Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa
File:                     AS207252.roa (raw, json)
Hash identifier:          RKZknBkWKz1zvCY9kaCZvau2H6hu/TUeGexDZHtRMDY=
Subject key identifier:   83:27:66:41:A7:33:0A:0D:8A:75:B1:66:CD:BB:17:97:F5:7E:FD:CE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5F6ECFF128DEE6E20B7EE49B386F40774FE1DE72
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa
Signing time:             Fri 30 Aug 2024 13:40:14 +0000
ROA not before:           Fri 30 Aug 2024 13:35:14 +0000
ROA not after:            Fri 29 Aug 2025 13:40:14 +0000
asID:                     207252
IP address blocks:        140.233.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5f:6e:cf:f1:28:de:e6:e2:0b:7e:e4:9b:38:6f:40:77:4f:e1:de:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 30 13:35:14 2024 GMT
            Not After : Aug 29 13:40:14 2025 GMT
        Subject: CN=83276641A7330A0D8A75B166CDBB1797F57EFDCE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8f:11:82:d8:46:3e:d8:96:11:5a:24:06:ef:
                    b8:78:29:7e:29:22:50:84:2c:0e:88:72:54:40:fc:
                    0d:2f:8f:08:e0:03:ae:ad:36:40:20:fc:87:a3:06:
                    c2:18:7e:bd:17:10:1b:67:12:8e:08:bc:d0:54:18:
                    9c:b0:bd:a6:ab:9e:65:8f:9f:ec:ad:34:4b:70:5a:
                    96:08:f4:64:eb:41:99:ef:6a:f2:ae:1c:e1:47:e2:
                    b5:96:d4:25:31:79:fd:4c:38:70:41:3d:01:2d:b7:
                    8d:f2:a7:43:f9:1b:c6:b5:9d:72:42:f6:ea:b7:44:
                    80:18:5c:dc:ee:b4:fe:8c:67:d6:8a:fe:bb:cc:3c:
                    2b:38:e6:32:79:10:1d:9b:ec:7d:2f:30:83:47:97:
                    b9:f2:d0:01:0f:bc:5a:63:69:56:ff:d2:9f:55:a6:
                    a6:ed:3d:b5:88:41:a3:df:99:99:89:fb:2e:5d:8f:
                    f3:b5:de:1b:14:82:40:f8:84:f8:3b:3d:83:09:4d:
                    4c:6e:d1:b1:40:46:2d:94:70:eb:cc:17:d8:b8:6a:
                    e7:dd:a5:b2:ae:5a:a9:86:ea:f2:ab:61:86:b5:4b:
                    4d:82:de:65:89:d7:fa:87:46:6e:13:32:cc:00:1c:
                    16:3d:3d:0b:f8:27:ae:bb:46:da:d6:25:b2:db:4f:
                    e1:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:27:66:41:A7:33:0A:0D:8A:75:B1:66:CD:BB:17:97:F5:7E:FD:CE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS207252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:81:dc:15:43:e3:98:79:c7:f7:fb:76:d0:f5:b3:30:d2:5d:
         61:e4:02:b5:a6:31:17:04:c4:75:1c:46:76:bd:6f:71:43:22:
         0e:26:ed:ec:5c:e2:3d:42:13:ab:35:da:0f:e0:00:fa:29:60:
         5b:38:33:ae:f5:27:c7:75:02:e3:73:73:8d:c5:83:fb:2b:df:
         d7:1b:0b:89:6b:05:0b:8f:bc:ee:7e:91:04:9d:2e:f5:05:1d:
         8d:d2:09:81:ec:6a:c3:d7:07:d7:37:50:de:3b:3c:af:4e:b2:
         45:cc:f2:df:69:1d:42:59:44:46:cb:19:5a:c8:13:c8:6d:a0:
         df:e6:c1:84:1a:b1:e3:db:f0:b7:41:f4:fb:fd:cf:a2:b1:6b:
         f2:50:f2:e6:ad:5b:bc:15:a2:7e:3c:d8:3a:53:60:61:4e:57:
         8c:61:a9:62:84:10:5b:79:7a:c5:ac:6f:1b:5f:6b:62:f6:68:
         7d:5a:e0:61:9d:3f:ce:f8:98:8a:66:a9:5c:25:97:74:4b:63:
         39:10:81:0f:1f:ea:8b:d6:a6:bd:04:0e:91:a5:68:6b:34:e0:
         fd:ed:04:6d:5e:b5:d5:c2:fd:ae:15:ad:3f:d9:05:7c:a1:25:
         3f:e7:a3:af:df:e3:7b:6f:1c:58:73:cc:2b:1c:2d:37:fb:a5:
         73:a2:41:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUX27P8Sje5uILfuSbOG9Ad0/h3nIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA4MzAxMzM1MTRaFw0yNTA4MjkxMzQwMTRaMDMxMTAvBgNV
BAMTKDgzMjc2NjQxQTczMzBBMEQ4QTc1QjE2NkNEQkIxNzk3RjU3RUZEQ0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCojxGC2EY+2JYRWiQG77h4KX4p
IlCELA6IclRA/A0vjwjgA66tNkAg/IejBsIYfr0XEBtnEo4IvNBUGJywvaarnmWP
n+ytNEtwWpYI9GTrQZnvavKuHOFH4rWW1CUxef1MOHBBPQEtt43yp0P5G8a1nXJC
9uq3RIAYXNzutP6MZ9aK/rvMPCs45jJ5EB2b7H0vMINHl7ny0AEPvFpjaVb/0p9V
pqbtPbWIQaPfmZmJ+y5dj/O13hsUgkD4hPg7PYMJTUxu0bFARi2UcOvMF9i4aufd
pbKuWqmG6vKrYYa1S02C3mWJ1/qHRm4TMswAHBY9PQv4J667RtrWJbLbT+F7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUgydmQaczCg2KdbFmzbsXl/V+/c4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA3MjUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm6
MA0GCSqGSIb3DQEBCwUAA4IBAQAIgdwVQ+OYecf3+3bQ9bMw0l1h5AK1pjEXBMR1
HEZ2vW9xQyIOJu3sXOI9QhOrNdoP4AD6KWBbODOu9SfHdQLjc3ONxYP7K9/XGwuJ
awULj7zufpEEnS71BR2N0gmB7GrD1wfXN1DeOzyvTrJFzPLfaR1CWURGyxlayBPI
baDf5sGEGrHj2/C3QfT7/c+isWvyUPLmrVu8FaJ+PNg6U2BhTleMYalihBBbeXrF
rG8bX2ti9mh9WuBhnT/O+JiKZqlcJZd0S2M5EIEPH+qL1qa9BA6RpWhrNOD97QRt
XrXVwv2uFa0/2QV8oSU/56Ov3+N7bxxYc8wrHC03+6VzokH8
-----END CERTIFICATE-----