Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS208751.roa
File:                     AS208751.roa (raw, json)
Hash identifier:          KHFTB3iXIzIiJtQnBkl2xzHAmiuwYRXgc2jjNtYCSmw=
Subject key identifier:   DC:F3:08:8D:A9:C4:75:A3:66:9E:E8:03:9D:60:D1:EE:92:3A:C1:C6
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       65B0369732BE736DFB07278D6FC6ACCDBA3435D8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS208751.roa
Signing time:             Wed 06 May 2026 15:58:04 +0000
ROA not before:           Wed 06 May 2026 15:53:04 +0000
ROA not after:            Wed 05 May 2027 15:58:04 +0000
asID:                     208751
IP address blocks:        155.117.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:b0:36:97:32:be:73:6d:fb:07:27:8d:6f:c6:ac:cd:ba:34:35:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 15:53:04 2026 GMT
            Not After : May  5 15:58:04 2027 GMT
        Subject: CN=DCF3088DA9C475A3669EE8039D60D1EE923AC1C6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:38:09:54:49:e5:01:1f:ad:d1:cc:c2:60:1e:
                    8e:00:c7:41:1a:11:63:80:41:32:b5:fd:00:ae:98:
                    1e:da:bf:a2:e8:e6:56:44:ae:92:f2:52:d3:18:eb:
                    53:25:27:ce:30:d4:33:7c:20:81:88:b9:41:c7:a7:
                    33:25:61:79:fc:cb:c5:b9:54:09:c6:61:9f:44:13:
                    2f:f1:91:8b:b7:16:c5:d0:09:46:aa:f5:07:a8:58:
                    09:b9:e9:91:e4:d1:af:be:72:e2:bb:82:f0:8d:e8:
                    27:15:24:0f:67:07:09:6f:3c:04:a3:ad:82:86:b8:
                    22:e3:34:4b:47:c5:b7:22:ec:7a:27:5d:0e:64:79:
                    50:8b:ce:a8:ad:d6:79:27:49:0d:e4:69:d4:3a:69:
                    eb:43:5a:e5:1a:ef:40:7c:88:95:dd:22:89:98:c4:
                    55:8c:c4:19:9e:7f:26:0c:e5:12:0b:6c:30:a0:cb:
                    a1:aa:54:11:47:cc:26:e5:c2:a7:92:02:a4:3c:6d:
                    b4:fe:b1:23:2c:ad:43:10:8c:8d:c8:68:b6:f6:1f:
                    54:e5:59:df:47:7c:a6:97:9f:f8:90:ba:3a:a9:d5:
                    ac:5e:22:c1:24:5a:fe:22:47:dc:2a:13:ff:71:2f:
                    1d:61:86:b2:3c:78:30:f0:0e:62:02:ab:4c:85:b2:
                    0e:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:F3:08:8D:A9:C4:75:A3:66:9E:E8:03:9D:60:D1:EE:92:3A:C1:C6
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS208751.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:49:bc:6b:f5:79:b1:89:ac:1e:90:64:7b:cf:0b:5a:f3:b8:
         87:f0:bd:63:25:aa:8f:ba:38:5e:7a:21:3f:3c:4f:cc:7b:b1:
         f9:e1:a0:1d:5d:07:bd:c6:6f:b1:8c:85:d6:fe:c1:32:f6:8c:
         53:1b:14:aa:71:0c:a8:66:8d:5c:c0:af:00:35:61:38:2b:00:
         b8:63:40:13:ce:67:80:c0:a1:28:41:ee:4b:35:46:bb:86:54:
         58:e7:be:14:7e:45:1d:4c:d6:41:70:d5:c7:c3:52:2c:57:3e:
         78:47:81:6b:f9:7e:0b:24:0d:04:4c:69:5f:91:3d:32:09:b7:
         8c:d2:09:27:ef:ac:f2:59:a3:ec:c4:c7:72:8d:68:b5:1e:45:
         71:65:f9:ad:11:18:8e:89:11:bc:4e:aa:27:f8:61:20:b2:91:
         88:46:c2:bf:99:ca:19:00:8c:05:a7:22:28:8f:d4:99:05:52:
         31:4f:1a:48:17:1a:72:62:01:02:23:7e:07:4c:62:48:61:68:
         a9:52:74:94:02:76:1e:f1:47:18:0d:9d:13:70:a7:be:d7:52:
         5f:5d:7e:f0:3c:b9:b8:68:26:ac:72:23:5d:77:fa:7d:ab:35:
         72:5c:c9:f0:22:60:67:0b:5c:4f:95:eb:5e:e7:c9:72:79:b6:
         94:a7:dc:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZbA2lzK+c237ByeNb8aszbo0NdgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDYxNTUzMDRaFw0yNzA1MDUxNTU4MDRaMDMxMTAvBgNV
BAMTKERDRjMwODhEQTlDNDc1QTM2NjlFRTgwMzlENjBEMUVFOTIzQUMxQzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmOAlUSeUBH63RzMJgHo4Ax0Ea
EWOAQTK1/QCumB7av6Lo5lZErpLyUtMY61MlJ84w1DN8IIGIuUHHpzMlYXn8y8W5
VAnGYZ9EEy/xkYu3FsXQCUaq9QeoWAm56ZHk0a++cuK7gvCN6CcVJA9nBwlvPASj
rYKGuCLjNEtHxbci7HonXQ5keVCLzqit1nknSQ3kadQ6aetDWuUa70B8iJXdIomY
xFWMxBmefyYM5RILbDCgy6GqVBFHzCblwqeSAqQ8bbT+sSMsrUMQjI3IaLb2H1Tl
Wd9HfKaXn/iQujqp1axeIsEkWv4iR9wqE/9xLx1hhrI8eDDwDmICq0yFsg5NAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3PMIjanEdaNmnugDnWDR7pI6wcYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA4NzUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Xy
MA0GCSqGSIb3DQEBCwUAA4IBAQAkSbxr9XmxiawekGR7zwta87iH8L1jJaqPujhe
eiE/PE/Me7H54aAdXQe9xm+xjIXW/sEy9oxTGxSqcQyoZo1cwK8ANWE4KwC4Y0AT
zmeAwKEoQe5LNUa7hlRY574UfkUdTNZBcNXHw1IsVz54R4Fr+X4LJA0ETGlfkT0y
CbeM0gkn76zyWaPsxMdyjWi1HkVxZfmtERiOiRG8Tqon+GEgspGIRsK/mcoZAIwF
pyIoj9SZBVIxTxpIFxpyYgECI34HTGJIYWipUnSUAnYe8UcYDZ0TcKe+11JfXX7w
PLm4aCasciNdd/p9qzVyXMnwImBnC1xPlete58lyebaUp9wU
-----END CERTIFICATE-----