Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209043.roa
File:                     AS209043.roa (raw, json)
Hash identifier:          E9wIbeYfV0vwK/S/WpiiRJgI+IXRe0lKLK49pxxbTmQ=
Subject key identifier:   C1:36:B4:0F:02:99:D1:0B:11:2B:D4:17:72:77:A2:15:80:99:50:BE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0D3DBB1B029706650941AC535943AA0B73204485
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209043.roa
Signing time:             Thu 04 Jul 2024 08:20:14 +0000
ROA not before:           Thu 04 Jul 2024 08:15:14 +0000
ROA not after:            Thu 03 Jul 2025 08:20:14 +0000
asID:                     209043
IP address blocks:        146.103.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 12:48:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:3d:bb:1b:02:97:06:65:09:41:ac:53:59:43:aa:0b:73:20:44:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul  4 08:15:14 2024 GMT
            Not After : Jul  3 08:20:14 2025 GMT
        Subject: CN=C136B40F0299D10B112BD4177277A215809950BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:82:51:2c:34:83:f8:bd:59:d0:ee:99:95:53:
                    6c:a2:bc:6a:93:00:e5:58:89:0d:ea:83:44:db:cd:
                    ca:40:d2:6b:89:95:2f:6b:dc:88:61:ad:4c:cf:46:
                    6f:f5:36:f9:ee:dd:e9:96:ff:62:75:2e:d4:08:45:
                    e7:da:81:89:c2:d0:26:f9:dc:2a:2c:a7:a5:ac:67:
                    c5:d7:89:bf:75:f3:09:19:9e:69:a5:53:06:3c:18:
                    a1:1d:5c:57:20:b0:47:d2:69:ce:da:dc:f8:2a:53:
                    67:e6:a9:0b:84:d5:d0:1a:54:48:64:94:33:b7:df:
                    6e:80:00:44:0d:b0:53:06:f1:c0:a4:59:b9:70:62:
                    1f:f3:cf:fe:51:93:90:1a:3a:9a:46:48:61:be:88:
                    a4:d5:e2:81:74:69:02:11:22:a2:4c:68:7d:19:36:
                    a7:38:e5:7f:41:d1:92:3f:a8:cb:f0:18:43:73:63:
                    ba:28:5c:03:4a:6d:fc:4b:1b:3f:51:b4:5e:18:7d:
                    ce:0f:b0:b8:d9:6d:df:bb:fd:5f:5e:4b:3f:8f:cb:
                    00:63:2c:24:10:c3:9b:31:80:cc:2f:72:e6:98:d7:
                    97:58:92:1d:59:97:10:8a:4c:fe:53:e4:56:38:d3:
                    40:a2:5a:ee:c6:e3:e7:6f:b3:62:10:df:ec:67:34:
                    ec:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:36:B4:0F:02:99:D1:0B:11:2B:D4:17:72:77:A2:15:80:99:50:BE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:b9:84:c0:8c:75:71:c5:55:d4:8a:0b:5f:67:58:28:4a:99:
         29:88:28:14:98:87:ab:68:0d:4d:38:18:b4:72:f0:df:ec:60:
         b5:d2:6e:68:85:e6:ac:f0:1a:56:17:03:ce:21:24:fe:ac:38:
         fb:6f:52:9e:df:34:a1:00:2c:2e:43:a1:3d:6b:75:25:a6:e6:
         67:6b:fc:55:e9:e1:77:1c:e6:d0:c6:cd:15:4c:d6:99:23:81:
         5e:11:1b:45:2b:da:c4:37:b1:67:6e:8b:d2:c6:02:21:0e:84:
         91:f0:fe:81:6d:87:b8:46:aa:c4:cc:c7:5d:08:a1:65:12:bb:
         d3:c4:49:75:cb:25:80:7f:34:1c:87:29:0c:18:bb:6c:71:5d:
         db:94:13:19:05:df:ed:91:74:e9:4f:59:bf:d3:26:a0:f1:93:
         8b:59:98:27:79:b3:b8:67:cd:74:d9:60:da:2b:73:c1:4f:0f:
         4f:97:a4:a2:f0:c2:f4:b0:7f:6a:ba:e8:5d:56:af:92:bf:12:
         eb:a6:48:71:e8:35:0d:4a:e4:ea:4c:50:db:43:0a:34:bf:62:
         02:55:3f:b3:48:d6:de:da:2e:51:3d:fb:8f:c6:03:03:bc:40:
         3e:38:de:52:42:98:07:dc:24:96:b3:98:a9:cb:96:fd:a9:62:
         c3:60:ff:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDT27GwKXBmUJQaxTWUOqC3MgRIUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MDQwODE1MTRaFw0yNTA3MDMwODIwMTRaMDMxMTAvBgNV
BAMTKEMxMzZCNDBGMDI5OUQxMEIxMTJCRDQxNzcyNzdBMjE1ODA5OTUwQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClglEsNIP4vVnQ7pmVU2yivGqT
AOVYiQ3qg0TbzcpA0muJlS9r3IhhrUzPRm/1Nvnu3emW/2J1LtQIRefagYnC0Cb5
3Cosp6WsZ8XXib918wkZnmmlUwY8GKEdXFcgsEfSac7a3PgqU2fmqQuE1dAaVEhk
lDO3326AAEQNsFMG8cCkWblwYh/zz/5Rk5AaOppGSGG+iKTV4oF0aQIRIqJMaH0Z
Nqc45X9B0ZI/qMvwGENzY7ooXANKbfxLGz9RtF4Yfc4PsLjZbd+7/V9eSz+PywBj
LCQQw5sxgMwvcuaY15dYkh1ZlxCKTP5T5FY400CiWu7G4+dvs2IQ3+xnNOwPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwTa0DwKZ0QsRK9QXcneiFYCZUL4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5MDQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmck
MA0GCSqGSIb3DQEBCwUAA4IBAQB1uYTAjHVxxVXUigtfZ1goSpkpiCgUmIeraA1N
OBi0cvDf7GC10m5oheas8BpWFwPOIST+rDj7b1Ke3zShACwuQ6E9a3UlpuZna/xV
6eF3HObQxs0VTNaZI4FeERtFK9rEN7FnbovSxgIhDoSR8P6BbYe4RqrEzMddCKFl
ErvTxEl1yyWAfzQchykMGLtscV3blBMZBd/tkXTpT1m/0yag8ZOLWZgnebO4Z810
2WDaK3PBTw9Pl6Si8ML0sH9quuhdVq+SvxLrpkhx6DUNSuTqTFDbQwo0v2ICVT+z
SNbe2i5RPfuPxgMDvEA+ON5SQpgH3CSWs5ipy5b9qWLDYP8G
-----END CERTIFICATE-----