Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          nRyJlFUnDlRUicK2X7Om0exaixP8KKRWUaMhGU+EylE=
Subject key identifier:   EA:48:D2:61:10:FF:AB:1D:E5:8A:10:D5:EA:8A:52:DE:A3:58:86:1C
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       63144BD80D3CF2030F0CFCA2501103277566695C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
Signing time:             Mon 12 May 2025 00:00:04 +0000
ROA not before:           Sun 11 May 2025 23:55:04 +0000
ROA not after:            Mon 11 May 2026 00:00:04 +0000
asID:                     209242
IP address blocks:        45.153.7.0/24 maxlen: 24
                          194.113.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:14:4b:d8:0d:3c:f2:03:0f:0c:fc:a2:50:11:03:27:75:66:69:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: May 11 23:55:04 2025 GMT
            Not After : May 11 00:00:04 2026 GMT
        Subject: CN=EA48D26110FFAB1DE58A10D5EA8A52DEA358861C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:91:17:71:60:11:21:d7:82:86:61:94:f3:2c:
                    72:0f:be:ea:c2:de:29:05:3e:6d:bb:56:9f:ae:f4:
                    c8:78:bb:61:14:b0:76:e3:e1:9a:45:a2:56:83:32:
                    fd:21:d8:de:20:18:d7:12:db:cb:5c:79:7e:1e:81:
                    89:5d:37:a4:60:91:33:5b:7d:5b:3c:f5:d7:5d:4f:
                    13:06:24:de:e9:a9:a5:5d:dc:f9:3b:ac:09:f3:fd:
                    f8:48:e3:2f:09:b8:64:00:d8:33:35:f1:39:b9:ce:
                    cc:69:83:5f:fd:19:09:cb:60:36:95:24:17:bc:64:
                    46:c5:39:fe:b2:1b:f3:36:04:39:5e:e4:a1:b7:f7:
                    5c:d3:47:dd:9a:a3:ce:87:19:d9:5e:9d:b5:a1:4a:
                    ae:39:fa:68:61:21:16:10:f3:e6:a9:83:b3:94:bd:
                    d5:66:2a:bf:67:7d:96:4c:cf:1c:47:8a:9d:76:c7:
                    e9:16:e7:d0:1c:fb:ee:cf:22:b7:cc:5d:f3:c8:34:
                    22:93:d0:e8:c7:b8:93:01:d4:19:a3:74:da:92:ae:
                    ea:40:42:c3:32:8f:6d:4f:f0:9f:49:43:41:be:54:
                    db:45:66:ed:bf:17:31:58:a5:56:93:6f:c7:ed:63:
                    43:c1:85:56:e6:ea:0d:66:82:5e:69:31:85:96:e1:
                    ae:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:48:D2:61:10:FF:AB:1D:E5:8A:10:D5:EA:8A:52:DE:A3:58:86:1C
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.7.0/24
                  194.113.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:a9:19:46:fc:14:bc:96:51:cf:4f:85:ed:61:31:b6:42:e3:
         88:7b:21:08:40:13:32:7e:29:ca:0d:48:e0:b4:74:b9:d1:63:
         f4:bb:c4:3a:9a:7d:50:76:2a:42:f9:64:d6:e2:8d:de:4c:9e:
         d4:93:a8:01:ad:77:f8:37:6b:40:22:e1:70:c2:ca:11:d0:62:
         98:56:34:40:ca:00:de:2f:ef:1a:8f:2b:f7:08:ca:a6:bb:2f:
         f2:56:fe:75:38:f6:ec:6a:cf:3d:1d:80:86:60:ad:d2:fe:45:
         8c:2c:2c:93:44:6f:ce:8b:7b:4d:7b:12:4c:07:b0:3e:8b:9a:
         97:3a:a3:68:8f:2b:57:c2:ae:92:be:9d:08:9e:43:58:c0:99:
         91:8c:2d:8e:be:15:3c:47:10:13:13:3e:07:1c:e2:34:e9:d6:
         b8:76:51:2b:7f:a0:68:d5:35:38:c0:30:df:23:b0:78:8d:8e:
         76:1f:43:dc:56:74:94:2b:55:00:28:c3:55:94:fb:b4:22:cc:
         37:7a:23:cd:3f:db:21:6d:4d:5a:03:ed:71:88:71:8a:fa:b9:
         a5:45:79:3f:a0:06:ce:0d:61:14:ec:5e:b4:ca:36:58:9d:c4:
         77:b7:00:55:bf:3a:3e:c9:a5:01:50:90:43:f6:11:4a:3d:8a:
         3b:f8:b8:6d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUYxRL2A088gMPDPyiUBEDJ3VmaVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA1MTEyMzU1MDRaFw0yNjA1MTEwMDAwMDRaMDMxMTAvBgNV
BAMTKEVBNDhEMjYxMTBGRkFCMURFNThBMTBENUVBOEE1MkRFQTM1ODg2MUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6kRdxYBEh14KGYZTzLHIPvurC
3ikFPm27Vp+u9Mh4u2EUsHbj4ZpFolaDMv0h2N4gGNcS28tceX4egYldN6RgkTNb
fVs89dddTxMGJN7pqaVd3Pk7rAnz/fhI4y8JuGQA2DM18Tm5zsxpg1/9GQnLYDaV
JBe8ZEbFOf6yG/M2BDle5KG391zTR92ao86HGdlenbWhSq45+mhhIRYQ8+apg7OU
vdVmKr9nfZZMzxxHip12x+kW59Ac++7PIrfMXfPINCKT0OjHuJMB1BmjdNqSrupA
QsMyj21P8J9JQ0G+VNtFZu2/FzFYpVaTb8ftY0PBhVbm6g1mgl5pMYWW4a7/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6kjSYRD/qx3lihDV6opS3qNYhhwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZkH
AwQAwnHfMA0GCSqGSIb3DQEBCwUAA4IBAQABqRlG/BS8llHPT4XtYTG2QuOIeyEI
QBMyfinKDUjgtHS50WP0u8Q6mn1QdipC+WTW4o3eTJ7Uk6gBrXf4N2tAIuFwwsoR
0GKYVjRAygDeL+8ajyv3CMqmuy/yVv51OPbsas89HYCGYK3S/kWMLCyTRG/Oi3tN
exJMB7A+i5qXOqNojytXwq6Svp0InkNYwJmRjC2OvhU8RxATEz4HHOI06da4dlEr
f6Bo1TU4wDDfI7B4jY52H0PcVnSUK1UAKMNVlPu0Isw3eiPNP9shbU1aA+1xiHGK
+rmlRXk/oAbODWEU7F60yjZYncR3twBVvzo+yaUBUJBD9hFKPYo7+Lht
-----END CERTIFICATE-----