Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa
File:                     AS209338.roa (raw, json)
Hash identifier:          73W6k9vGeowI7Ryzf6CZiMUYD3Lyt+bu9rwskzrcews=
Subject key identifier:   F8:7F:24:94:11:06:F6:32:4E:70:B7:67:F6:2A:7C:23:F4:83:B4:69
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1C9E00B1E725AA943CFB320B41843E134BA85742
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa
Signing time:             Wed 08 Apr 2026 02:08:30 +0000
ROA not before:           Wed 08 Apr 2026 02:03:30 +0000
ROA not after:            Wed 07 Apr 2027 02:08:30 +0000
asID:                     209338
IP address blocks:        2a0f:85c1:c30::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:9e:00:b1:e7:25:aa:94:3c:fb:32:0b:41:84:3e:13:4b:a8:57:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr  8 02:03:30 2026 GMT
            Not After : Apr  7 02:08:30 2027 GMT
        Subject: CN=F87F24941106F6324E70B767F62A7C23F483B469
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:fd:1a:87:69:1e:7b:d7:56:0c:e1:65:68:e9:
                    66:de:24:65:b5:e3:6b:0e:4d:5e:e8:8b:65:b1:1f:
                    95:bf:20:44:d0:99:7f:43:0a:e2:bb:f3:7e:4d:bd:
                    1a:7a:86:f3:f9:4c:43:bd:52:8a:d7:6b:cc:d6:51:
                    20:c4:4a:fa:f5:a8:73:fe:0e:ef:d7:6b:2f:43:c1:
                    16:1b:a6:56:ff:a6:d7:26:14:78:af:0a:1c:86:4d:
                    ad:c6:77:85:d6:92:c6:37:f0:0e:72:9f:6b:4d:a6:
                    4b:1b:00:e8:53:7c:d3:65:22:e6:9f:28:31:ce:6a:
                    ac:3f:94:5e:03:7a:f5:e8:8a:4f:7d:ac:4b:47:24:
                    d6:98:26:13:48:2d:66:55:a6:77:1c:65:31:e8:67:
                    5b:4a:33:21:e5:32:0c:51:4e:71:f4:7a:43:70:08:
                    23:fe:a0:ab:d8:3b:ad:65:7a:55:ef:1f:30:7b:95:
                    ee:dd:47:fd:a0:23:ba:e6:d5:a1:9a:ca:2a:43:23:
                    5f:e6:fb:aa:7d:1e:d3:a3:45:89:78:6d:02:c8:42:
                    c4:86:3e:3f:ca:74:50:9c:21:f2:38:2d:ba:2a:14:
                    3e:62:f7:22:de:4b:45:f0:e2:2c:01:e4:c7:37:42:
                    9c:19:76:e4:61:39:1e:9e:85:67:6e:09:30:15:a3:
                    09:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:7F:24:94:11:06:F6:32:4E:70:B7:67:F6:2A:7C:23:F4:83:B4:69
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c30::/48

    Signature Algorithm: sha256WithRSAEncryption
         a9:f7:f8:eb:ea:c5:15:63:36:87:5c:d2:2f:62:61:f0:48:a1:
         aa:ba:e1:a4:04:fa:a5:33:1e:ab:1b:c8:14:a0:6f:08:74:21:
         55:fe:c0:ae:aa:8c:be:4c:20:a3:9a:07:f3:b3:ab:1e:54:41:
         5d:ec:ce:65:b1:e4:50:3a:c4:2d:c9:c5:b7:d8:60:88:b6:29:
         15:c7:96:2e:28:e8:75:3f:bb:0c:8f:8f:21:28:c2:43:58:5e:
         e3:ab:09:13:2b:3a:85:3a:e3:10:ed:2d:85:82:a1:6b:1b:e1:
         ee:92:d2:76:1e:55:7f:78:20:e6:b8:6c:60:ff:40:98:f3:1f:
         8c:c8:64:7e:81:6a:3c:23:57:7d:87:76:a0:61:46:07:c7:d9:
         ad:40:25:47:9e:be:de:f9:8f:ed:f8:aa:1c:ac:bd:5f:20:fb:
         d4:45:66:d6:38:0a:f6:a7:fa:a1:a1:c6:a8:4f:77:06:6c:7e:
         1e:09:f5:54:47:d1:b1:e6:1b:dc:f2:2e:ba:ab:5e:c8:08:b6:
         88:64:7f:11:20:61:6a:61:79:55:a4:2f:5d:2f:bd:4a:05:75:
         86:59:9e:b0:e4:41:7d:a8:b0:5c:fa:bf:90:4b:ac:c8:c9:98:
         ad:08:b9:26:f5:44:c4:48:25:7d:21:ca:be:b1:ed:f7:d6:a4:
         e0:a0:e9:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUHJ4AseclqpQ8+zILQYQ+E0uoV0IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MDgwMjAzMzBaFw0yNzA0MDcwMjA4MzBaMDMxMTAvBgNV
BAMTKEY4N0YyNDk0MTEwNkY2MzI0RTcwQjc2N0Y2MkE3QzIzRjQ4M0I0NjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT/RqHaR5711YM4WVo6WbeJGW1
42sOTV7oi2WxH5W/IETQmX9DCuK7835NvRp6hvP5TEO9UorXa8zWUSDESvr1qHP+
Du/Xay9DwRYbplb/ptcmFHivChyGTa3Gd4XWksY38A5yn2tNpksbAOhTfNNlIuaf
KDHOaqw/lF4DevXoik99rEtHJNaYJhNILWZVpnccZTHoZ1tKMyHlMgxRTnH0ekNw
CCP+oKvYO61lelXvHzB7le7dR/2gI7rm1aGayipDI1/m+6p9HtOjRYl4bQLIQsSG
Pj/KdFCcIfI4LboqFD5i9yLeS0Xw4iwB5Mc3QpwZduRhOR6ehWduCTAVowldAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU+H8klBEG9jJOcLdn9ip8I/SDtGkwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5MzM4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQwwMA0GCSqGSIb3DQEBCwUAA4IBAQCp9/jr6sUVYzaHXNIvYmHwSKGquuGkBPql
Mx6rG8gUoG8IdCFV/sCuqoy+TCCjmgfzs6seVEFd7M5lseRQOsQtycW32GCItikV
x5YuKOh1P7sMj48hKMJDWF7jqwkTKzqFOuMQ7S2FgqFrG+HuktJ2HlV/eCDmuGxg
/0CY8x+MyGR+gWo8I1d9h3agYUYHx9mtQCVHnr7e+Y/t+KocrL1fIPvURWbWOAr2
p/qhocaoT3cGbH4eCfVUR9Gx5hvc8i66q17ICLaIZH8RIGFqYXlVpC9dL71KBXWG
WZ6w5EF9qLBc+r+QS6zIyZitCLkm9UTESCV9Icq+se331qTgoOl7
-----END CERTIFICATE-----