Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa
File:                     AS207459.roa (raw, json)
Hash identifier:          Frf0QFSTkgPaDGicko2lkXofaOfEeOIISoA3SjzgOnA=
Subject key identifier:   4F:83:D1:3B:F0:F0:76:A3:F2:C7:E6:E5:45:90:95:B9:3D:03:D4:56
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       07F21067A8BE7E54538F2CB40D35E9C68CAFA01E
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa
Signing time:             Wed 15 Apr 2026 11:55:37 +0000
ROA not before:           Wed 15 Apr 2026 11:50:37 +0000
ROA not after:            Wed 14 Apr 2027 11:55:37 +0000
asID:                     207459
IP address blocks:        92.249.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:f2:10:67:a8:be:7e:54:53:8f:2c:b4:0d:35:e9:c6:8c:af:a0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 15 11:50:37 2026 GMT
            Not After : Apr 14 11:55:37 2027 GMT
        Subject: CN=4F83D13BF0F076A3F2C7E6E5459095B93D03D456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:83:44:d0:3a:27:96:c2:c9:99:a5:3e:2b:d0:
                    ae:f6:8a:e2:11:3c:36:cb:8a:90:d7:db:bd:3b:70:
                    9f:dd:ab:01:fc:53:17:32:fa:90:46:74:05:9a:f5:
                    2b:25:99:2c:de:de:07:ff:d5:4a:78:a2:db:7b:c4:
                    fe:7d:c0:73:88:6b:ec:ea:dc:1d:fb:b6:75:45:6e:
                    a0:9b:b7:83:dc:95:e8:b8:53:aa:47:5a:10:ec:21:
                    a0:0f:76:77:8f:35:d3:26:42:1b:b5:88:2c:f4:7c:
                    9e:f9:62:b9:31:9a:e5:2d:13:ca:9b:06:ae:4b:ef:
                    98:80:14:33:e7:ca:f1:dc:28:45:1d:c8:15:c0:77:
                    f2:36:53:52:12:1f:c2:e2:9e:99:a7:4b:f2:90:b9:
                    13:ad:a4:14:81:c2:7e:bf:e4:50:d0:7e:98:b9:89:
                    33:2f:33:6a:51:21:9d:be:a2:57:68:7e:3b:9f:bd:
                    a4:95:82:08:03:ac:dc:36:9c:86:d0:f9:a1:55:7f:
                    a8:1b:06:ce:e7:79:8b:ac:3b:b7:9c:a9:66:f4:41:
                    01:10:53:00:25:3a:86:df:e2:47:0b:47:72:98:d0:
                    63:3e:87:26:3c:0c:52:68:d1:df:b8:5f:fc:6f:56:
                    3b:df:b5:ae:2b:47:89:66:df:bb:73:a4:10:d1:b0:
                    1b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:83:D1:3B:F0:F0:76:A3:F2:C7:E6:E5:45:90:95:B9:3D:03:D4:56
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS207459.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.249.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:42:38:94:18:92:82:f2:d9:2a:df:a7:83:ad:ab:cb:67:04:
         90:fb:99:10:0e:b1:0f:79:4a:3e:29:74:c2:48:09:70:e1:7c:
         f6:05:cd:50:65:03:22:60:70:08:03:82:be:05:12:a4:10:69:
         87:48:da:9a:35:08:be:ae:00:0e:ba:14:22:67:32:29:53:46:
         0d:b1:cc:a1:a7:96:6b:c6:3c:ad:66:ce:be:3c:ba:21:24:8a:
         47:a7:8f:b9:53:67:02:d7:62:da:60:93:79:89:57:32:e5:17:
         8e:68:93:15:e9:e5:e9:7e:0a:e4:28:35:77:80:76:fe:d2:bb:
         34:b8:27:b6:4b:4b:1d:76:00:6d:2d:12:c1:e4:9d:15:cb:c3:
         97:cb:01:49:9b:9f:4a:e0:19:b3:0a:88:16:ba:f5:94:4f:ee:
         bb:43:b8:2d:a1:2a:9a:6b:fa:54:7d:a7:5b:e1:2e:43:4d:90:
         c3:30:00:f1:0e:16:29:21:66:e8:ce:ff:e1:a1:d7:f6:10:58:
         d0:04:5c:4a:b2:8e:4a:7a:a8:c8:e6:14:d1:fe:0a:da:98:93:
         ac:9d:2b:00:cb:16:43:c9:d6:b2:a8:57:80:03:62:6d:a6:5c:
         e0:ee:2a:98:6c:0b:f3:78:0e:57:7c:43:c1:5a:7c:9b:1c:71:
         e9:0f:3f:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB/IQZ6i+flRTjyy0DTXpxoyvoB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MTUxMTUwMzdaFw0yNzA0MTQxMTU1MzdaMDMxMTAvBgNV
BAMTKDRGODNEMTNCRjBGMDc2QTNGMkM3RTZFNTQ1OTA5NUI5M0QwM0Q0NTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAg0TQOieWwsmZpT4r0K72iuIR
PDbLipDX2707cJ/dqwH8Uxcy+pBGdAWa9SslmSze3gf/1Up4ott7xP59wHOIa+zq
3B37tnVFbqCbt4Pclei4U6pHWhDsIaAPdnePNdMmQhu1iCz0fJ75YrkxmuUtE8qb
Bq5L75iAFDPnyvHcKEUdyBXAd/I2U1ISH8LinpmnS/KQuROtpBSBwn6/5FDQfpi5
iTMvM2pRIZ2+oldofjufvaSVgggDrNw2nIbQ+aFVf6gbBs7neYusO7ecqWb0QQEQ
UwAlOobf4kcLR3KY0GM+hyY8DFJo0d+4X/xvVjvfta4rR4lm37tzpBDRsBvzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUT4PRO/DwdqPyx+blRZCVuT0D1FYwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjA3NDU5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPk/
MA0GCSqGSIb3DQEBCwUAA4IBAQCtQjiUGJKC8tkq36eDravLZwSQ+5kQDrEPeUo+
KXTCSAlw4Xz2Bc1QZQMiYHAIA4K+BRKkEGmHSNqaNQi+rgAOuhQiZzIpU0YNscyh
p5ZrxjytZs6+PLohJIpHp4+5U2cC12LaYJN5iVcy5ReOaJMV6eXpfgrkKDV3gHb+
0rs0uCe2S0sddgBtLRLB5J0Vy8OXywFJm59K4BmzCogWuvWUT+67Q7gtoSqaa/pU
fadb4S5DTZDDMADxDhYpIWbozv/hodf2EFjQBFxKso5KeqjI5hTR/gramJOsnSsA
yxZDydayqFeAA2Jtplzg7iqYbAvzeA5XfEPBWnybHHHpDz/t
-----END CERTIFICATE-----