Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
File:                     AS209768.roa (raw, json)
Hash identifier:          b9d3SC7aqnfXj5zeG688VnVHLhY3CD49tqdO5sLweGs=
Subject key identifier:   88:B6:E1:E5:8F:97:4D:52:03:7C:2B:51:32:3A:88:18:F9:C6:BF:2F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       69D26A88A7ED373D5E67D3E94D0D9A0F63E51888
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
Signing time:             Sun 03 Aug 2025 09:54:13 +0000
ROA not before:           Sun 03 Aug 2025 09:49:13 +0000
ROA not after:            Sun 02 Aug 2026 09:54:13 +0000
asID:                     209768
IP address blocks:        191.96.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            69:d2:6a:88:a7:ed:37:3d:5e:67:d3:e9:4d:0d:9a:0f:63:e5:18:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug  3 09:49:13 2025 GMT
            Not After : Aug  2 09:54:13 2026 GMT
        Subject: CN=88B6E1E58F974D52037C2B51323A8818F9C6BF2F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:71:d3:dd:d9:20:fd:c7:4f:fd:97:8c:18:f6:
                    a1:11:04:07:0b:47:d5:cf:93:0e:b0:48:8f:c3:72:
                    6a:16:6c:fe:95:6e:7b:86:99:38:ef:c5:3e:34:f9:
                    c0:b7:2d:c8:bf:a4:04:89:31:97:25:64:e0:4c:12:
                    6f:a2:a4:ed:45:44:6e:c0:7f:ea:fb:a0:16:d8:e8:
                    dd:09:a5:33:cc:7b:df:d8:82:19:fa:b1:f9:f3:f7:
                    11:a2:74:03:32:cc:7e:f3:9a:a2:bb:9c:6b:a1:6f:
                    d2:9e:32:86:df:81:62:6d:8d:51:5b:00:41:54:9a:
                    79:b7:e6:46:54:86:3f:25:a9:ad:4e:14:69:9e:20:
                    05:3c:e8:b9:03:da:f4:28:5b:e6:3c:4b:85:5c:e4:
                    de:81:bf:a8:42:9a:42:0b:09:f5:ac:5a:8a:2c:22:
                    68:b4:49:fb:2e:0c:85:f5:65:78:da:00:94:c5:0b:
                    05:19:01:48:83:94:ef:47:95:32:62:d2:e5:d8:4b:
                    50:99:fe:d0:29:88:9b:1d:bf:bc:0f:e7:c0:24:20:
                    48:61:41:15:00:87:d4:1b:67:bf:f6:33:95:42:ec:
                    27:1a:d2:08:1f:87:0f:f2:70:3e:46:0c:4e:04:dc:
                    ca:2e:bc:98:54:73:a5:a1:dd:3d:ec:8e:7f:37:2a:
                    d8:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:B6:E1:E5:8F:97:4D:52:03:7C:2B:51:32:3A:88:18:F9:C6:BF:2F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:e3:0b:64:59:73:8b:26:f3:39:5b:b0:53:c6:2c:90:20:f9:
         c7:b2:ff:ce:7d:08:5a:d3:ca:1b:32:c1:3b:f5:36:b4:ba:e4:
         45:4a:5f:6e:5a:42:52:32:89:0d:02:8b:cf:2b:e5:4c:66:8b:
         97:0e:be:b8:11:95:3d:73:4e:d9:08:6f:46:84:27:28:b7:e1:
         36:6a:f2:47:d2:60:2f:bf:89:c5:77:87:d9:69:a4:98:f0:d5:
         bf:e1:3c:ec:4f:95:cc:e7:bf:74:e2:ee:48:0f:28:a6:db:9b:
         0d:9f:12:e2:b5:04:13:3b:86:34:45:01:27:5f:ae:5a:67:2a:
         cf:7c:b8:72:bb:52:38:2d:7e:e7:85:f8:c9:02:9b:b0:ec:09:
         2c:50:61:64:4a:60:15:ed:a1:38:ed:8c:81:75:75:01:64:be:
         d2:70:a6:58:08:85:49:96:d8:9f:2e:9f:b4:fd:c2:a9:a8:40:
         32:1f:ba:5b:d8:60:95:96:27:3f:22:5d:8a:be:ce:1f:a9:a0:
         c2:43:3d:1c:90:47:e1:ec:9b:04:b1:c9:46:9b:f1:a7:46:31:
         a0:d4:29:64:44:d7:81:4a:b1:bf:e8:9b:f3:d2:b2:79:a0:19:
         ca:b5:3f:5d:48:32:36:f6:ee:2c:1f:b4:51:c6:65:5d:44:e4:
         d2:c0:99:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUadJqiKftNz1eZ9PpTQ2aD2PlGIgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA4MDMwOTQ5MTNaFw0yNjA4MDIwOTU0MTNaMDMxMTAvBgNV
BAMTKDg4QjZFMUU1OEY5NzRENTIwMzdDMkI1MTMyM0E4ODE4RjlDNkJGMkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCVcdPd2SD9x0/9l4wY9qERBAcL
R9XPkw6wSI/DcmoWbP6VbnuGmTjvxT40+cC3Lci/pASJMZclZOBMEm+ipO1FRG7A
f+r7oBbY6N0JpTPMe9/Yghn6sfnz9xGidAMyzH7zmqK7nGuhb9KeMobfgWJtjVFb
AEFUmnm35kZUhj8lqa1OFGmeIAU86LkD2vQoW+Y8S4Vc5N6Bv6hCmkILCfWsWoos
Imi0SfsuDIX1ZXjaAJTFCwUZAUiDlO9HlTJi0uXYS1CZ/tApiJsdv7wP58AkIEhh
QRUAh9QbZ7/2M5VC7Cca0ggfhw/ycD5GDE4E3MouvJhUc6Wh3T3sjn83KtifAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUiLbh5Y+XTVIDfCtRMjqIGPnGvy8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Cw
MA0GCSqGSIb3DQEBCwUAA4IBAQAJ4wtkWXOLJvM5W7BTxiyQIPnHsv/OfQha08ob
MsE79Ta0uuRFSl9uWkJSMokNAovPK+VMZouXDr64EZU9c07ZCG9GhCcot+E2avJH
0mAvv4nFd4fZaaSY8NW/4TzsT5XM57904u5IDyim25sNnxLitQQTO4Y0RQEnX65a
ZyrPfLhyu1I4LX7nhfjJApuw7AksUGFkSmAV7aE47YyBdXUBZL7ScKZYCIVJltif
Lp+0/cKpqEAyH7pb2GCVlic/Il2Kvs4fqaDCQz0ckEfh7JsEsclGm/GnRjGg1Clk
RNeBSrG/6Jvz0rJ5oBnKtT9dSDI29u4sH7RRxmVdROTSwJk9
-----END CERTIFICATE-----