Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
File:                     AS209474.roa (raw, json)
Hash identifier:          gY3GvtyWELuty0jhiVIaLa44Ho4BTp/ygSCbD0ogTT8=
Subject key identifier:   BC:1D:AE:5E:64:0C:32:24:F0:95:69:8B:81:5B:7E:11:06:46:81:64
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5CE9762FAB388476F474952B452C629AD67E9F6A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
Signing time:             Tue 01 Apr 2025 09:54:00 +0000
ROA not before:           Tue 01 Apr 2025 09:49:00 +0000
ROA not after:            Tue 31 Mar 2026 09:54:00 +0000
asID:                     209474
IP address blocks:        146.103.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:e9:76:2f:ab:38:84:76:f4:74:95:2b:45:2c:62:9a:d6:7e:9f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 09:49:00 2025 GMT
            Not After : Mar 31 09:54:00 2026 GMT
        Subject: CN=BC1DAE5E640C3224F095698B815B7E1106468164
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fc:cd:17:b1:a5:d8:97:2d:27:c3:c8:9b:e2:
                    38:f9:8a:fc:6f:fc:be:35:34:b1:9d:52:8a:44:08:
                    6b:e8:cd:6b:98:73:8e:2a:68:49:9a:39:33:cd:02:
                    42:5b:f0:b7:c8:a5:bf:69:f8:1f:3d:99:76:51:26:
                    b3:d0:3b:5d:43:32:54:c7:7c:7e:05:24:84:53:d8:
                    6f:af:4d:c0:04:02:68:25:5a:bb:f5:90:69:f5:7d:
                    e2:51:15:b4:45:63:f1:9f:bd:f5:0c:88:47:f4:60:
                    46:38:10:1b:b7:86:fa:2d:fb:4c:d9:93:91:b9:a8:
                    49:61:00:15:13:e2:de:ee:19:1c:b0:57:4e:2a:9f:
                    43:ba:0a:de:5c:71:52:16:85:bf:60:19:f0:ef:f0:
                    7d:73:cb:a7:75:21:45:93:89:e1:1a:74:63:a0:3b:
                    e1:b9:eb:06:bc:ee:88:34:18:aa:d8:49:90:7a:cd:
                    d9:ef:d4:df:c8:83:55:39:a4:21:db:f6:91:fc:b1:
                    24:fe:a3:a1:4a:2e:68:37:9d:ec:c4:9d:46:25:ef:
                    4f:d5:32:42:06:d0:87:76:cc:38:8f:92:a8:dd:88:
                    33:e1:a1:de:6f:c1:e7:41:4a:37:1f:18:2f:80:01:
                    9e:e0:55:98:3a:1d:d7:0a:53:e2:39:43:a5:66:4f:
                    b7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:1D:AE:5E:64:0C:32:24:F0:95:69:8B:81:5B:7E:11:06:46:81:64
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:b2:58:fd:85:e6:7d:83:27:6c:c7:1d:23:85:47:86:06:7c:
         59:cb:3d:37:2a:62:14:61:30:fc:06:2c:7f:c6:2c:b5:88:3a:
         7a:30:51:34:e0:47:7d:9b:ca:93:c2:07:50:8e:c7:a8:f7:97:
         19:df:d9:c8:54:8e:9b:38:5d:1c:c0:22:0c:32:f9:e8:fd:97:
         a5:8b:9e:e9:2a:19:af:39:00:30:de:7f:f4:2e:ec:0f:a5:cf:
         d5:08:ba:42:c9:78:eb:50:a0:90:cc:6b:22:5c:77:06:f1:38:
         1b:b4:ea:53:b0:e0:ce:61:08:3c:5d:49:48:59:81:0a:42:d6:
         17:38:3e:0b:9d:d4:a8:c3:82:9b:38:98:4c:4e:f7:af:9f:c7:
         0e:ab:4a:88:51:31:30:dd:01:70:7e:4d:52:84:f0:dd:a5:81:
         c6:6a:c6:81:eb:60:1a:26:f7:93:56:f7:0d:b6:d9:f9:be:75:
         34:e1:b1:70:3c:57:74:5b:b9:59:5e:4d:58:d7:4d:7b:f7:5f:
         64:b6:64:2b:3e:58:d4:dd:97:4d:3d:54:00:d4:26:4d:42:3f:
         75:f8:dd:a0:08:33:fa:1b:5e:7a:f5:0d:ca:50:87:7b:ef:71:
         0c:5f:98:53:bf:64:a1:e3:5a:5b:3c:45:8d:13:cc:f1:f3:75:
         1c:18:b8:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXOl2L6s4hHb0dJUrRSximtZ+n2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MDEwOTQ5MDBaFw0yNjAzMzEwOTU0MDBaMDMxMTAvBgNV
BAMTKEJDMURBRTVFNjQwQzMyMjRGMDk1Njk4QjgxNUI3RTExMDY0NjgxNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3/M0XsaXYly0nw8ib4jj5ivxv
/L41NLGdUopECGvozWuYc44qaEmaOTPNAkJb8LfIpb9p+B89mXZRJrPQO11DMlTH
fH4FJIRT2G+vTcAEAmglWrv1kGn1feJRFbRFY/GfvfUMiEf0YEY4EBu3hvot+0zZ
k5G5qElhABUT4t7uGRywV04qn0O6Ct5ccVIWhb9gGfDv8H1zy6d1IUWTieEadGOg
O+G56wa87og0GKrYSZB6zdnv1N/Ig1U5pCHb9pH8sST+o6FKLmg3nezEnUYl70/V
MkIG0Id2zDiPkqjdiDPhod5vwedBSjcfGC+AAZ7gVZg6HdcKU+I5Q6VmT7cnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUvB2uXmQMMiTwlWmLgVt+EQZGgWQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmca
MA0GCSqGSIb3DQEBCwUAA4IBAQByslj9heZ9gydsxx0jhUeGBnxZyz03KmIUYTD8
Bix/xiy1iDp6MFE04Ed9m8qTwgdQjseo95cZ39nIVI6bOF0cwCIMMvno/Zeli57p
KhmvOQAw3n/0LuwPpc/VCLpCyXjrUKCQzGsiXHcG8TgbtOpTsODOYQg8XUlIWYEK
QtYXOD4LndSow4KbOJhMTvevn8cOq0qIUTEw3QFwfk1ShPDdpYHGasaB62AaJveT
VvcNttn5vnU04bFwPFd0W7lZXk1Y1017919ktmQrPljU3ZdNPVQA1CZNQj91+N2g
CDP6G1569Q3KUId773EMX5hTv2Sh41pbPEWNE8zx83UcGLgU
-----END CERTIFICATE-----