Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa
File:                     AS209338.roa (raw, json)
Hash identifier:          yqOTfu85mj9pY9F+ikKmy45hpRBfTSHdLAXHF/ftJjE=
Subject key identifier:   82:8D:DB:1C:71:9D:26:B4:94:C8:CE:05:7E:97:68:16:C9:7D:72:14
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3506DF58DC405E38D213FC51C6E9E2882BC1E36C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa
Signing time:             Wed 07 May 2025 01:52:22 +0000
ROA not before:           Wed 07 May 2025 01:47:22 +0000
ROA not after:            Wed 06 May 2026 01:52:22 +0000
asID:                     209338
IP address blocks:        2a0f:85c1:c30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:06:df:58:dc:40:5e:38:d2:13:fc:51:c6:e9:e2:88:2b:c1:e3:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May  7 01:47:22 2025 GMT
            Not After : May  6 01:52:22 2026 GMT
        Subject: CN=828DDB1C719D26B494C8CE057E976816C97D7214
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:12:6a:16:be:2c:03:80:7e:fe:fa:f6:93:1c:
                    28:2b:59:0b:cc:79:ab:c6:82:9c:ac:50:33:93:15:
                    23:80:3f:80:03:dd:f6:49:3b:26:0d:7b:47:e9:ee:
                    73:23:92:fd:8f:2f:85:2f:1b:59:fa:eb:f4:2d:d4:
                    68:c0:3e:5e:73:ff:4c:f4:85:da:56:55:28:9a:79:
                    9e:df:74:e6:35:2d:8f:d9:a3:44:0f:9f:a5:ef:96:
                    bb:94:33:c6:0d:98:35:d1:03:d4:31:ac:3a:37:cc:
                    95:f1:ac:8e:73:34:04:a5:cf:f4:22:38:48:8f:29:
                    d5:6f:6c:d0:85:a2:d2:76:cd:da:bf:40:c1:c0:32:
                    99:0d:6c:a4:5c:c6:9b:07:a7:e0:51:3a:a3:56:38:
                    f2:ba:51:0c:0a:52:b6:26:55:d7:d7:0a:d5:04:e3:
                    88:72:90:d9:a3:b8:79:f6:fd:c2:25:48:0d:1e:a6:
                    78:8d:ad:8b:fb:2e:0a:91:76:6f:22:9c:f2:83:75:
                    20:8d:55:32:fe:b1:8a:8c:77:51:4a:ed:ac:e7:db:
                    dd:76:e7:1e:00:4e:5b:ee:ca:81:7b:23:8c:3d:5b:
                    27:77:68:2d:22:c7:2d:fc:83:bb:7f:f5:58:b8:00:
                    33:e6:d4:b0:28:bf:fb:bc:6c:e8:84:2c:37:d3:74:
                    29:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:8D:DB:1C:71:9D:26:B4:94:C8:CE:05:7E:97:68:16:C9:7D:72:14
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c30::/48

    Signature Algorithm: sha256WithRSAEncryption
         28:de:ed:ab:de:1d:55:97:82:c2:7d:fb:e7:cd:b6:83:78:41:
         16:89:16:e4:34:0d:a0:13:8d:4c:d3:30:39:7d:43:ff:ce:44:
         9e:30:79:a7:ca:16:ad:68:1b:ff:70:6e:b5:27:8f:0f:0a:5d:
         35:a3:ae:2c:99:7f:3a:72:8b:25:a2:74:f7:0a:c8:7f:fa:cf:
         9b:ef:4f:d3:1e:33:c6:14:2b:01:17:1f:97:8d:4b:31:ec:fb:
         ac:e0:c9:39:9d:21:10:32:ba:69:0d:39:41:3c:f5:74:c5:ab:
         a6:2b:82:de:a2:f0:66:cf:48:25:f6:bf:20:9d:df:38:44:ea:
         f3:4f:49:e2:58:09:32:8a:1b:ef:d3:b7:78:9f:0b:e3:d6:90:
         80:37:85:57:e3:2f:c1:21:02:27:a4:26:7e:4e:c6:a1:cb:04:
         8c:df:61:89:f8:41:cf:05:9f:15:eb:7f:4d:15:0e:b4:5a:5b:
         45:6f:ee:1c:08:06:04:17:cd:7e:3e:2e:8a:4e:a2:68:77:71:
         36:cc:70:2c:24:9d:57:60:13:f1:2e:14:d7:17:f6:58:a5:df:
         94:f0:e2:18:2a:87:48:75:dc:f5:96:96:16:b9:d9:67:77:5a:
         b1:71:13:c0:6a:c2:1e:ff:db:f9:a7:f7:cf:bc:39:54:8d:74:
         22:34:b5:d1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUNQbfWNxAXjjSE/xRxuniiCvB42wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MDcwMTQ3MjJaFw0yNjA1MDYwMTUyMjJaMDMxMTAvBgNV
BAMTKDgyOEREQjFDNzE5RDI2QjQ5NEM4Q0UwNTdFOTc2ODE2Qzk3RDcyMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDnEmoWviwDgH7++vaTHCgrWQvM
eavGgpysUDOTFSOAP4AD3fZJOyYNe0fp7nMjkv2PL4UvG1n66/Qt1GjAPl5z/0z0
hdpWVSiaeZ7fdOY1LY/Zo0QPn6XvlruUM8YNmDXRA9QxrDo3zJXxrI5zNASlz/Qi
OEiPKdVvbNCFotJ2zdq/QMHAMpkNbKRcxpsHp+BROqNWOPK6UQwKUrYmVdfXCtUE
44hykNmjuHn2/cIlSA0epniNrYv7LgqRdm8inPKDdSCNVTL+sYqMd1FK7azn2912
5x4ATlvuyoF7I4w9Wyd3aC0ixy38g7t/9Vi4ADPm1LAov/u8bOiELDfTdCkDAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUgo3bHHGdJrSUyM4FfpdoFsl9chQwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5MzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwwMA0GCSqGSIb3DQEBCwUAA4IBAQAo3u2r3h1Vl4LCffvnzbaDeEEWiRbkNA2g
E41M0zA5fUP/zkSeMHmnyhataBv/cG61J48PCl01o64smX86coslonT3Csh/+s+b
70/THjPGFCsBFx+XjUsx7Pus4Mk5nSEQMrppDTlBPPV0xaumK4LeovBmz0gl9r8g
nd84ROrzT0niWAkyihvv07d4nwvj1pCAN4VX4y/BIQInpCZ+TsahywSM32GJ+EHP
BZ8V639NFQ60WltFb+4cCAYEF81+Pi6KTqJod3E2zHAsJJ1XYBPxLhTXF/ZYpd+U
8OIYKodIddz1lpYWudlnd1qxcRPAasIe/9v5p/fPvDlUjXQiNLXR
-----END CERTIFICATE-----