Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
File:                     AS209474.roa (raw, json)
Hash identifier:          rXyO8XbxRntA7NfH/3SVcBrcxz6houizak9lcdVMLUI=
Subject key identifier:   96:21:45:4F:D8:C8:8E:6A:36:9D:E6:AB:1E:AA:A5:C3:B7:D2:F3:4A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0F0C4D84BB398A18EFEA61767D339C6A6CAE1FBE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
Signing time:             Tue 30 Apr 2024 09:01:08 +0000
ROA not before:           Tue 30 Apr 2024 08:56:08 +0000
ROA not after:            Tue 29 Apr 2025 09:01:08 +0000
asID:                     209474
IP address blocks:        146.103.26.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:0c:4d:84:bb:39:8a:18:ef:ea:61:76:7d:33:9c:6a:6c:ae:1f:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 30 08:56:08 2024 GMT
            Not After : Apr 29 09:01:08 2025 GMT
        Subject: CN=9621454FD8C88E6A369DE6AB1EAAA5C3B7D2F34A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ff:2f:61:7c:02:e8:42:b5:73:7e:1b:e1:3d:
                    cf:fb:ac:ca:25:f0:bc:1e:44:64:42:c1:2e:c0:1f:
                    ce:77:f0:bd:92:1d:68:8a:72:2b:fa:0a:2e:3d:5e:
                    f6:c1:d5:0a:1a:c4:94:7d:35:47:35:34:9d:a1:77:
                    db:fe:bc:ec:8b:d2:46:2e:f4:83:91:f7:85:1a:4f:
                    0c:f9:4a:f9:1e:bf:5b:cb:69:d1:e4:a9:2e:ad:ef:
                    54:4c:0f:85:55:a9:3f:97:2c:de:d6:6c:5e:49:af:
                    5c:46:86:94:73:9a:06:4c:38:18:b3:71:0a:79:16:
                    09:3f:98:be:2b:85:3a:d0:3d:3f:37:20:1e:ec:4e:
                    f9:28:47:58:0e:12:bf:7f:07:3c:c1:a5:10:47:dc:
                    96:60:52:28:e5:cf:5b:66:8d:6c:2a:2f:c9:5e:d1:
                    ba:b6:2d:fb:dd:f9:81:e2:4f:fb:b5:c1:0a:e9:22:
                    b5:27:1d:6f:e4:84:de:bc:41:92:f9:e2:f1:f5:28:
                    2c:d0:33:f1:da:72:92:68:2f:6e:63:d0:c2:16:5c:
                    2b:2d:fd:26:85:9d:6c:59:48:08:ab:f6:4b:74:7d:
                    e1:0f:74:d0:32:ae:17:5c:7d:f5:3d:e9:fa:5e:d0:
                    1b:19:e4:c3:e0:b9:4a:d2:50:18:50:fa:52:e5:b8:
                    57:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:21:45:4F:D8:C8:8E:6A:36:9D:E6:AB:1E:AA:A5:C3:B7:D2:F3:4A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:e4:e7:ff:8b:ff:3c:46:c4:3b:d4:bb:90:5a:41:92:35:fb:
         44:c3:1f:e7:b7:84:4a:d6:e6:99:5e:56:fe:9d:2a:2d:73:77:
         fe:ea:eb:3d:aa:41:52:bd:11:4d:a1:62:70:d7:6f:9b:b4:6d:
         9a:ee:2d:36:75:3b:7d:89:5e:11:34:e0:55:49:2a:5c:cd:4d:
         24:06:06:a5:f5:90:a8:1e:83:98:bd:77:b8:34:91:bf:a0:54:
         3e:94:54:5c:12:20:a9:aa:80:da:e1:b4:88:03:7d:ef:5c:d6:
         7a:e2:94:59:5f:b6:2d:0b:11:df:07:de:ee:1e:59:11:b9:c3:
         fe:60:70:c3:a2:8a:c4:a4:87:3a:4e:db:1a:9f:62:9e:eb:9c:
         06:ee:5d:f4:f7:d9:86:7a:fb:82:2f:48:91:0e:10:57:bb:9f:
         24:de:39:9b:85:12:72:aa:25:29:a1:f8:23:43:9c:fa:7d:34:
         e0:11:38:94:2c:a5:39:72:f7:fe:b7:ca:1b:ca:5b:42:47:86:
         d1:bd:1d:c2:8a:19:50:8f:c8:d7:a2:eb:7d:e7:3e:de:63:96:
         2f:6f:38:48:34:d9:da:42:e8:07:c1:7f:5d:f4:74:46:7f:d8:
         fc:70:56:3f:48:a6:c3:9a:64:25:3c:ee:2f:b1:47:03:d2:54:
         03:e7:bc:81
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDwxNhLs5ihjv6mF2fTOcamyuH74wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MzAwODU2MDhaFw0yNTA0MjkwOTAxMDhaMDMxMTAvBgNV
BAMTKDk2MjE0NTRGRDhDODhFNkEzNjlERTZBQjFFQUFBNUMzQjdEMkYzNEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ/y9hfALoQrVzfhvhPc/7rMol
8LweRGRCwS7AH8538L2SHWiKciv6Ci49XvbB1QoaxJR9NUc1NJ2hd9v+vOyL0kYu
9IOR94UaTwz5Svkev1vLadHkqS6t71RMD4VVqT+XLN7WbF5Jr1xGhpRzmgZMOBiz
cQp5Fgk/mL4rhTrQPT83IB7sTvkoR1gOEr9/BzzBpRBH3JZgUijlz1tmjWwqL8le
0bq2Lfvd+YHiT/u1wQrpIrUnHW/khN68QZL54vH1KCzQM/HacpJoL25j0MIWXCst
/SaFnWxZSAir9kt0feEPdNAyrhdcffU96fpe0BsZ5MPguUrSUBhQ+lLluFfbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUliFFT9jIjmo2nearHqqlw7fS80owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmca
MA0GCSqGSIb3DQEBCwUAA4IBAQCz5Of/i/88RsQ71LuQWkGSNftEwx/nt4RK1uaZ
Xlb+nSotc3f+6us9qkFSvRFNoWJw12+btG2a7i02dTt9iV4RNOBVSSpczU0kBgal
9ZCoHoOYvXe4NJG/oFQ+lFRcEiCpqoDa4bSIA33vXNZ64pRZX7YtCxHfB97uHlkR
ucP+YHDDoorEpIc6Ttsan2Ke65wG7l3099mGevuCL0iRDhBXu58k3jmbhRJyqiUp
ofgjQ5z6fTTgETiULKU5cvf+t8obyltCR4bRvR3CihlQj8jXout95z7eY5YvbzhI
NNnaQugHwX9d9HRGf9j8cFY/SKbDmmQlPO4vsUcD0lQD57yB
-----END CERTIFICATE-----