Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209131.roa
File:                     AS209131.roa (raw, json)
Hash identifier:          9z9e7+ew7KS+2FWyHaiPiub/PF/SqsUgb2Mq5e3rhfk=
Subject key identifier:   7A:25:60:00:78:CF:A2:86:84:AF:4A:03:59:90:CD:70:67:69:CC:0C
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       74EAAF3B3351E8BE012789BD8D8554790EC7AB86
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209131.roa
Signing time:             Wed 07 May 2025 14:03:07 +0000
ROA not before:           Wed 07 May 2025 13:58:07 +0000
ROA not after:            Wed 06 May 2026 14:03:07 +0000
asID:                     209131
IP address blocks:        31.40.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 10:49:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:ea:af:3b:33:51:e8:be:01:27:89:bd:8d:85:54:79:0e:c7:ab:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: May  7 13:58:07 2025 GMT
            Not After : May  6 14:03:07 2026 GMT
        Subject: CN=7A25600078CFA28684AF4A035990CD706769CC0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0d:4b:bd:a9:a9:d9:92:e5:87:56:11:93:61:
                    48:f2:f5:7a:5f:42:7c:b2:ba:73:3c:9d:d6:5a:de:
                    63:cb:e0:fb:30:0c:c1:64:33:ad:80:20:81:d8:f2:
                    db:86:98:c7:32:ce:09:51:ca:1b:35:a2:b1:2f:42:
                    5c:08:a8:42:f8:10:1d:d2:6e:28:d5:f3:ba:c8:df:
                    49:88:fa:2f:a8:6f:db:80:37:53:13:e5:1a:0d:d9:
                    4f:39:e0:10:5a:fb:a0:d8:22:cf:0d:88:bc:11:f0:
                    38:37:32:65:9e:2d:c3:0c:17:23:9e:1d:a9:ba:39:
                    c3:ba:bb:2a:70:fa:be:e6:0d:ba:23:b3:a0:76:1c:
                    15:8f:91:67:dd:68:f4:c4:a1:05:1c:f2:90:aa:99:
                    f2:34:7e:3a:da:77:0e:9b:41:40:db:b9:8c:07:3a:
                    60:7b:b4:ae:3f:15:14:e8:91:ab:33:77:14:2a:fe:
                    34:71:78:75:91:8a:0f:50:aa:f1:9d:7d:b0:9e:e2:
                    c5:c8:13:33:c7:b8:00:0c:f4:6a:0b:6f:05:b8:f9:
                    ea:f4:56:90:dd:28:d9:39:6b:c4:9a:1d:50:62:f5:
                    4d:f4:9d:fe:5d:87:13:09:a1:6a:8e:5b:d9:4f:5f:
                    7d:9f:30:b8:fb:08:28:7a:e0:50:ee:70:0f:28:57:
                    3b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:25:60:00:78:CF:A2:86:84:AF:4A:03:59:90:CD:70:67:69:CC:0C
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209131.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:df:57:10:ab:0b:0c:b4:e6:fd:3a:8f:d1:25:00:d4:ed:15:
         19:d4:68:ca:3c:6f:f7:a4:8f:e2:e4:5d:e5:97:6c:7b:76:cc:
         8f:de:11:58:ba:05:49:d7:19:98:ee:30:35:19:4e:b6:67:6a:
         ff:c6:f4:cc:67:29:69:6a:dc:15:5c:d9:7a:da:36:99:2f:43:
         e3:17:af:9f:2c:b1:22:09:cb:02:3b:5e:0f:31:e9:9a:f0:3b:
         cf:8d:7d:f8:62:06:23:22:da:96:ca:40:79:ef:50:8c:2f:2e:
         38:ef:fd:07:b8:be:e0:43:18:11:f6:e2:da:45:08:da:f2:d7:
         8d:7b:2f:4c:3b:98:94:a5:d4:fe:24:75:8d:6c:b0:1b:83:47:
         74:f4:9c:fb:4c:2d:32:db:ae:d3:79:1f:40:f6:a9:0b:45:e3:
         ce:31:56:a9:88:72:42:45:76:1a:4c:d0:17:eb:40:b3:5f:84:
         fb:45:50:24:b8:e9:1d:09:34:be:65:45:f6:59:01:5a:39:ec:
         c0:ac:bb:0a:2b:57:7b:d6:da:c8:8c:f0:bd:50:d9:16:19:7c:
         0b:8c:72:54:88:e5:16:51:4a:3f:f3:72:17:e0:cf:b5:db:69:
         51:bb:e0:d1:30:6d:db:79:00:02:2f:72:9a:50:36:ed:f0:4a:
         b0:ca:e6:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdOqvOzNR6L4BJ4m9jYVUeQ7Hq4YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA1MDcxMzU4MDdaFw0yNjA1MDYxNDAzMDdaMDMxMTAvBgNV
BAMTKDdBMjU2MDAwNzhDRkEyODY4NEFGNEEwMzU5OTBDRDcwNjc2OUNDMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7DUu9qanZkuWHVhGTYUjy9Xpf
QnyyunM8ndZa3mPL4PswDMFkM62AIIHY8tuGmMcyzglRyhs1orEvQlwIqEL4EB3S
bijV87rI30mI+i+ob9uAN1MT5RoN2U854BBa+6DYIs8NiLwR8Dg3MmWeLcMMFyOe
Ham6OcO6uypw+r7mDbojs6B2HBWPkWfdaPTEoQUc8pCqmfI0fjradw6bQUDbuYwH
OmB7tK4/FRTokaszdxQq/jRxeHWRig9QqvGdfbCe4sXIEzPHuAAM9GoLbwW4+er0
VpDdKNk5a8SaHVBi9U30nf5dhxMJoWqOW9lPX32fMLj7CCh64FDucA8oVzvzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUeiVgAHjPooaEr0oDWZDNcGdpzAwwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA5MTMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAHyjE
MA0GCSqGSIb3DQEBCwUAA4IBAQCP31cQqwsMtOb9Oo/RJQDU7RUZ1GjKPG/3pI/i
5F3ll2x7dsyP3hFYugVJ1xmY7jA1GU62Z2r/xvTMZylpatwVXNl62jaZL0PjF6+f
LLEiCcsCO14PMema8DvPjX34YgYjItqWykB571CMLy447/0HuL7gQxgR9uLaRQja
8teNey9MO5iUpdT+JHWNbLAbg0d09Jz7TC0y267TeR9A9qkLRePOMVapiHJCRXYa
TNAX60CzX4T7RVAkuOkdCTS+ZUX2WQFaOezArLsKK1d71trIjPC9UNkWGXwLjHJU
iOUWUUo/83IX4M+122lRu+DRMG3beQACL3KaUDbt8EqwyubC
-----END CERTIFICATE-----