Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          WOCRS2Qb6ljob21ZUAxneg1pzO0hok3DmV07AHBrgKM=
Subject key identifier:   42:BE:C8:F1:A8:D9:40:A9:56:8A:3E:C0:C1:06:77:E3:1D:5B:76:26
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0A9B97E9391321F2BEDA1CBFA5AAB298BD862F1A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
Signing time:             Wed 29 Apr 2026 14:10:30 +0000
ROA not before:           Wed 29 Apr 2026 14:05:30 +0000
ROA not after:            Wed 28 Apr 2027 14:10:30 +0000
asID:                     209242
IP address blocks:        185.135.9.0/24 maxlen: 24
                          191.101.212.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:9b:97:e9:39:13:21:f2:be:da:1c:bf:a5:aa:b2:98:bd:86:2f:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 29 14:05:30 2026 GMT
            Not After : Apr 28 14:10:30 2027 GMT
        Subject: CN=42BEC8F1A8D940A9568A3EC0C10677E31D5B7626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:be:a2:4d:bd:2f:35:e4:c2:01:fa:0f:28:48:
                    42:28:21:6f:23:94:27:be:e6:a4:78:48:26:5c:44:
                    7e:23:30:eb:69:c4:aa:c7:60:de:3f:a6:e9:0e:30:
                    7a:34:ca:5f:e3:b6:a0:5e:82:1b:a0:64:e5:8b:2b:
                    1f:5d:1d:fa:9b:bf:76:77:f8:8f:83:4d:f4:29:c2:
                    82:1f:00:89:d0:9c:f4:3d:67:0f:dd:a3:15:e3:0d:
                    69:56:f0:58:af:b0:75:06:eb:1a:62:42:54:32:ad:
                    e7:eb:43:84:84:08:eb:58:aa:a2:e7:dc:d3:79:d0:
                    d9:9b:51:51:72:e7:e9:76:44:b8:c8:14:eb:3c:b5:
                    fb:0f:48:16:cb:86:f9:ff:c2:56:68:e2:ad:ef:2e:
                    3d:48:29:37:93:2b:7f:ae:ca:0a:62:42:81:2d:0a:
                    78:ac:75:7b:a5:29:df:c2:f0:21:1c:a5:9b:21:b2:
                    e4:f4:21:91:7b:4f:f5:e5:79:42:a8:ae:61:dc:db:
                    c6:7f:31:01:8f:e6:96:a5:79:9e:da:4d:10:6b:0d:
                    38:0f:97:53:86:44:31:77:1b:be:87:91:ab:68:60:
                    17:2c:3d:03:fb:e6:3b:e0:0e:cc:74:43:48:85:17:
                    c0:ce:ba:50:82:3c:2d:c7:d0:45:03:54:28:e6:93:
                    67:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:BE:C8:F1:A8:D9:40:A9:56:8A:3E:C0:C1:06:77:E3:1D:5B:76:26
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.9.0/24
                  191.101.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4a:52:9b:52:8a:56:5a:f4:3d:c2:a7:37:7a:fb:eb:c3:74:77:
         72:7f:56:b7:48:e6:95:f4:2d:c6:cf:ea:cb:6d:12:d7:bf:e0:
         1f:02:cd:c5:d7:ad:b6:31:87:34:29:e9:87:21:0c:65:6d:9c:
         8f:6b:52:36:f0:0d:73:11:2c:f6:f5:35:39:72:89:d5:cf:cf:
         56:5f:8a:e0:95:54:ea:25:b9:d2:ad:e2:d6:2c:0b:34:a8:98:
         45:b3:e2:09:bf:a1:e8:34:40:c7:93:21:c1:cb:2f:5b:0d:6d:
         64:7b:d1:24:07:78:88:ab:61:ce:17:ab:ce:75:f1:39:0e:10:
         4b:c6:64:40:03:6a:fe:0f:99:6c:1e:c1:2d:c8:9a:31:c3:f3:
         2d:0e:db:b4:92:30:03:24:1d:89:fb:b2:d6:8e:36:59:a7:15:
         6b:70:3b:58:61:0e:c5:fe:76:24:9b:df:40:b2:da:8a:87:d0:
         89:f3:78:7b:52:78:83:ea:8c:20:6a:c7:9c:d0:c7:bd:a2:f8:
         36:82:5e:ff:7e:70:08:cc:f0:7b:b4:36:3f:bc:2a:30:63:4f:
         9e:de:1d:ce:26:e4:4d:e2:d9:1f:d0:81:3c:77:9d:d7:52:26:
         4e:b2:b5:df:43:85:0e:4f:5f:fe:f6:98:d8:a4:de:fb:1f:72:
         ca:eb:99:55
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUCpuX6TkTIfK+2hy/paqymL2GLxowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MjkxNDA1MzBaFw0yNzA0MjgxNDEwMzBaMDMxMTAvBgNV
BAMTKDQyQkVDOEYxQThEOTQwQTk1NjhBM0VDMEMxMDY3N0UzMUQ1Qjc2MjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKvqJNvS815MIB+g8oSEIoIW8j
lCe+5qR4SCZcRH4jMOtpxKrHYN4/pukOMHo0yl/jtqBeghugZOWLKx9dHfqbv3Z3
+I+DTfQpwoIfAInQnPQ9Zw/doxXjDWlW8FivsHUG6xpiQlQyrefrQ4SECOtYqqLn
3NN50NmbUVFy5+l2RLjIFOs8tfsPSBbLhvn/wlZo4q3vLj1IKTeTK3+uygpiQoEt
CnisdXulKd/C8CEcpZshsuT0IZF7T/XleUKormHc28Z/MQGP5paleZ7aTRBrDTgP
l1OGRDF3G76HkatoYBcsPQP75jvgDsx0Q0iFF8DOulCCPC3H0EUDVCjmk2elAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUQr7I8ajZQKlWij7AwQZ34x1bdiYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuYcJ
AwQCv2XUMA0GCSqGSIb3DQEBCwUAA4IBAQBKUptSilZa9D3Cpzd6++vDdHdyf1a3
SOaV9C3Gz+rLbRLXv+AfAs3F1622MYc0KemHIQxlbZyPa1I28A1zESz29TU5conV
z89WX4rglVTqJbnSreLWLAs0qJhFs+IJv6HoNEDHkyHByy9bDW1ke9EkB3iIq2HO
F6vOdfE5DhBLxmRAA2r+D5lsHsEtyJoxw/MtDtu0kjADJB2J+7LWjjZZpxVrcDtY
YQ7F/nYkm99AstqKh9CJ83h7UniD6owgasec0Me9ovg2gl7/fnAIzPB7tDY/vCow
Y0+e3h3OJuRN4tkf0IE8d53XUiZOsrXfQ4UOT1/+9pjYpN77H3LK65lV
-----END CERTIFICATE-----