Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209951.roa
File:                     AS209951.roa (raw, json)
Hash identifier:          A/Lufvg6J1VbZy4bvSFgLbBcxv+WrTNskMm8+Afy0uQ=
Subject key identifier:   40:92:24:61:64:07:D8:B2:16:C3:13:2B:57:D5:CB:BA:5F:03:F8:09
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       5062E03F2E5BAAB198181E57828F8E28F63400D1
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209951.roa
Signing time:             Sun 06 Jul 2025 11:12:31 +0000
ROA not before:           Sun 06 Jul 2025 11:07:31 +0000
ROA not after:            Sun 05 Jul 2026 11:12:31 +0000
asID:                     209951
IP address blocks:        2a14:7583:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:62:e0:3f:2e:5b:aa:b1:98:18:1e:57:82:8f:8e:28:f6:34:00:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jul  6 11:07:31 2025 GMT
            Not After : Jul  5 11:12:31 2026 GMT
        Subject: CN=409224616407D8B216C3132B57D5CBBA5F03F809
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:62:c3:86:9e:88:db:98:45:9f:9c:81:b7:b0:
                    b8:94:f6:56:90:73:bd:33:f1:58:eb:0c:b8:a3:95:
                    14:5f:bb:b7:c6:d3:8c:77:82:97:9e:04:58:5d:2d:
                    3b:ad:85:d4:7e:0b:7e:1f:65:c9:f3:21:32:bb:ba:
                    16:aa:22:c4:e8:fe:79:82:1d:0b:65:d1:d9:ce:3b:
                    71:20:0d:6d:11:e2:2f:01:9d:86:cf:a0:5c:a4:65:
                    37:b3:cc:1a:e7:5f:9e:85:b3:73:2a:76:9c:87:32:
                    a1:9a:48:21:78:a2:7a:84:07:48:78:85:5f:a4:07:
                    b4:a3:98:60:7b:6a:f7:04:e5:62:d9:5f:70:97:4e:
                    19:08:68:f2:e7:9f:6b:0e:2e:ca:e5:bd:1b:68:ae:
                    07:d2:3e:82:6c:06:dc:5d:a8:b8:d1:d3:57:6e:5e:
                    ee:b5:e3:f3:2a:e2:14:bb:fb:b8:af:73:cc:f3:9e:
                    88:df:27:4b:d0:8a:ca:e2:2b:74:31:d1:10:79:d1:
                    fd:47:de:8e:52:02:a5:52:28:11:df:b9:06:1a:7e:
                    35:5a:ca:a8:29:52:0c:c2:45:58:7d:76:aa:30:de:
                    63:20:54:59:4d:65:bb:46:e2:66:a0:d4:57:09:ca:
                    da:1f:82:ae:39:08:95:74:ad:96:a0:bc:80:a7:1c:
                    09:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:92:24:61:64:07:D8:B2:16:C3:13:2B:57:D5:CB:BA:5F:03:F8:09
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         89:9a:fb:35:21:7c:06:59:c6:e5:88:d4:0d:07:1e:af:e2:ff:
         6c:90:04:97:7f:0f:17:82:d9:d7:6a:65:22:c3:2d:22:31:71:
         08:22:f8:e9:85:f6:1e:50:65:6b:60:63:11:04:c2:54:4a:39:
         19:65:29:ee:bf:65:73:8f:6d:3d:ff:71:b6:95:13:b1:2c:73:
         93:b8:5a:6a:f1:d9:c1:9c:12:d0:8c:ef:e9:01:46:b2:df:d7:
         df:70:73:0e:bb:bc:ba:17:7a:b9:b3:d9:92:47:6a:b1:3f:73:
         5c:18:6d:02:ff:3d:26:a1:18:9c:e6:9e:c6:67:d5:3c:07:0c:
         5c:08:a9:e3:38:8b:1c:10:be:8a:f3:27:38:9c:e0:71:ad:fa:
         2e:c4:9b:34:65:8d:af:3e:c9:08:b8:0c:80:1b:a8:17:c0:2e:
         66:31:c5:94:a8:83:9a:09:ce:3c:bd:2d:27:a2:27:c6:63:78:
         01:45:bf:c2:23:d6:6a:35:4a:4d:8d:7a:2d:38:ee:a8:de:56:
         8f:2f:0e:32:ff:d7:fb:77:82:9e:1b:30:d0:17:b6:ff:4d:a6:
         dc:6f:f7:6a:4e:1b:e5:c3:f1:32:a4:32:38:86:40:c1:83:ef:
         42:c7:fc:aa:ce:10:d3:ea:e8:45:c4:98:44:1f:cc:27:29:5c:
         81:72:11:c7
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUUGLgPy5bqrGYGB5Xgo+OKPY0ANEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA3MDYxMTA3MzFaFw0yNjA3MDUxMTEyMzFaMDMxMTAvBgNV
BAMTKDQwOTIyNDYxNjQwN0Q4QjIxNkMzMTMyQjU3RDVDQkJBNUYwM0Y4MDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9YsOGnojbmEWfnIG3sLiU9laQ
c70z8VjrDLijlRRfu7fG04x3gpeeBFhdLTuthdR+C34fZcnzITK7uhaqIsTo/nmC
HQtl0dnOO3EgDW0R4i8BnYbPoFykZTezzBrnX56Fs3MqdpyHMqGaSCF4onqEB0h4
hV+kB7SjmGB7avcE5WLZX3CXThkIaPLnn2sOLsrlvRtorgfSPoJsBtxdqLjR01du
Xu614/Mq4hS7+7ivc8zznojfJ0vQisriK3Qx0RB50f1H3o5SAqVSKBHfuQYafjVa
yqgpUgzCRVh9dqow3mMgVFlNZbtG4mag1FcJytofgq45CJV0rZagvICnHAnfAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUQJIkYWQH2LIWwxMrV9XLul8D+AkwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA5OTUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhR1
gyAwDQYJKoZIhvcNAQELBQADggEBAIma+zUhfAZZxuWI1A0HHq/i/2yQBJd/DxeC
2ddqZSLDLSIxcQgi+OmF9h5QZWtgYxEEwlRKORllKe6/ZXOPbT3/cbaVE7Esc5O4
Wmrx2cGcEtCM7+kBRrLf199wcw67vLoXermz2ZJHarE/c1wYbQL/PSahGJzmnsZn
1TwHDFwIqeM4ixwQvorzJzic4HGt+i7EmzRlja8+yQi4DIAbqBfALmYxxZSog5oJ
zjy9LSeiJ8ZjeAFFv8Ij1mo1Sk2Nei047qjeVo8vDjL/1/t3gp4bMNAXtv9Nptxv
92pOG+XD8TKkMjiGQMGD70LH/KrOENPq6EXEmEQfzCcpXIFyEcc=
-----END CERTIFICATE-----