Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209357.roa
File:                     AS209357.roa (raw, json)
Hash identifier:          nye5SG1unQji6BnASSIFv96ZEqr7esGvBWE4+oYI5ZE=
Subject key identifier:   FF:54:AC:72:BF:0E:F7:A2:3B:1E:55:76:C2:C5:E5:F4:6E:30:E7:3C
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       47D39CFD87377E7261CB226C78FE3AFD69E8B54D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209357.roa
Signing time:             Fri 09 May 2025 16:47:03 +0000
ROA not before:           Fri 09 May 2025 16:42:03 +0000
ROA not after:            Fri 08 May 2026 16:47:03 +0000
asID:                     209357
IP address blocks:        2a0f:85c1:c1f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:d3:9c:fd:87:37:7e:72:61:cb:22:6c:78:fe:3a:fd:69:e8:b5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: May  9 16:42:03 2025 GMT
            Not After : May  8 16:47:03 2026 GMT
        Subject: CN=FF54AC72BF0EF7A23B1E5576C2C5E5F46E30E73C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:06:c2:7d:87:f4:25:b5:57:bf:9e:7d:42:09:
                    df:65:0f:ee:85:c9:8b:5d:e3:b4:07:2e:87:47:c7:
                    22:27:b1:1b:72:72:dc:90:5f:d7:53:5e:cf:64:26:
                    ff:1e:08:04:fb:2c:6b:52:66:9c:69:62:a1:1e:84:
                    5b:0a:db:c0:e6:06:24:63:24:7c:33:e1:40:ed:37:
                    19:f2:d7:65:3f:78:e4:6d:4f:e9:85:60:b9:dc:ee:
                    ae:04:7b:48:44:0c:2b:e1:ae:f6:fb:b6:b6:6e:31:
                    9a:31:5f:bc:e5:ab:1a:7f:95:15:28:a5:c0:26:aa:
                    ff:ab:9c:c8:42:11:e2:ab:48:80:7c:51:0d:de:ff:
                    d1:4e:dd:21:2f:cd:c2:f5:cd:69:f2:1f:b5:8d:87:
                    c2:7e:b1:de:b7:ad:27:c3:c0:f4:bb:17:5b:80:cb:
                    91:a3:10:c7:c5:6a:27:25:bb:a7:8f:79:55:0d:16:
                    a3:29:c3:fa:d3:41:65:5f:df:3c:56:d2:4b:8f:2e:
                    0c:53:87:55:07:e8:53:42:57:87:ae:34:53:2a:87:
                    6e:45:d4:f0:c5:38:7d:1c:d9:e8:6e:9d:3e:96:2a:
                    4d:0c:c5:cf:f7:8b:d0:44:5d:1b:fa:db:40:0f:a5:
                    cc:dc:99:39:74:86:d9:18:e2:2e:8e:a5:2b:11:92:
                    4c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:54:AC:72:BF:0E:F7:A2:3B:1E:55:76:C2:C5:E5:F4:6E:30:E7:3C
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209357.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c1f::/48

    Signature Algorithm: sha256WithRSAEncryption
         50:ba:a1:ff:92:23:37:b5:5a:83:bb:3c:cf:f7:2b:b9:34:6c:
         c4:19:14:d3:aa:3b:64:0a:98:5a:06:fe:07:d8:2d:13:8d:9e:
         23:2d:ee:1e:54:aa:c7:86:f9:05:40:7c:4a:bc:4e:88:23:5a:
         39:d0:0d:a6:0d:b3:08:02:8f:56:ee:9e:03:91:9a:bf:da:2f:
         44:f6:b3:4a:d8:e1:2a:ea:16:67:e5:55:e2:f4:0f:05:d9:5a:
         4b:d8:3d:e0:b2:30:2e:49:2c:ba:01:75:39:c1:ff:59:ea:cd:
         c4:b1:c8:a6:74:06:64:03:bc:79:32:df:42:15:2b:6b:02:08:
         1b:05:a8:a2:a0:4b:8e:98:00:4a:f2:50:c3:fb:31:26:d8:13:
         65:c6:c8:6c:d1:cd:e5:be:25:96:e9:83:e7:22:9f:9c:b0:c3:
         83:c1:6f:2a:d6:f2:e2:1d:94:6d:03:80:fe:5a:2d:2b:fc:ed:
         85:57:2e:5e:26:72:f4:82:d9:42:9f:bc:77:3b:73:a5:c3:15:
         d1:02:2d:3b:71:ab:46:24:df:f2:b2:99:6b:70:a4:b4:a2:56:
         bf:90:52:75:7c:88:13:2c:33:ad:32:45:c5:b9:58:e1:b0:59:
         00:f2:ea:58:32:95:39:6d:4b:7b:8a:13:9e:76:79:33:ac:ee:
         b6:b3:76:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUR9Oc/Yc3fnJhyyJseP46/WnotU0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA1MDkxNjQyMDNaFw0yNjA1MDgxNjQ3MDNaMDMxMTAvBgNV
BAMTKEZGNTRBQzcyQkYwRUY3QTIzQjFFNTU3NkMyQzVFNUY0NkUzMEU3M0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1BsJ9h/QltVe/nn1CCd9lD+6F
yYtd47QHLodHxyInsRtyctyQX9dTXs9kJv8eCAT7LGtSZpxpYqEehFsK28DmBiRj
JHwz4UDtNxny12U/eORtT+mFYLnc7q4Ee0hEDCvhrvb7trZuMZoxX7zlqxp/lRUo
pcAmqv+rnMhCEeKrSIB8UQ3e/9FO3SEvzcL1zWnyH7WNh8J+sd63rSfDwPS7F1uA
y5GjEMfFaiclu6ePeVUNFqMpw/rTQWVf3zxW0kuPLgxTh1UH6FNCV4euNFMqh25F
1PDFOH0c2ehunT6WKk0Mxc/3i9BEXRv620APpczcmTl0htkY4i6OpSsRkkw3AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU/1Sscr8O96I7HlV2wsXl9G4w5zwwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5MzU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwfMA0GCSqGSIb3DQEBCwUAA4IBAQBQuqH/kiM3tVqDuzzP9yu5NGzEGRTTqjtk
CphaBv4H2C0TjZ4jLe4eVKrHhvkFQHxKvE6II1o50A2mDbMIAo9W7p4DkZq/2i9E
9rNK2OEq6hZn5VXi9A8F2VpL2D3gsjAuSSy6AXU5wf9Z6s3EscimdAZkA7x5Mt9C
FStrAggbBaiioEuOmABK8lDD+zEm2BNlxshs0c3lviWW6YPnIp+csMODwW8q1vLi
HZRtA4D+Wi0r/O2FVy5eJnL0gtlCn7x3O3OlwxXRAi07catGJN/ysplrcKS0ola/
kFJ1fIgTLDOtMkXFuVjhsFkA8upYMpU5bUt7ihOednkzrO62s3b1
-----END CERTIFICATE-----