Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209722.roa
File:                     AS209722.roa (raw, json)
Hash identifier:          Yyc+zCg4tGWlCrPSlyPpr3tySCYK/86l3HAKBvl7YK0=
Subject key identifier:   79:C7:1C:D2:8A:78:1F:E3:06:EE:5C:F6:C6:57:A2:31:8D:16:D4:CA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1FF9D1C1382EABFAC5573E00CF167BE318CAA0EC
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209722.roa
Signing time:             Tue 24 Feb 2026 02:12:10 +0000
ROA not before:           Tue 24 Feb 2026 02:07:10 +0000
ROA not after:            Tue 23 Feb 2027 02:12:10 +0000
asID:                     209722
IP address blocks:        2a0f:85c1:e17::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:f9:d1:c1:38:2e:ab:fa:c5:57:3e:00:cf:16:7b:e3:18:ca:a0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Feb 24 02:07:10 2026 GMT
            Not After : Feb 23 02:12:10 2027 GMT
        Subject: CN=79C71CD28A781FE306EE5CF6C657A2318D16D4CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a9:2c:21:59:22:13:30:82:f0:f5:f8:a0:37:
                    64:8f:01:d3:dc:07:5c:61:4c:e2:72:41:a8:13:7c:
                    c5:44:fc:fb:5f:5e:45:ce:41:c0:87:df:5a:b5:2b:
                    0d:c2:4b:83:52:5c:df:54:cd:ef:f7:72:3d:da:80:
                    fb:bc:5a:6e:86:fa:51:4a:60:31:a1:c9:a5:fe:7c:
                    3a:95:1d:b0:09:2b:f6:ef:78:b4:1c:6c:45:7f:7f:
                    d8:af:e5:a2:be:b4:ef:b8:3c:fb:08:06:aa:d0:9c:
                    25:8f:34:df:b4:56:6e:03:56:a3:99:3a:31:04:1d:
                    85:74:c7:34:03:31:72:e0:ef:64:88:93:6d:46:51:
                    22:22:32:22:c4:21:8a:dc:ae:e1:60:01:f0:47:6b:
                    5c:56:16:b1:f4:8c:13:84:d1:6a:b4:6e:65:7b:eb:
                    37:7a:64:49:94:65:73:df:14:67:d4:cf:6f:43:d9:
                    7b:bd:66:c8:ad:07:ea:fc:dd:f9:49:86:eb:52:33:
                    05:0b:c5:d5:77:17:dd:cb:0c:8a:47:ee:97:39:df:
                    ff:3f:53:ea:76:0d:15:56:ac:bd:7c:b3:c5:a3:3f:
                    11:7b:30:10:8e:e5:d5:af:01:01:de:0d:34:69:57:
                    ed:0f:d0:08:b3:5b:7c:e2:28:03:da:ab:8f:f3:f4:
                    15:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C7:1C:D2:8A:78:1F:E3:06:EE:5C:F6:C6:57:A2:31:8D:16:D4:CA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209722.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:e17::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:78:ec:b4:b2:0b:c6:29:bd:df:5f:5c:35:a4:b2:72:b7:46:
         0e:58:3d:b9:aa:b8:6a:1f:bf:64:23:e8:1b:44:1f:8d:ac:70:
         69:86:16:47:7f:d2:7e:8a:62:73:9e:b8:ae:73:07:be:01:a2:
         51:89:59:8b:b8:0f:ce:7c:f5:b1:d9:ff:8a:c5:88:34:c0:58:
         91:f1:1f:03:50:db:2e:be:0b:0c:17:d5:f1:f1:eb:5f:52:09:
         25:bf:f4:4c:b4:8f:ba:88:da:7f:20:80:ff:18:75:5d:fe:4d:
         15:d3:1b:43:26:67:c3:73:d9:eb:47:81:85:e8:60:2a:92:48:
         10:15:2d:e3:30:fd:5e:bf:4c:52:dd:71:1c:e6:90:84:46:7a:
         f6:18:6a:e7:6a:ec:35:c8:c2:4c:02:92:20:51:ed:06:b5:b9:
         c7:cc:24:9b:6e:2e:99:6a:df:8e:8b:6c:cb:70:b8:e3:78:31:
         33:e6:41:7b:62:03:fc:a3:56:9c:75:f7:5b:b9:b9:eb:02:07:
         75:08:bb:cc:0b:eb:69:54:d4:6b:c5:d7:bf:7a:67:9c:ce:e1:
         6e:ad:73:72:13:4e:de:c5:d5:c8:ea:47:f0:52:23:f0:3c:3a:
         6a:00:ca:33:49:e1:28:5c:04:d9:9b:4a:79:49:58:80:51:1e:
         9e:09:d4:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH/nRwTguq/rFVz4AzxZ74xjKoOwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjAyMjQwMjA3MTBaFw0yNzAyMjMwMjEyMTBaMDMxMTAvBgNV
BAMTKDc5QzcxQ0QyOEE3ODFGRTMwNkVFNUNGNkM2NTdBMjMxOEQxNkQ0Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjqSwhWSITMILw9figN2SPAdPc
B1xhTOJyQagTfMVE/PtfXkXOQcCH31q1Kw3CS4NSXN9Uze/3cj3agPu8Wm6G+lFK
YDGhyaX+fDqVHbAJK/bveLQcbEV/f9iv5aK+tO+4PPsIBqrQnCWPNN+0Vm4DVqOZ
OjEEHYV0xzQDMXLg72SIk21GUSIiMiLEIYrcruFgAfBHa1xWFrH0jBOE0Wq0bmV7
6zd6ZEmUZXPfFGfUz29D2Xu9ZsitB+r83flJhutSMwULxdV3F93LDIpH7pc53/8/
U+p2DRVWrL18s8WjPxF7MBCO5dWvAQHeDTRpV+0P0AizW3ziKAPaq4/z9BXPAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUeccc0op4H+MG7lz2xleiMY0W1MowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5NzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQ4XMA0GCSqGSIb3DQEBCwUAA4IBAQASeOy0sgvGKb3fX1w1pLJyt0YOWD25qrhq
H79kI+gbRB+NrHBphhZHf9J+imJznriucwe+AaJRiVmLuA/OfPWx2f+KxYg0wFiR
8R8DUNsuvgsMF9Xx8etfUgklv/RMtI+6iNp/IID/GHVd/k0V0xtDJmfDc9nrR4GF
6GAqkkgQFS3jMP1ev0xS3XEc5pCERnr2GGrnauw1yMJMApIgUe0GtbnHzCSbbi6Z
at+Oi2zLcLjjeDEz5kF7YgP8o1acdfdbubnrAgd1CLvMC+tpVNRrxde/emeczuFu
rXNyE07exdXI6kfwUiPwPDpqAMozSeEoXATZm0p5SViAUR6eCdQL
-----END CERTIFICATE-----