Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208674.roa
File:                     AS208674.roa (raw, json)
Hash identifier:          5VWRXuvbtweDNELa37ZC1nsVgmLFiTREm6M8lZ6xUus=
Subject key identifier:   0D:A7:D2:45:21:C3:B8:66:6E:A6:27:F6:13:BF:ED:6F:E5:91:F6:29
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       46525507D150427438697D08C3432023FF320B3A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208674.roa
Signing time:             Tue 24 Mar 2026 13:47:11 +0000
ROA not before:           Tue 24 Mar 2026 13:42:11 +0000
ROA not after:            Tue 23 Mar 2027 13:47:11 +0000
asID:                     208674
IP address blocks:        191.96.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:52:55:07:d1:50:42:74:38:69:7d:08:c3:43:20:23:ff:32:0b:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 24 13:42:11 2026 GMT
            Not After : Mar 23 13:47:11 2027 GMT
        Subject: CN=0DA7D24521C3B8666EA627F613BFED6FE591F629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:06:dc:58:9c:b7:6a:88:7a:50:08:75:3a:65:
                    c2:0f:37:ea:e2:27:ca:b3:a7:6a:30:17:35:70:27:
                    05:47:71:2a:7b:7d:06:99:1e:6b:81:1b:93:65:71:
                    72:40:f0:d6:9c:41:64:62:19:07:05:9e:91:7d:c9:
                    d0:3f:67:38:48:ee:50:25:ce:09:dc:7b:f7:9c:5e:
                    3f:50:58:a8:e2:bd:f4:77:b0:cd:87:39:7a:83:19:
                    9b:e2:f3:96:dc:33:aa:ec:bc:eb:b2:6f:50:da:73:
                    0b:92:df:62:af:53:85:a8:57:a4:53:26:3c:9d:b4:
                    4b:b9:6e:e7:b5:a6:4d:38:3c:3f:bd:18:22:81:88:
                    43:69:5d:9c:71:cc:50:b1:21:a6:8e:40:ce:be:b4:
                    a0:80:54:3c:b5:2c:a3:6c:64:cc:86:a1:25:d3:88:
                    c1:9d:ce:fa:da:45:57:84:ea:81:04:a1:3d:9f:2a:
                    5b:a9:8a:62:3f:00:62:08:5d:1a:59:46:78:6b:c5:
                    c1:de:9c:27:57:77:25:4f:c9:dd:7a:2b:a0:cb:9f:
                    96:af:2a:19:09:5b:5e:5b:09:4b:36:fa:60:b0:bd:
                    81:8d:18:09:53:87:10:b7:a4:e7:0b:c9:06:ce:db:
                    9a:e5:cc:7f:e1:9a:a8:44:3d:a8:2d:b1:98:9e:26:
                    4b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:A7:D2:45:21:C3:B8:66:6E:A6:27:F6:13:BF:ED:6F:E5:91:F6:29
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS208674.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:f0:c2:0b:09:3f:14:0a:d2:06:88:70:1c:97:13:41:c3:23:
         81:5a:a1:8c:b3:86:2d:6f:f1:04:95:10:06:41:8d:5c:b9:a7:
         f2:b3:66:a1:0c:38:fd:cd:cf:0c:09:02:6b:2d:95:34:67:50:
         60:ed:f8:69:ec:d4:fd:cb:5f:e0:2c:dc:91:12:73:61:20:aa:
         75:c0:a5:0a:4b:88:41:5a:5c:a5:f7:12:19:30:04:55:0b:77:
         f7:4a:83:df:3f:8f:7b:26:f0:58:d8:4c:7b:3c:71:79:93:ba:
         a1:2f:6b:34:37:ba:1b:cf:63:0e:1e:cb:44:31:3a:92:88:c7:
         86:19:80:3d:36:06:c8:d8:52:20:ed:29:e2:86:cf:ee:14:1e:
         05:50:d8:ca:94:26:e6:94:db:58:7c:b4:11:ce:09:cf:ec:3f:
         22:b9:57:28:eb:a6:69:60:80:41:d2:f0:fb:02:28:f5:cf:dd:
         ce:2e:2e:94:e7:18:30:63:39:be:ba:66:3e:e0:59:ef:00:e9:
         19:83:34:f5:44:87:7c:77:d3:f4:76:49:ce:13:4c:66:c3:9e:
         bf:7c:2d:31:4f:7f:a0:ec:5f:6f:83:86:01:28:7b:cf:d7:44:
         d5:ee:17:78:fd:a7:b0:62:71:82:76:c9:b8:05:3b:5a:18:87:
         f4:b4:05:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURlJVB9FQQnQ4aX0Iw0MgI/8yCzowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjQxMzQyMTFaFw0yNzAzMjMxMzQ3MTFaMDMxMTAvBgNV
BAMTKDBEQTdEMjQ1MjFDM0I4NjY2RUE2MjdGNjEzQkZFRDZGRTU5MUY2MjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFBtxYnLdqiHpQCHU6ZcIPN+ri
J8qzp2owFzVwJwVHcSp7fQaZHmuBG5NlcXJA8NacQWRiGQcFnpF9ydA/ZzhI7lAl
zgnce/ecXj9QWKjivfR3sM2HOXqDGZvi85bcM6rsvOuyb1DacwuS32KvU4WoV6RT
JjydtEu5bue1pk04PD+9GCKBiENpXZxxzFCxIaaOQM6+tKCAVDy1LKNsZMyGoSXT
iMGdzvraRVeE6oEEoT2fKlupimI/AGIIXRpZRnhrxcHenCdXdyVPyd16K6DLn5av
KhkJW15bCUs2+mCwvYGNGAlThxC3pOcLyQbO25rlzH/hmqhEPagtsZieJksHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUDafSRSHDuGZupif2E7/tb+WR9ikwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA4Njc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2BY
MA0GCSqGSIb3DQEBCwUAA4IBAQAI8MILCT8UCtIGiHAclxNBwyOBWqGMs4Ytb/EE
lRAGQY1cuafys2ahDDj9zc8MCQJrLZU0Z1Bg7fhp7NT9y1/gLNyREnNhIKp1wKUK
S4hBWlyl9xIZMARVC3f3SoPfP497JvBY2Ex7PHF5k7qhL2s0N7obz2MOHstEMTqS
iMeGGYA9NgbI2FIg7Snihs/uFB4FUNjKlCbmlNtYfLQRzgnP7D8iuVco66ZpYIBB
0vD7Aij1z93OLi6U5xgwYzm+umY+4FnvAOkZgzT1RId8d9P0dknOE0xmw56/fC0x
T3+g7F9vg4YBKHvP10TV7hd4/aewYnGCdsm4BTtaGIf0tAVq
-----END CERTIFICATE-----