Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS209658.roa
File:                     AS209658.roa (raw, json)
Hash identifier:          f3bSBWPHSAtKVPBHQE9yOXbdxDqDDNmgHImFAHvXvek=
Subject key identifier:   A5:3A:AB:DF:2F:C3:30:6D:57:BC:B0:D6:79:18:5E:62:08:96:31:9E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0B73CFF7908222BF32E610FF599048F90473AB38
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS209658.roa
Signing time:             Sun 26 Apr 2026 19:20:01 +0000
ROA not before:           Sun 26 Apr 2026 19:15:01 +0000
ROA not after:            Sun 25 Apr 2027 19:20:01 +0000
asID:                     209658
IP address blocks:        95.134.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:73:cf:f7:90:82:22:bf:32:e6:10:ff:59:90:48:f9:04:73:ab:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 26 19:15:01 2026 GMT
            Not After : Apr 25 19:20:01 2027 GMT
        Subject: CN=A53AABDF2FC3306D57BCB0D679185E620896319E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d5:ae:44:a4:93:a4:75:ad:48:91:ee:8d:ab:
                    36:bf:c4:0b:bc:72:25:3b:af:9a:dd:04:13:28:8a:
                    17:30:9a:24:8d:be:ba:5a:bb:a3:60:ce:a9:54:bc:
                    db:85:b8:9a:0b:22:88:1b:a0:44:50:c1:0c:b0:73:
                    c6:3a:05:40:5c:91:84:01:57:41:3e:76:36:85:b0:
                    63:1e:b7:ab:3b:e2:43:ec:04:9c:b4:e6:b6:55:0a:
                    50:a8:e9:44:f5:c8:fa:da:cb:ca:96:cc:cf:35:06:
                    2c:bf:8d:80:41:d4:b8:2a:e7:c9:d5:76:de:2f:ae:
                    85:b1:17:b3:64:fa:8d:24:c5:94:c3:43:b4:84:7d:
                    5c:11:d4:3f:c6:2d:b6:41:ba:c4:2f:50:a6:cf:af:
                    89:a8:7a:33:47:ce:12:50:86:ad:3e:51:9c:c4:ab:
                    93:4d:62:fa:2d:c0:c8:ca:16:ee:83:72:a0:33:99:
                    25:05:33:78:8e:b7:76:94:dd:4a:8a:57:b8:77:0f:
                    6b:93:94:fc:cd:44:65:bf:b5:c0:c3:c6:b3:94:35:
                    54:5e:ea:25:f6:67:86:1c:17:76:87:fe:7b:d3:b6:
                    86:70:bc:25:3a:ea:7c:29:68:d3:58:5b:c1:40:f3:
                    c6:dd:29:c7:c3:e4:f0:53:e0:00:06:cb:d5:cf:a9:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:3A:AB:DF:2F:C3:30:6D:57:BC:B0:D6:79:18:5E:62:08:96:31:9E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS209658.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:e0:de:a5:fa:7f:97:6d:6d:a1:08:ec:70:bb:76:00:16:33:
         61:89:e1:d7:5f:fd:54:85:05:89:cb:e2:ac:af:2c:4f:4d:c0:
         c5:7e:48:2d:bb:30:f3:2d:93:4f:93:c2:1d:97:49:25:5c:53:
         7a:71:12:90:a5:b3:c8:f2:bd:0b:a5:35:d1:37:8e:44:b8:9d:
         15:9c:8b:2a:04:df:cc:0d:51:81:fc:3f:8f:5f:23:21:c6:e7:
         46:e1:0d:e1:27:65:0c:67:df:4c:b6:f1:73:85:91:2a:2c:21:
         e4:48:08:89:de:04:12:4c:c1:91:f9:8f:d7:6c:44:96:8e:ca:
         54:cb:99:46:9a:40:28:ed:23:63:41:cc:20:d4:8c:1f:ae:1c:
         91:55:e5:55:f7:3c:38:b7:c2:b2:4a:5e:78:9c:6e:67:22:68:
         2a:18:d2:6a:bf:ca:26:bc:c3:bf:af:9d:62:c4:a1:3b:dd:3a:
         f3:e5:06:30:ea:f2:01:72:15:08:d3:cc:be:93:85:77:59:f2:
         e6:15:ec:2c:2f:59:36:48:06:95:70:53:31:c7:a5:29:1c:12:
         45:69:ab:b8:9b:83:8a:1d:e8:7f:cb:b6:de:5a:a5:69:6c:1d:
         04:4c:82:fb:4e:95:0f:8a:88:f3:24:bc:f2:81:04:95:90:61:
         69:d9:0a:e9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUC3PP95CCIr8y5hD/WZBI+QRzqzgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjYxOTE1MDFaFw0yNzA0MjUxOTIwMDFaMDMxMTAvBgNV
BAMTKEE1M0FBQkRGMkZDMzMwNkQ1N0JDQjBENjc5MTg1RTYyMDg5NjMxOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ1a5EpJOkda1Ike6Nqza/xAu8
ciU7r5rdBBMoihcwmiSNvrpau6NgzqlUvNuFuJoLIogboERQwQywc8Y6BUBckYQB
V0E+djaFsGMet6s74kPsBJy05rZVClCo6UT1yPray8qWzM81Biy/jYBB1Lgq58nV
dt4vroWxF7Nk+o0kxZTDQ7SEfVwR1D/GLbZBusQvUKbPr4moejNHzhJQhq0+UZzE
q5NNYvotwMjKFu6DcqAzmSUFM3iOt3aU3UqKV7h3D2uTlPzNRGW/tcDDxrOUNVRe
6iX2Z4YcF3aH/nvTtoZwvCU66nwpaNNYW8FA88bdKcfD5PBT4AAGy9XPqZQxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUpTqr3y/DMG1XvLDWeRheYgiWMZ4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA5NjU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4YE
MA0GCSqGSIb3DQEBCwUAA4IBAQAk4N6l+n+XbW2hCOxwu3YAFjNhieHXX/1UhQWJ
y+KsryxPTcDFfkgtuzDzLZNPk8Idl0klXFN6cRKQpbPI8r0LpTXRN45EuJ0VnIsq
BN/MDVGB/D+PXyMhxudG4Q3hJ2UMZ99MtvFzhZEqLCHkSAiJ3gQSTMGR+Y/XbESW
jspUy5lGmkAo7SNjQcwg1IwfrhyRVeVV9zw4t8KySl54nG5nImgqGNJqv8omvMO/
r51ixKE73Trz5QYw6vIBchUI08y+k4V3WfLmFewsL1k2SAaVcFMxx6UpHBJFaau4
m4OKHeh/y7beWqVpbB0ETIL7TpUPiojzJLzygQSVkGFp2Qrp
-----END CERTIFICATE-----