37:01:a1:
                    9e:42:71:53:3e:6e:f7:f3:56:59:bf:f7:d5:25:87:
                    40:90:4f:53:cb:bb:5c:3f:4d:9c:7c:5a:82:4d:0c:
                    41:2a:4e:79:db:7d:15:5c:e4:ae:fb:be:bb:52:44:
                    7e:d5:42:1b:44:0c:44:34:0a:88:53:df:fc:61:08:
                    1e:cb:c5:ab:54:21:fc:44:b1:76:50:c8:66:1c:2a:
                    67:0c:ae:1d:e7:15:56:47:fe:ec:c7:c6:a7:3f:55:
                    00:53:16:56:15:aa:b5:42:a4:86:e6:a8:15:2a:92:
                    99:5e:36:24:9b:68:80:17:d2:48:29:ac:72:86:c9:
                    32:3a:7b:ef:65:b3:79:75:3d:36:0d:4c:b1:e0:d5:
                    82:4b:86:2d:a6:47:89:36:20:d9:99:55:8e:ca:46:
                    71:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:9F:5E:A9:57:3F:E0:9A:7C:F5:43:5C:60:55:72:6A:3F:9C:06:D0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207019.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:97:03:a6:5f:75:b3:07:dd:62:42:46:25:a0:6c:dd:4a:40:
         7b:a1:25:b9:8f:7a:0d:9c:95:7f:cd:10:3e:a6:45:b2:0f:f6:
         54:83:55:be:51:c4:db:4c:18:71:9a:ff:85:46:0d:d6:2e:9a:
         ff:fe:17:13:a5:ba:ad:a5:b7:3c:3a:49:85:04:01:37:7a:48:
         46:a8:e7:da:b7:40:34:44:da:82:b9:66:8d:89:ee:6f:b7:b3:
         b3:bc:ea:ce:6c:ab:e7:85:87:e5:6d:70:20:2c:6d:ce:ca:91:
         86:46:f5:32:d8:3b:9a:5a:65:53:bb:c6:62:74:b3:39:68:73:
         81:73:73:7d:5f:b5:9a:49:5c:28:58:78:cd:49:d6:b4:e8:4c:
         4a:f1:d1:3a:bf:7b:96:52:9a:4d:c0:3d:4c:54:2d:6d:ed:00:
         d8:87:65:81:85:f3:5e:a8:28:3c:52:f6:0d:46:7b:01:2c:26:
         d5:51:a8:1e:b6:a8:6b:9b:e9:d3:d3:24:0e:b3:39:91:7c:0f:
         cf:4d:5f:ff:4d:a2:c8:4b:7e:c4:f6:5d:2a:9b:16:d1:91:0f:
         2c:e3:e5:cd:28:98:79:71:9c:56:d0:f3:73:10:90:42:0b:07:
         d8:41:1c:42:16:cf:47:d1:4c:c6:ff:6b:da:3e:66:a5:d7:2e:
         fa:7e:6d:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVH0U7kEELG/SPKDWcE1FYwHPyGUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MjQwNjM2MjBaFw0yNjA5MjMwNjQxMjBaMDMxMTAvBgNV
BAMTKEZGOUY1RUE5NTczRkUwOUE3Q0Y1NDM1QzYwNTU3MjZBM0Y5QzA2RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9DBCjTVHvRFjCWFuQ3EPv6DuQ
Sd22TGNvT8hANRFtAhM0nJQnB4hEpCPt3CRcJ/L8n3Aufm/ETkwP124SZo8PmHvR
Of2DFD2s9kTdGjsngQvz8vCdB0zF0t1uqeIBab5LMKHdIjcBoZ5CcVM+bvfzVlm/
99Ulh0CQT1PLu1w/TZx8WoJNDEEqTnnbfRVc5K77vrtSRH7VQhtEDEQ0CohT3/xh
CB7LxatUIfxEsXZQyGYcKmcMrh3nFVZH/uzHxqc/VQBTFlYVqrVCpIbmqBUqkple
NiSbaIAX0kgprHKGyTI6e+9ls3l1PTYNTLHg1YJLhi2mR4k2INmZVY7KRnGLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU/59eqVc/4Jp89UNcYFVyaj+cBtAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3MDE5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Xy
MA0GCSqGSIb3DQEBCwUAA4IBAQAPlwOmX3WzB91iQkYloGzdSkB7oSW5j3oNnJV/
zRA+pkWyD/ZUg1W+UcTbTBhxmv+FRg3WLpr//hcTpbqtpbc8OkmFBAE3ekhGqOfa
t0A0RNqCuWaNie5vt7OzvOrObKvnhYflbXAgLG3OypGGRvUy2DuaWmVTu8ZidLM5
aHOBc3N9X7WaSVwoWHjNSda06ExK8dE6v3uWUppNwD1MVC1t7QDYh2WBhfNeqCg8
UvYNRnsBLCbVUagetqhrm+nT0yQOszmRfA/PTV//TaLIS37E9l0qmxbRkQ8s4+XN
KJh5cZxW0PNzEJBCCwfYQRxCFs9H0UzG/2vaPmal1y76fm1v
-----END CERTIFICATE-----