Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
File:                     AS209474.roa (raw, json)
Hash identifier:          dvT1USOnKCuBdPFRUn1u1Wgk3rkYovv5HysBblIHdF8=
Subject key identifier:   CB:A2:E1:DE:68:FB:19:7D:3B:4B:6B:D4:B0:86:C4:3D:90:FC:44:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       60A8AA0B5CC35AC836AF4A9A493332D593AEFC0C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa
Signing time:             Tue 03 Mar 2026 10:46:45 +0000
ROA not before:           Tue 03 Mar 2026 10:41:45 +0000
ROA not after:            Tue 02 Mar 2027 10:46:45 +0000
asID:                     209474
IP address blocks:        146.103.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 17:37:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:a8:aa:0b:5c:c3:5a:c8:36:af:4a:9a:49:33:32:d5:93:ae:fc:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  3 10:41:45 2026 GMT
            Not After : Mar  2 10:46:45 2027 GMT
        Subject: CN=CBA2E1DE68FB197D3B4B6BD4B086C43D90FC44D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0d:39:30:5d:fb:65:d7:fa:e6:dd:cf:66:43:
                    17:2a:2c:d1:d1:1a:59:94:57:ee:1c:d8:e6:e2:9a:
                    4d:04:ac:dd:3c:aa:36:0b:77:bf:13:95:3a:3d:2c:
                    26:e8:b1:8d:85:32:17:d0:4e:87:31:ea:a4:44:8f:
                    3f:1f:ce:8a:93:78:b1:c3:5d:a6:ea:d3:ab:e0:97:
                    b7:10:7d:a7:c4:e3:6c:9c:fe:83:17:95:72:da:d8:
                    ad:2a:5a:95:bb:ca:27:67:04:7e:87:82:e9:8a:11:
                    a2:d2:f9:ee:59:b9:e9:48:69:fc:ad:49:8f:e3:0f:
                    81:e4:6e:35:ba:66:52:22:eb:f8:ea:d4:35:ae:9d:
                    41:34:18:3c:a7:12:61:ae:1c:61:89:ca:1b:ce:e5:
                    07:fd:c2:e2:e7:a2:e2:26:be:0e:04:6d:87:0c:9f:
                    6d:6a:4a:a0:a9:f6:67:06:87:c2:7f:59:eb:05:97:
                    80:57:74:93:83:5c:9e:7c:e6:a6:eb:3a:66:82:49:
                    db:40:44:7c:9d:a1:51:b7:4e:9e:4f:84:95:65:05:
                    93:5e:be:fc:f5:28:78:75:87:f1:af:48:45:e6:47:
                    3f:04:59:e2:ef:f3:b3:9e:eb:1b:5b:6d:2b:b6:7e:
                    ee:ed:5c:f8:6a:34:1a:6a:49:03:95:41:4f:b8:0c:
                    77:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:A2:E1:DE:68:FB:19:7D:3B:4B:6B:D4:B0:86:C4:3D:90:FC:44:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:98:f9:89:b4:19:e3:45:1b:78:af:bd:63:41:3a:d3:e8:9b:
         02:5a:ee:f4:e2:7d:60:ad:75:8b:fe:c6:fb:0f:2b:f1:7d:b3:
         f7:05:b2:20:49:0a:10:93:8b:05:72:8c:bb:1f:4f:17:e2:15:
         95:23:3f:ce:8a:ad:b9:02:9a:0f:bd:a4:51:9d:21:e2:5d:21:
         79:2a:00:11:a2:a0:e9:54:d6:34:5f:a4:b3:3b:1a:83:ec:76:
         07:7e:87:8a:50:bd:42:05:64:c7:7b:02:db:67:40:72:c2:e6:
         09:f4:5b:ab:61:dd:7f:fa:e9:c8:8a:d9:45:c1:36:ac:40:3d:
         d9:ce:bb:23:3b:48:b9:84:02:fb:58:48:6a:04:4b:6d:46:71:
         6f:71:6e:ec:76:8e:3d:7f:e5:a3:88:e6:ee:d8:c3:fe:60:9f:
         14:91:f2:5b:d4:ad:ba:1d:97:2c:be:61:fa:72:97:c9:0f:c8:
         18:5b:5a:3a:a3:bb:70:77:6d:93:ce:07:50:4f:a8:6d:a3:28:
         a7:9a:18:e3:8d:f6:4e:15:d8:01:3d:6b:80:bf:cb:f1:93:7c:
         a9:2b:90:7c:8c:5d:74:de:33:d5:86:8e:c4:0f:cf:f7:6c:3f:
         71:a9:8b:6b:43:dc:c8:51:89:bc:88:18:64:f0:6f:31:75:bc:
         bc:55:87:e4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYKiqC1zDWsg2r0qaSTMy1ZOu/AwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDMxMDQxNDVaFw0yNzAzMDIxMDQ2NDVaMDMxMTAvBgNV
BAMTKENCQTJFMURFNjhGQjE5N0QzQjRCNkJENEIwODZDNDNEOTBGQzQ0RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/DTkwXftl1/rm3c9mQxcqLNHR
GlmUV+4c2Obimk0ErN08qjYLd78TlTo9LCbosY2FMhfQTocx6qREjz8fzoqTeLHD
Xabq06vgl7cQfafE42yc/oMXlXLa2K0qWpW7yidnBH6HgumKEaLS+e5ZuelIafyt
SY/jD4HkbjW6ZlIi6/jq1DWunUE0GDynEmGuHGGJyhvO5Qf9wuLnouImvg4EbYcM
n21qSqCp9mcGh8J/WesFl4BXdJODXJ585qbrOmaCSdtARHydoVG3Tp5PhJVlBZNe
vvz1KHh1h/GvSEXmRz8EWeLv87Oe6xtbbSu2fu7tXPhqNBpqSQOVQU+4DHeRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUy6Lh3mj7GX07S2vUsIbEPZD8RNEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmca
MA0GCSqGSIb3DQEBCwUAA4IBAQCJmPmJtBnjRRt4r71jQTrT6JsCWu704n1grXWL
/sb7DyvxfbP3BbIgSQoQk4sFcoy7H08X4hWVIz/Oiq25ApoPvaRRnSHiXSF5KgAR
oqDpVNY0X6SzOxqD7HYHfoeKUL1CBWTHewLbZ0BywuYJ9FurYd1/+unIitlFwTas
QD3ZzrsjO0i5hAL7WEhqBEttRnFvcW7sdo49f+WjiObu2MP+YJ8UkfJb1K26HZcs
vmH6cpfJD8gYW1o6o7twd22TzgdQT6htoyinmhjjjfZOFdgBPWuAv8vxk3ypK5B8
jF103jPVho7ED8/3bD9xqYtrQ9zIUYm8iBhk8G8xdby8VYfk
-----END CERTIFICATE-----