Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209699.roa
File:                     AS209699.roa (raw, json)
Hash identifier:          8ev1fiWFZhu3DUcw8DBmYMzOv9ynmck/SCKbNBA6f04=
Subject key identifier:   61:20:C4:0F:7D:65:88:93:C0:B5:59:35:BD:77:BE:80:93:A4:BD:C5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       11289A33642A2423787B6516D41C23B84F7BD7F1
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209699.roa
Signing time:             Wed 30 Apr 2025 13:22:20 +0000
ROA not before:           Wed 30 Apr 2025 13:17:20 +0000
ROA not after:            Wed 29 Apr 2026 13:22:20 +0000
asID:                     209699
IP address blocks:        82.23.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:28:9a:33:64:2a:24:23:78:7b:65:16:d4:1c:23:b8:4f:7b:d7:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 30 13:17:20 2025 GMT
            Not After : Apr 29 13:22:20 2026 GMT
        Subject: CN=6120C40F7D658893C0B55935BD77BE8093A4BDC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bf:19:62:f4:ee:d5:df:93:a1:43:ab:b0:60:
                    ad:3a:4a:1b:90:a1:c2:ad:33:7e:d0:58:1d:e4:3f:
                    38:eb:14:c4:c3:b9:35:06:9c:0e:ec:c5:ad:13:80:
                    5d:81:a5:92:25:cc:49:cd:ed:e3:5d:b5:b6:63:b3:
                    67:32:f9:58:20:56:35:20:b9:62:d8:cb:08:49:d8:
                    8b:7c:d5:c3:82:9c:e2:82:a2:63:18:6b:b0:30:54:
                    1b:e4:5a:64:13:45:31:4a:52:2c:64:67:7e:c5:86:
                    52:d4:20:f0:61:71:9e:a2:c5:8e:ef:0e:80:ae:b9:
                    0d:0a:af:3d:b6:0a:1c:3c:70:34:c1:7f:e5:ed:bc:
                    6b:88:2b:52:a2:5e:cc:df:51:88:f7:2e:10:43:2f:
                    f8:a5:89:1b:76:22:bb:3b:0e:d2:30:a7:2c:37:c6:
                    fa:80:4a:ed:d5:8f:aa:8c:4b:25:06:76:1f:fb:99:
                    3d:da:96:d4:68:8e:42:be:db:41:8b:00:64:a4:a7:
                    02:06:63:b0:eb:82:77:a2:ca:22:7e:f4:ee:62:a4:
                    08:e0:8c:60:60:b7:0c:24:b7:82:08:48:91:d9:94:
                    50:17:06:4e:ea:6e:b0:c9:b3:67:4c:4e:31:a8:bb:
                    c1:4e:84:93:7a:ea:41:24:4d:48:0c:8d:d3:e2:20:
                    53:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:20:C4:0F:7D:65:88:93:C0:B5:59:35:BD:77:BE:80:93:A4:BD:C5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS209699.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:8e:15:da:a9:f9:2f:06:f7:b0:28:d6:be:1a:24:1a:17:7c:
         50:72:c0:0f:80:04:5c:c9:76:63:fb:35:ca:ad:59:35:10:69:
         db:4b:55:73:3d:45:ab:1e:88:b1:d8:1e:77:d9:8b:48:4f:ba:
         80:32:6b:ce:bb:65:bd:d8:21:a7:62:3b:7f:af:0b:c1:87:df:
         15:06:90:17:27:a8:7a:50:0e:73:6f:63:2e:2b:39:21:d0:6a:
         01:76:be:76:ff:ac:cd:de:9f:75:ca:74:3e:19:1e:e0:e1:5e:
         87:6f:fb:84:cd:ce:f2:69:df:bd:01:64:c7:c0:c2:8e:1e:7a:
         a0:2d:68:76:df:f9:37:78:59:d6:da:d0:b1:5f:ca:c7:7e:bb:
         1a:73:0d:14:10:40:c8:b8:1c:71:f6:ae:11:0f:a0:4e:65:e5:
         b5:7d:ac:51:5a:c8:f1:da:51:fc:74:99:0b:cb:7e:04:a5:cf:
         d4:b4:87:d6:66:d8:48:47:1f:62:45:5e:7e:2d:18:75:a9:89:
         36:5b:b0:19:84:48:15:1d:b4:c7:04:cd:62:bf:84:e8:65:73:
         f3:9c:6f:b6:38:1b:7d:64:99:64:04:d5:dd:50:de:55:77:99:
         de:e0:28:57:28:fc:99:68:42:b6:86:3f:f5:51:2e:b5:07:59:
         40:f3:3c:ae
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUESiaM2QqJCN4e2UW1BwjuE971/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA0MzAxMzE3MjBaFw0yNjA0MjkxMzIyMjBaMDMxMTAvBgNV
BAMTKDYxMjBDNDBGN0Q2NTg4OTNDMEI1NTkzNUJENzdCRTgwOTNBNEJEQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLvxli9O7V35OhQ6uwYK06ShuQ
ocKtM37QWB3kPzjrFMTDuTUGnA7sxa0TgF2BpZIlzEnN7eNdtbZjs2cy+VggVjUg
uWLYywhJ2It81cOCnOKComMYa7AwVBvkWmQTRTFKUixkZ37FhlLUIPBhcZ6ixY7v
DoCuuQ0Krz22Chw8cDTBf+XtvGuIK1KiXszfUYj3LhBDL/iliRt2Irs7DtIwpyw3
xvqASu3Vj6qMSyUGdh/7mT3altRojkK+20GLAGSkpwIGY7DrgneiyiJ+9O5ipAjg
jGBgtwwkt4IISJHZlFAXBk7qbrDJs2dMTjGou8FOhJN66kEkTUgMjdPiIFOPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYSDED31liJPAtVk1vXe+gJOkvcUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA5Njk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhex
MA0GCSqGSIb3DQEBCwUAA4IBAQCPjhXaqfkvBvewKNa+GiQaF3xQcsAPgARcyXZj
+zXKrVk1EGnbS1VzPUWrHoix2B532YtIT7qAMmvOu2W92CGnYjt/rwvBh98VBpAX
J6h6UA5zb2MuKzkh0GoBdr52/6zN3p91ynQ+GR7g4V6Hb/uEzc7yad+9AWTHwMKO
HnqgLWh23/k3eFnW2tCxX8rHfrsacw0UEEDIuBxx9q4RD6BOZeW1faxRWsjx2lH8
dJkLy34Epc/UtIfWZthIRx9iRV5+LRh1qYk2W7AZhEgVHbTHBM1iv4ToZXPznG+2
OBt9ZJlkBNXdUN5Vd5ne4ChXKPyZaEK2hj/1US61B1lA8zyu
-----END CERTIFICATE-----