Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          nGa47/pTHOakHhWUp/0cYNTWO1iJMihENZ6KxfeOIzU=
Subject key identifier:   CA:39:7F:0E:56:2E:89:60:FC:34:68:CC:B8:3F:A4:D6:5A:C2:AE:9C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4433F12750CF93218898B98B7695D98257EE3CDC
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
Signing time:             Mon 29 Sep 2025 10:55:07 +0000
ROA not before:           Mon 29 Sep 2025 10:50:07 +0000
ROA not after:            Mon 28 Sep 2026 10:55:07 +0000
asID:                     209242
IP address blocks:        185.135.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:33:f1:27:50:cf:93:21:88:98:b9:8b:76:95:d9:82:57:ee:3c:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep 29 10:50:07 2025 GMT
            Not After : Sep 28 10:55:07 2026 GMT
        Subject: CN=CA397F0E562E8960FC3468CCB83FA4D65AC2AE9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:44:c6:1c:82:ed:97:57:0b:fb:c5:d6:07:98:
                    32:e4:0e:77:21:68:f0:e6:44:72:d0:28:91:56:c5:
                    a3:25:b3:9f:f2:81:c1:41:79:40:95:37:24:03:50:
                    01:9f:fe:68:47:58:25:d0:c3:7e:c9:4a:89:82:75:
                    a8:b8:ca:5c:8c:5e:54:a6:c2:5c:21:3f:b8:24:ce:
                    1a:29:7f:95:75:23:4e:fe:9a:fc:37:c3:11:42:02:
                    31:5a:5e:32:38:20:29:90:57:0b:ba:b8:09:89:3d:
                    f4:59:26:f0:b0:17:35:a6:73:9d:1b:30:e6:94:90:
                    d8:07:b4:18:3e:06:ec:93:fe:53:3a:6b:b2:3c:b3:
                    fc:da:82:25:3d:fc:63:83:fa:db:71:6d:4c:76:b9:
                    01:f2:ce:95:92:b4:4a:7c:73:0c:70:f6:b0:e0:3b:
                    31:26:49:86:c9:44:c1:69:6a:48:fc:d3:f2:61:e4:
                    bf:3c:b9:3f:23:51:fd:70:8e:59:47:c9:ba:9a:b3:
                    bb:f2:14:11:77:82:15:dc:ea:85:de:20:d2:f2:f9:
                    5e:ac:d2:a9:c0:b2:c1:21:88:18:21:b9:28:78:de:
                    e9:f7:0a:14:ba:98:d3:e2:12:26:55:ee:7e:d0:09:
                    1e:c5:43:56:43:90:20:65:14:ab:9b:29:97:14:24:
                    fa:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:39:7F:0E:56:2E:89:60:FC:34:68:CC:B8:3F:A4:D6:5A:C2:AE:9C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:6d:3c:66:93:b5:41:81:12:8d:01:0d:d1:3b:56:8a:00:50:
         97:e5:2a:1c:0c:8e:17:3a:16:35:5b:0b:ac:34:4e:5c:65:3b:
         e7:d5:8c:c5:d3:b7:68:c8:0c:7c:3e:4b:65:ff:45:6f:4c:c2:
         a2:a5:09:60:3c:7f:b8:66:40:5e:a1:f9:db:cc:22:3d:36:e4:
         a5:f8:c9:0d:d3:9d:ed:a4:17:0d:ff:a7:b7:49:8a:20:56:c4:
         9e:3f:2d:4d:ec:5c:26:5b:14:11:f7:a7:70:a5:d8:bd:47:07:
         ad:27:55:f3:1f:65:15:41:db:61:6a:28:fa:b0:62:5f:7a:e4:
         4f:60:56:28:3f:16:85:21:65:d4:1d:30:a8:80:24:82:bc:4f:
         74:c7:df:c5:39:c1:99:ba:68:ab:ec:08:c7:c4:73:49:ec:0b:
         ad:55:f4:52:2e:4b:13:dc:5a:62:8d:4f:f1:27:1c:d8:99:90:
         48:e6:f7:20:f6:0e:75:ed:ca:d9:80:56:fe:6f:cb:8e:d3:7e:
         57:dd:15:1e:15:08:d2:4d:ef:c6:7e:fa:f6:9a:43:72:bf:c2:
         e3:29:a4:9b:18:3a:a2:d7:8c:ab:e5:86:c5:ff:ef:7e:d5:f8:
         72:e0:59:da:d6:91:1b:1d:20:97:e1:e5:9c:ed:50:a8:80:63:
         21:98:c4:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURDPxJ1DPkyGImLmLdpXZglfuPNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MjkxMDUwMDdaFw0yNjA5MjgxMDU1MDdaMDMxMTAvBgNV
BAMTKENBMzk3RjBFNTYyRTg5NjBGQzM0NjhDQ0I4M0ZBNEQ2NUFDMkFFOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLRMYcgu2XVwv7xdYHmDLkDnch
aPDmRHLQKJFWxaMls5/ygcFBeUCVNyQDUAGf/mhHWCXQw37JSomCdai4ylyMXlSm
wlwhP7gkzhopf5V1I07+mvw3wxFCAjFaXjI4ICmQVwu6uAmJPfRZJvCwFzWmc50b
MOaUkNgHtBg+BuyT/lM6a7I8s/zagiU9/GOD+ttxbUx2uQHyzpWStEp8cwxw9rDg
OzEmSYbJRMFpakj80/Jh5L88uT8jUf1wjllHybqas7vyFBF3ghXc6oXeINLy+V6s
0qnAssEhiBghuSh43un3ChS6mNPiEiZV7n7QCR7FQ1ZDkCBlFKubKZcUJPpdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUyjl/DlYuiWD8NGjMuD+k1lrCrpwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYcJ
MA0GCSqGSIb3DQEBCwUAA4IBAQAZbTxmk7VBgRKNAQ3RO1aKAFCX5SocDI4XOhY1
WwusNE5cZTvn1YzF07doyAx8Pktl/0VvTMKipQlgPH+4ZkBeofnbzCI9NuSl+MkN
053tpBcN/6e3SYogVsSePy1N7FwmWxQR96dwpdi9RwetJ1XzH2UVQdthaij6sGJf
euRPYFYoPxaFIWXUHTCogCSCvE90x9/FOcGZumir7AjHxHNJ7AutVfRSLksT3Fpi
jU/xJxzYmZBI5vcg9g517crZgFb+b8uO035X3RUeFQjSTe/Gfvr2mkNyv8LjKaSb
GDqi14yr5YbF/+9+1fhy4Fna1pEbHSCX4eWc7VCogGMhmMQ0
-----END CERTIFICATE-----