Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209552.roa
File:                     AS209552.roa (raw, json)
Hash identifier:          QFNF0Q75XYVQVdqZO1VNepOQKJUlBBPNUW3US6LcBfQ=
Subject key identifier:   E0:BF:97:45:F2:D0:CB:CC:12:42:93:F8:3A:E8:7B:DF:47:C8:A1:F3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       423FD226B63E9B932D1253D762678A2AAC66623D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209552.roa
Signing time:             Fri 25 Jul 2025 08:07:38 +0000
ROA not before:           Fri 25 Jul 2025 08:02:38 +0000
ROA not after:            Fri 24 Jul 2026 08:07:38 +0000
asID:                     209552
IP address blocks:        2a0f:85c1:51::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:3f:d2:26:b6:3e:9b:93:2d:12:53:d7:62:67:8a:2a:ac:66:62:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:38 2025 GMT
            Not After : Jul 24 08:07:38 2026 GMT
        Subject: CN=E0BF9745F2D0CBCC124293F83AE87BDF47C8A1F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:0b:cf:ed:00:37:1e:b1:27:0f:15:2b:60:f9:
                    ad:1f:3f:e0:7d:c4:95:8f:6e:db:25:0f:38:8a:94:
                    82:ff:4a:c1:07:fa:17:6e:c4:4c:a7:fd:0c:77:10:
                    6b:45:49:ff:2a:8f:e3:c7:0a:32:87:7e:d5:b3:f7:
                    d9:30:30:5f:02:bb:c4:a6:1e:03:94:dc:c9:1b:01:
                    f6:60:78:71:6b:8b:05:43:59:5b:e4:97:03:72:66:
                    44:67:70:13:96:fd:b2:53:ee:61:77:c4:93:5f:3b:
                    60:61:2c:2d:05:6c:56:38:60:b5:27:fb:bc:8a:cd:
                    28:07:bb:80:34:da:0c:9e:f6:c0:e4:03:a8:23:d5:
                    67:be:10:ba:26:92:c8:c4:90:c2:0b:fa:64:ac:fb:
                    28:b9:f9:04:27:a5:29:ed:92:15:eb:18:59:5c:9a:
                    87:4b:da:44:46:20:2d:53:b3:7f:d0:49:09:6b:18:
                    a3:41:0a:6f:a1:44:9e:1f:9a:4c:8f:ae:ef:27:97:
                    84:9f:08:c0:52:6d:02:a8:b8:14:6c:3c:85:96:e2:
                    a4:42:23:5d:91:41:ad:a8:2e:29:49:a3:5c:19:4f:
                    08:13:5f:db:c1:47:f8:0c:9d:77:03:54:22:fb:45:
                    61:21:d0:2f:22:58:8a:c0:93:cd:cf:d4:7a:89:48:
                    83:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:BF:97:45:F2:D0:CB:CC:12:42:93:F8:3A:E8:7B:DF:47:C8:A1:F3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209552.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:51::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:49:42:bd:8c:80:e5:e6:48:8b:03:ec:aa:66:3c:12:b3:ba:
         47:45:17:2b:e1:1d:c7:b6:61:95:61:0b:f4:bd:59:43:2a:59:
         5a:47:44:c6:52:e7:60:d2:89:77:67:b7:a5:9c:c9:c4:e4:cd:
         dd:07:6d:70:cc:4d:40:f6:e5:1b:cd:59:d1:86:e4:b4:9b:1a:
         05:5e:0e:e4:7d:f9:e4:c7:61:a7:41:62:8f:e0:03:ec:a0:44:
         31:66:e9:1c:33:79:6d:4a:61:25:be:34:b9:25:c8:53:1f:0d:
         90:cc:7c:94:47:03:31:fb:db:61:2d:18:13:7b:8c:15:26:19:
         fb:c0:9e:47:66:a2:b6:53:15:8d:1b:68:d3:b5:36:ce:45:7f:
         62:1d:78:7c:80:ce:87:2b:51:e6:a0:b1:f2:ad:ff:dc:d5:24:
         f2:81:05:12:d9:88:e7:30:f3:1a:4b:63:d8:57:8d:5e:32:a0:
         58:fc:e4:b3:46:34:ab:40:3c:73:67:8c:3f:6e:a0:a5:60:7e:
         4d:06:f6:46:b3:f3:bf:85:e0:11:5a:ee:ec:86:cb:b5:c3:08:
         90:aa:7b:ba:6f:3e:26:6c:79:b3:d7:fb:8b:14:2f:47:fc:09:
         ec:95:0f:67:82:93:e0:ad:7e:8a:54:45:ce:9b:73:f4:55:50:
         63:f9:65:55
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUQj/SJrY+m5MtElPXYmeKKqxmYj0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzhaFw0yNjA3MjQwODA3MzhaMDMxMTAvBgNV
BAMTKEUwQkY5NzQ1RjJEMENCQ0MxMjQyOTNGODNBRTg3QkRGNDdDOEExRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHC8/tADcesScPFStg+a0fP+B9
xJWPbtslDziKlIL/SsEH+hduxEyn/Qx3EGtFSf8qj+PHCjKHftWz99kwMF8Cu8Sm
HgOU3MkbAfZgeHFriwVDWVvklwNyZkRncBOW/bJT7mF3xJNfO2BhLC0FbFY4YLUn
+7yKzSgHu4A02gye9sDkA6gj1We+ELomksjEkMIL+mSs+yi5+QQnpSntkhXrGFlc
modL2kRGIC1Ts3/QSQlrGKNBCm+hRJ4fmkyPru8nl4SfCMBSbQKouBRsPIWW4qRC
I12RQa2oLilJo1wZTwgTX9vBR/gMnXcDVCL7RWEh0C8iWIrAk83P1HqJSIMVAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU4L+XRfLQy8wSQpP4Ouh730fIofMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5NTUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQBRMA0GCSqGSIb3DQEBCwUAA4IBAQAfSUK9jIDl5kiLA+yqZjwSs7pHRRcr4R3H
tmGVYQv0vVlDKllaR0TGUudg0ol3Z7elnMnE5M3dB21wzE1A9uUbzVnRhuS0mxoF
Xg7kffnkx2GnQWKP4APsoEQxZukcM3ltSmElvjS5JchTHw2QzHyURwMx+9thLRgT
e4wVJhn7wJ5HZqK2UxWNG2jTtTbORX9iHXh8gM6HK1HmoLHyrf/c1STygQUS2Yjn
MPMaS2PYV41eMqBY/OSzRjSrQDxzZ4w/bqClYH5NBvZGs/O/heARWu7shsu1wwiQ
qnu6bz4mbHmz1/uLFC9H/AnslQ9ngpPgrX6KVEXOm3P0VVBj+WVV
-----END CERTIFICATE-----