Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209735.roa
File:                     AS209735.roa (raw, json)
Hash identifier:          4c7bFt3n0UrQGqpyzSRU7SOlySjwZH8PdvgO7Y007HI=
Subject key identifier:   A3:C6:FF:05:C5:6F:9C:E0:4B:DA:81:CA:E4:28:62:A8:6B:06:B1:BD
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       734AFCF434CE6B8E4DF47D6A7B1677717B5DE499
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209735.roa
Signing time:             Fri 25 Jul 2025 08:07:37 +0000
ROA not before:           Fri 25 Jul 2025 08:02:37 +0000
ROA not after:            Fri 24 Jul 2026 08:07:37 +0000
asID:                     209735
IP address blocks:        2a0f:85c1:80::/44 maxlen: 44
                          2a0f:85c1:80::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:4a:fc:f4:34:ce:6b:8e:4d:f4:7d:6a:7b:16:77:71:7b:5d:e4:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jul 25 08:02:37 2025 GMT
            Not After : Jul 24 08:07:37 2026 GMT
        Subject: CN=A3C6FF05C56F9CE04BDA81CAE42862A86B06B1BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:64:2d:3d:b9:9f:37:f0:87:fd:b3:83:b7:05:
                    41:cf:10:42:a2:65:e9:26:e0:ec:ef:d2:a0:20:38:
                    9c:8d:88:18:1e:38:40:88:43:aa:c6:49:01:7f:cc:
                    0b:a6:c2:34:b7:07:f3:26:67:34:2f:87:f2:ce:72:
                    ec:c3:e8:e8:42:e6:47:91:bb:be:9c:78:05:87:c4:
                    ba:e3:a7:ea:d2:5c:24:ee:b5:07:d9:f5:1a:16:03:
                    c7:da:3b:9f:a7:36:0e:f1:77:ef:5d:00:b9:5f:2a:
                    06:d7:e1:46:35:92:db:a6:dc:9a:09:fc:17:a4:5f:
                    1a:cc:4e:df:b2:dc:7c:5c:f4:23:ac:b9:15:48:3a:
                    f2:6d:df:c4:01:9d:c8:25:42:fe:71:a4:8a:0d:43:
                    36:11:08:10:5f:8d:81:9c:ff:1e:18:8c:0b:90:ee:
                    49:4e:f8:cd:30:57:0a:69:c9:34:37:ba:d4:1f:b0:
                    b0:37:ee:10:07:04:2d:9b:88:a9:72:5b:0e:14:59:
                    d8:2b:7d:3f:1f:ec:9f:22:df:c6:e9:04:30:c5:c3:
                    71:0d:a3:96:b0:70:27:97:08:a4:71:16:75:b9:1a:
                    59:0a:67:e5:77:5e:61:e0:81:20:1d:4c:80:98:75:
                    02:02:4c:26:ce:72:c5:db:8f:40:da:66:dd:c1:71:
                    f0:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:C6:FF:05:C5:6F:9C:E0:4B:DA:81:CA:E4:28:62:A8:6B:06:B1:BD
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209735.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:80::/44

    Signature Algorithm: sha256WithRSAEncryption
         7e:08:48:26:17:09:0a:34:17:7f:47:0d:3f:ba:7c:97:a7:d5:
         0c:6f:fe:cb:49:6b:12:f8:17:4f:40:e3:5e:f3:16:5b:47:c8:
         77:cc:74:67:8c:bb:17:0a:6c:18:91:a8:29:2b:d7:81:56:a1:
         aa:99:63:bf:e5:f8:de:fc:f9:d5:1f:88:04:d9:91:96:1b:13:
         09:cf:b7:75:f9:bf:34:3d:99:5c:4e:9f:67:fd:fc:bf:11:91:
         53:85:bd:b1:6c:7b:13:32:8f:eb:59:fc:7d:93:01:2a:6d:35:
         15:11:3f:79:5d:20:9a:90:1f:7f:de:b3:3a:26:f5:4b:b9:fc:
         bd:8e:57:5a:b3:1f:73:84:29:b6:87:b0:ab:69:a8:32:03:7f:
         80:4f:c2:8e:88:31:14:a4:87:39:f6:6f:85:c9:df:7d:96:af:
         74:a0:aa:02:55:81:14:90:f3:fc:26:78:88:d3:2e:6b:6e:df:
         9e:41:75:dd:b9:ef:8d:2b:32:42:92:1d:01:b0:c6:8a:d1:2d:
         69:c2:ab:73:29:65:9d:22:c7:47:20:6e:12:78:08:70:e7:82:
         8c:ac:a4:6a:23:63:b8:a9:de:cf:f1:f4:a5:4a:d1:35:8b:f6:
         cb:7d:a1:29:7f:14:1f:91:a7:aa:be:4c:25:dd:92:e0:d0:8b:
         0f:8d:70:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUc0r89DTOa45N9H1qexZ3cXtd5JkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA3MjUwODAyMzdaFw0yNjA3MjQwODA3MzdaMDMxMTAvBgNV
BAMTKEEzQzZGRjA1QzU2RjlDRTA0QkRBODFDQUU0Mjg2MkE4NkIwNkIxQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgZC09uZ838If9s4O3BUHPEEKi
Zekm4Ozv0qAgOJyNiBgeOECIQ6rGSQF/zAumwjS3B/MmZzQvh/LOcuzD6OhC5keR
u76ceAWHxLrjp+rSXCTutQfZ9RoWA8faO5+nNg7xd+9dALlfKgbX4UY1ktum3JoJ
/BekXxrMTt+y3Hxc9COsuRVIOvJt38QBncglQv5xpIoNQzYRCBBfjYGc/x4YjAuQ
7klO+M0wVwppyTQ3utQfsLA37hAHBC2biKlyWw4UWdgrfT8f7J8i38bpBDDFw3EN
o5awcCeXCKRxFnW5GlkKZ+V3XmHggSAdTICYdQICTCbOcsXbj0DaZt3BcfD/AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUo8b/BcVvnOBL2oHK5ChiqGsGsb0wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5NzM1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQCAMA0GCSqGSIb3DQEBCwUAA4IBAQB+CEgmFwkKNBd/Rw0/unyXp9UMb/7LSWsS
+BdPQONe8xZbR8h3zHRnjLsXCmwYkagpK9eBVqGqmWO/5fje/PnVH4gE2ZGWGxMJ
z7d1+b80PZlcTp9n/fy/EZFThb2xbHsTMo/rWfx9kwEqbTUVET95XSCakB9/3rM6
JvVLufy9jldasx9zhCm2h7CraagyA3+AT8KOiDEUpIc59m+Fyd99lq90oKoCVYEU
kPP8JniI0y5rbt+eQXXdue+NKzJCkh0BsMaK0S1pwqtzKWWdIsdHIG4SeAhw54KM
rKRqI2O4qd7P8fSlStE1i/bLfaEpfxQfkaeqvkwl3ZLg0IsPjXBI
-----END CERTIFICATE-----
Generated at Wed Aug 6 10:16:09 2025 by rpki-client