Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209557.roa
File:                     AS209557.roa (raw, json)
Hash identifier:          G2bkfFzAKzNb/HzOXRWHFRpvsku79dLRcDwUYzk0SN8=
Subject key identifier:   50:5E:59:79:CB:C8:3F:01:CF:BD:20:73:94:4D:E2:A7:EB:F7:FB:15
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7B8D754680D6E2F77D23589AE9C4EB707E8E7925
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209557.roa
Signing time:             Wed 27 May 2026 05:34:35 +0000
ROA not before:           Wed 27 May 2026 05:29:35 +0000
ROA not after:            Wed 26 May 2027 05:34:35 +0000
asID:                     209557
IP address blocks:        155.117.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:8d:75:46:80:d6:e2:f7:7d:23:58:9a:e9:c4:eb:70:7e:8e:79:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 27 05:29:35 2026 GMT
            Not After : May 26 05:34:35 2027 GMT
        Subject: CN=505E5979CBC83F01CFBD2073944DE2A7EBF7FB15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e5:38:24:81:35:22:d8:fa:3e:70:63:ab:e5:
                    6a:7e:b4:86:57:70:dd:6a:7e:aa:26:a9:1d:5e:f8:
                    1f:63:50:de:de:39:43:76:46:e1:c9:a0:03:2c:01:
                    c7:a4:86:4a:83:e5:22:f3:05:19:f0:1f:d3:1b:18:
                    fa:dd:e9:88:c3:95:c4:65:ff:56:68:40:60:98:6f:
                    d9:4e:24:dd:d1:1c:29:0a:7d:31:82:a5:1d:93:a3:
                    e8:99:74:01:30:ce:84:29:7f:72:26:aa:95:58:54:
                    37:5c:80:0d:b3:15:f0:7e:4d:9f:00:e5:5e:39:1f:
                    29:de:ab:5a:e2:79:d8:6d:9b:ca:07:5c:19:67:0e:
                    45:31:f6:dd:f8:13:cf:41:21:a3:20:13:8d:9b:b1:
                    51:b9:37:96:fc:25:e5:2f:4f:af:ba:4a:2f:a0:1d:
                    26:fe:56:b9:1e:02:51:d3:07:15:0d:85:1b:f8:99:
                    80:a1:30:aa:2e:44:e4:88:3f:ee:07:b5:1d:9f:4f:
                    dc:60:39:ed:22:63:cc:ae:52:85:6f:3f:e0:2c:84:
                    ab:6e:b1:b9:81:e7:7c:fb:dd:fd:58:52:f5:58:89:
                    b7:86:cf:d3:47:df:cb:b4:a6:57:6a:4c:45:92:af:
                    c8:b5:b8:d0:a4:ff:cf:ea:4a:2c:51:13:40:16:e5:
                    b3:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:5E:59:79:CB:C8:3F:01:CF:BD:20:73:94:4D:E2:A7:EB:F7:FB:15
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:39:3b:a9:de:08:ec:fe:c1:7f:79:3e:fb:50:c1:90:08:8a:
         ef:97:cc:b1:cb:99:17:66:8a:74:53:d4:ab:c2:69:a9:bd:52:
         21:48:cd:7d:57:23:e8:a9:60:bc:9a:22:3f:9e:e7:b8:5c:a3:
         dd:d7:39:12:b5:ed:6a:25:9a:0a:ba:b7:9a:ce:e1:82:4f:d8:
         27:99:74:32:06:3a:e8:e1:56:14:54:3b:5f:53:6a:49:fa:65:
         75:0c:1a:11:b2:6b:7b:5a:5c:4c:5b:5f:4e:f0:09:52:04:28:
         3d:6e:61:28:ec:8d:38:7d:a1:28:3f:34:f0:9d:fd:18:83:2a:
         e8:41:93:cd:62:d5:e4:ca:33:67:3e:13:30:42:8b:1a:94:ca:
         da:5c:5e:c6:82:c3:0b:68:65:69:f4:34:74:a0:39:f8:ea:93:
         60:6b:45:fa:77:11:97:b2:39:7f:42:0d:fe:5c:78:f4:18:c1:
         95:bd:d3:51:17:3b:48:f7:bd:d6:0f:15:95:e9:cd:13:60:59:
         dd:83:f9:0b:6d:cc:7c:f4:2b:94:8b:bd:52:e7:3e:e4:41:cc:
         84:68:91:17:05:51:26:38:33:5c:02:85:e9:f6:62:80:52:50:
         ff:e8:bb:48:bf:3e:e4:fa:c7:99:68:ce:a7:44:2b:5c:fd:e6:
         23:8a:fa:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUe411RoDW4vd9I1ia6cTrcH6OeSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjcwNTI5MzVaFw0yNzA1MjYwNTM0MzVaMDMxMTAvBgNV
BAMTKDUwNUU1OTc5Q0JDODNGMDFDRkJEMjA3Mzk0NERFMkE3RUJGN0ZCMTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCe5TgkgTUi2Po+cGOr5Wp+tIZX
cN1qfqomqR1e+B9jUN7eOUN2RuHJoAMsAcekhkqD5SLzBRnwH9MbGPrd6YjDlcRl
/1ZoQGCYb9lOJN3RHCkKfTGCpR2To+iZdAEwzoQpf3ImqpVYVDdcgA2zFfB+TZ8A
5V45Hyneq1riedhtm8oHXBlnDkUx9t34E89BIaMgE42bsVG5N5b8JeUvT6+6Si+g
HSb+VrkeAlHTBxUNhRv4mYChMKouROSIP+4HtR2fT9xgOe0iY8yuUoVvP+AshKtu
sbmB53z73f1YUvVYibeGz9NH38u0pldqTEWSr8i1uNCk/8/qSixRE0AW5bO5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUF5ZecvIPwHPvSBzlE3ip+v3+xUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Vm
MA0GCSqGSIb3DQEBCwUAA4IBAQAVOTup3gjs/sF/eT77UMGQCIrvl8yxy5kXZop0
U9SrwmmpvVIhSM19VyPoqWC8miI/nue4XKPd1zkSte1qJZoKureazuGCT9gnmXQy
Bjro4VYUVDtfU2pJ+mV1DBoRsmt7WlxMW19O8AlSBCg9bmEo7I04faEoPzTwnf0Y
gyroQZPNYtXkyjNnPhMwQosalMraXF7GgsMLaGVp9DR0oDn46pNga0X6dxGXsjl/
Qg3+XHj0GMGVvdNRFztI973WDxWV6c0TYFndg/kLbcx89CuUi71S5z7kQcyEaJEX
BVEmODNcAoXp9mKAUlD/6LtIvz7k+seZaM6nRCtc/eYjivqk
-----END CERTIFICATE-----