Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa
File:                     AS209874.roa (raw, json)
Hash identifier:          FNAUSXK81TiLsaTMhbQ+vuGtRdK4fiXknhCCnJoIE9A=
Subject key identifier:   3C:E5:0B:F0:18:10:B5:14:B5:BD:EA:B0:DA:7C:B2:5D:50:FD:18:D8
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7D76F1E8B2513BE9605FBD63ADA5D6BC7906C8DC
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa
Signing time:             Thu 24 Jul 2025 11:15:29 +0000
ROA not before:           Thu 24 Jul 2025 11:10:29 +0000
ROA not after:            Thu 23 Jul 2026 11:15:29 +0000
asID:                     209874
IP address blocks:        2a14:7583:3000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 21:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:76:f1:e8:b2:51:3b:e9:60:5f:bd:63:ad:a5:d6:bc:79:06:c8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jul 24 11:10:29 2025 GMT
            Not After : Jul 23 11:15:29 2026 GMT
        Subject: CN=3CE50BF01810B514B5BDEAB0DA7CB25D50FD18D8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:44:52:db:a8:e9:45:47:84:aa:db:fd:c6:da:
                    2d:5f:e5:25:84:05:a2:4f:94:4e:7a:ec:9b:41:f4:
                    11:3e:c5:40:4c:87:f1:bf:d4:e6:5c:b4:80:76:89:
                    f7:4c:54:48:81:ac:94:d1:25:06:6e:fe:6c:c6:03:
                    83:07:01:c5:31:54:4f:06:b1:6f:21:65:6c:1d:65:
                    f7:51:18:fa:5e:e7:5d:6b:72:1e:88:05:aa:a0:a7:
                    95:5d:20:94:cf:79:99:55:f7:17:5f:05:1f:ee:b1:
                    4b:cb:2e:a1:63:7f:2f:38:ba:fe:60:f9:25:73:dc:
                    74:3c:c8:c9:8c:2e:9a:3a:44:f4:35:48:5c:d8:d0:
                    9c:de:e2:64:df:04:ba:45:3f:9e:e0:37:1d:93:4b:
                    04:23:a0:91:f5:17:41:77:54:cb:65:94:e9:3c:c5:
                    cb:ec:22:b9:29:db:64:1c:f4:3f:a9:41:b0:fc:9d:
                    be:38:b0:c4:a3:6c:1f:14:04:ba:9b:ee:bb:9f:1a:
                    04:c5:15:d2:d3:00:e6:93:92:19:3f:66:c7:23:f8:
                    42:6e:c2:76:3f:21:9d:32:91:6f:ae:33:98:fa:97:
                    c0:3f:42:ed:eb:c0:4d:d0:58:6a:1f:77:97:1f:03:
                    71:c9:29:fc:df:1d:ca:6e:e5:5a:fb:a7:76:ce:02:
                    05:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:E5:0B:F0:18:10:B5:14:B5:BD:EA:B0:DA:7C:B2:5D:50:FD:18:D8
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         8b:ab:d2:51:49:c1:c2:d5:77:25:cd:90:6f:07:91:29:4e:06:
         af:57:c7:3e:a1:7e:e4:73:06:68:7f:0c:93:6e:4c:ef:44:9a:
         2b:78:d5:45:7e:f4:0e:70:e1:36:28:ad:8e:00:3d:3a:2e:ff:
         9a:fd:c1:cb:e9:ab:31:fe:07:69:82:cd:8a:61:d0:38:aa:a9:
         e4:99:d1:42:36:6b:27:3d:48:4b:73:1d:f6:eb:7c:e0:0f:5f:
         86:cd:c6:c7:da:42:ae:18:14:75:67:8e:c0:db:58:8a:7c:3b:
         7b:65:7c:71:2c:77:34:f9:5b:64:e3:f9:ff:48:80:44:af:c7:
         aa:a5:7d:5e:fe:d7:7f:56:a2:42:ed:e0:e0:9a:c0:fe:bd:3e:
         10:01:e6:25:c9:34:cb:ae:ef:41:28:9d:3a:aa:18:d5:d3:a5:
         d5:bd:8c:c0:8e:87:36:8a:66:4c:c3:8f:74:c8:93:01:48:5f:
         d4:4d:cf:f5:06:3d:14:67:38:f3:99:88:4d:af:72:10:53:85:
         21:12:49:e3:8e:d4:0a:26:eb:be:22:5b:a5:15:98:34:b8:f9:
         62:01:b1:02:64:86:12:30:71:34:cf:25:8a:3b:3c:dd:98:fc:
         67:c3:e5:79:91:24:8f:40:62:26:30:ea:50:6e:d8:96:35:74:
         29:48:01:f5
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUfXbx6LJRO+lgX71jraXWvHkGyNwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA3MjQxMTEwMjlaFw0yNjA3MjMxMTE1MjlaMDMxMTAvBgNV
BAMTKDNDRTUwQkYwMTgxMEI1MTRCNUJERUFCMERBN0NCMjVENTBGRDE4RDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwRFLbqOlFR4Sq2/3G2i1f5SWE
BaJPlE567JtB9BE+xUBMh/G/1OZctIB2ifdMVEiBrJTRJQZu/mzGA4MHAcUxVE8G
sW8hZWwdZfdRGPpe511rch6IBaqgp5VdIJTPeZlV9xdfBR/usUvLLqFjfy84uv5g
+SVz3HQ8yMmMLpo6RPQ1SFzY0Jze4mTfBLpFP57gNx2TSwQjoJH1F0F3VMtllOk8
xcvsIrkp22Qc9D+pQbD8nb44sMSjbB8UBLqb7rufGgTFFdLTAOaTkhk/Zscj+EJu
wnY/IZ0ykW+uM5j6l8A/Qu3rwE3QWGofd5cfA3HJKfzfHcpu5Vr7p3bOAgWjAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUPOUL8BgQtRS1veqw2nyyXVD9GNgwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA5ODc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
gzAwDQYJKoZIhvcNAQELBQADggEBAIur0lFJwcLVdyXNkG8HkSlOBq9Xxz6hfuRz
Bmh/DJNuTO9Emit41UV+9A5w4TYorY4APTou/5r9wcvpqzH+B2mCzYph0DiqqeSZ
0UI2ayc9SEtzHfbrfOAPX4bNxsfaQq4YFHVnjsDbWIp8O3tlfHEsdzT5W2Tj+f9I
gESvx6qlfV7+139WokLt4OCawP69PhAB5iXJNMuu70EonTqqGNXTpdW9jMCOhzaK
ZkzDj3TIkwFIX9RNz/UGPRRnOPOZiE2vchBThSESSeOO1Aom674iW6UVmDS4+WIB
sQJkhhIwcTTPJYo7PN2Y/GfD5XmRJI9AYiYw6lBu2JY1dClIAfU=
-----END CERTIFICATE-----