Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa
File:                     AS207459.roa (raw, json)
Hash identifier:          6BKjMafhrRj7mAKmsQKYnkE8KAdqY/dfWn2hDVqSukU=
Subject key identifier:   35:AC:18:A2:CC:61:19:2E:E2:D8:EA:25:74:28:93:1A:B3:38:23:29
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       4BDF3EB0E33C7424FA71FE8F5D226643E1D4D797
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa
Signing time:             Mon 18 May 2026 12:04:47 +0000
ROA not before:           Mon 18 May 2026 11:59:47 +0000
ROA not after:            Mon 17 May 2027 12:04:47 +0000
asID:                     207459
IP address blocks:        92.249.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:df:3e:b0:e3:3c:74:24:fa:71:fe:8f:5d:22:66:43:e1:d4:d7:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: May 18 11:59:47 2026 GMT
            Not After : May 17 12:04:47 2027 GMT
        Subject: CN=35AC18A2CC61192EE2D8EA257428931AB3382329
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:ed:79:a3:f4:09:3a:08:f7:d0:7b:1c:5d:cf:
                    ed:8f:bf:25:dd:cc:be:19:5d:45:e2:1b:a2:fb:1f:
                    28:ba:1e:9e:63:c3:00:c4:54:30:c2:31:12:c9:92:
                    c5:03:2d:8a:1c:ac:42:d9:2f:e8:dc:b7:9c:83:ee:
                    8c:24:c5:61:de:10:cf:84:23:7b:1d:ea:b3:8c:1e:
                    11:a4:ed:9f:f1:ff:92:38:6b:58:87:b5:f5:ea:06:
                    c4:82:b2:95:c5:1d:ef:b8:4f:3b:84:96:9a:62:29:
                    3c:02:ba:8d:d3:24:9d:10:fd:9b:d0:2d:81:ab:7e:
                    da:c0:ef:9e:94:03:49:49:7d:30:b9:e0:ea:ee:18:
                    4a:e6:85:65:32:7d:99:b7:88:2f:cc:ca:79:d8:db:
                    7f:79:e0:27:9e:45:ad:ae:e3:20:da:4a:27:3a:73:
                    7e:22:a4:14:bf:12:cc:00:68:46:38:6c:43:f2:3d:
                    4f:d4:be:c0:ae:a3:db:ab:f9:31:a3:54:3b:be:f4:
                    67:4e:cb:02:4e:63:26:9f:7f:16:07:b5:d2:8a:8e:
                    e7:ca:8c:a7:fa:3a:f9:a0:99:f7:9e:48:98:0d:6f:
                    f8:8f:b4:9a:5a:81:38:9c:71:1a:bb:36:a8:37:98:
                    ba:ae:b3:52:b6:bd:1b:43:15:eb:7c:d1:cd:5e:6f:
                    22:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:AC:18:A2:CC:61:19:2E:E2:D8:EA:25:74:28:93:1A:B3:38:23:29
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:1b:f7:f2:43:9f:c8:4d:ef:d1:c0:7c:23:1e:37:89:fb:31:
         ec:fd:15:de:f2:84:ce:0a:1d:5e:3f:22:f5:0f:ae:31:7f:4e:
         28:ab:10:65:1a:da:19:da:66:e7:41:e9:72:39:50:f6:af:7f:
         fb:a2:0c:8f:f1:d5:01:11:d6:75:11:5c:3d:75:70:77:57:67:
         78:00:7a:dc:46:1f:b8:1b:bc:6a:8a:a4:b8:00:9f:72:bb:27:
         0b:33:a1:47:9f:1f:46:25:29:98:79:55:8f:0c:55:c8:1f:b7:
         b8:50:2f:95:2a:0a:58:46:98:73:ff:d8:44:e5:5c:35:b7:bb:
         87:64:6c:a8:4e:49:13:bc:f6:5c:d3:ab:4e:9d:b6:6f:ee:1e:
         dd:ac:48:e0:74:26:ff:31:11:55:d0:0e:66:cc:96:f7:ba:03:
         4b:4e:a9:08:ba:ef:d3:23:05:47:ef:91:38:82:89:9d:2c:01:
         c4:5d:08:d2:8f:40:8f:a1:be:30:80:ac:72:d7:9b:f1:45:6c:
         23:88:f8:61:06:6c:a7:7c:98:b1:0e:e5:2d:81:06:9d:9f:0f:
         26:bc:bd:c2:15:5e:6b:57:60:25:ac:32:8d:f4:56:1d:21:54:
         6f:b2:4c:98:cd:8a:09:a1:84:05:51:78:c2:a4:79:b2:33:bf:
         43:53:87:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS98+sOM8dCT6cf6PXSJmQ+HU15cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA1MTgxMTU5NDdaFw0yNzA1MTcxMjA0NDdaMDMxMTAvBgNV
BAMTKDM1QUMxOEEyQ0M2MTE5MkVFMkQ4RUEyNTc0Mjg5MzFBQjMzODIzMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCF7Xmj9Ak6CPfQexxdz+2PvyXd
zL4ZXUXiG6L7Hyi6Hp5jwwDEVDDCMRLJksUDLYocrELZL+jct5yD7owkxWHeEM+E
I3sd6rOMHhGk7Z/x/5I4a1iHtfXqBsSCspXFHe+4TzuElppiKTwCuo3TJJ0Q/ZvQ
LYGrftrA756UA0lJfTC54OruGErmhWUyfZm3iC/MynnY23954CeeRa2u4yDaSic6
c34ipBS/EswAaEY4bEPyPU/UvsCuo9ur+TGjVDu+9GdOywJOYyaffxYHtdKKjufK
jKf6OvmgmfeeSJgNb/iPtJpagTiccRq7Nqg3mLqus1K2vRtDFet80c1ebyLpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNawYosxhGS7i2OoldCiTGrM4IykwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjA3NDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPk/
MA0GCSqGSIb3DQEBCwUAA4IBAQACG/fyQ5/ITe/RwHwjHjeJ+zHs/RXe8oTOCh1e
PyL1D64xf04oqxBlGtoZ2mbnQelyOVD2r3/7ogyP8dUBEdZ1EVw9dXB3V2d4AHrc
Rh+4G7xqiqS4AJ9yuycLM6FHnx9GJSmYeVWPDFXIH7e4UC+VKgpYRphz/9hE5Vw1
t7uHZGyoTkkTvPZc06tOnbZv7h7drEjgdCb/MRFV0A5mzJb3ugNLTqkIuu/TIwVH
75E4gomdLAHEXQjSj0CPob4wgKxy15vxRWwjiPhhBmynfJixDuUtgQadnw8mvL3C
FV5rV2AlrDKN9FYdIVRvskyYzYoJoYQFUXjCpHmyM79DU4fH
-----END CERTIFICATE-----