Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209622.roa
File:                     AS209622.roa (raw, json)
Hash identifier:          DfFtwo571yrOBZdLCjuEMoi0B2qWFJn2vl2PB9F5KVM=
Subject key identifier:   C0:D3:D3:D2:60:C4:4D:97:A7:61:54:30:06:C5:66:39:38:08:93:65
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       642C81C5D7ED899F0436764CAC70E9084F15CC68
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209622.roa
Signing time:             Fri 05 Jun 2026 11:00:29 +0000
ROA not before:           Fri 05 Jun 2026 10:55:29 +0000
ROA not after:            Fri 04 Jun 2027 11:00:29 +0000
asID:                     209622
IP address blocks:        155.117.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:2c:81:c5:d7:ed:89:9f:04:36:76:4c:ac:70:e9:08:4f:15:cc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 10:55:29 2026 GMT
            Not After : Jun  4 11:00:29 2027 GMT
        Subject: CN=C0D3D3D260C44D97A761543006C5663938089365
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:17:cb:0f:15:e3:e9:d7:e3:6f:33:ae:76:bf:
                    3a:22:1f:db:57:13:69:4c:84:3f:b7:f7:0a:f5:5e:
                    3d:d5:6b:85:05:0b:ad:ed:40:e0:97:26:03:88:d6:
                    2f:36:56:48:e0:8c:33:d0:40:a5:2d:d3:50:3f:a8:
                    68:f0:b7:46:34:f4:02:7d:d7:56:58:41:c7:55:e2:
                    16:70:ad:ad:91:61:0b:16:69:56:2e:70:bb:af:7a:
                    6f:b5:37:36:e3:1c:d0:94:23:0c:dd:33:49:cd:90:
                    43:2c:18:36:4d:f0:86:e2:64:bf:b9:5f:4c:8e:d6:
                    6d:33:8e:1e:48:8c:47:31:28:50:5d:9b:26:1c:5d:
                    7d:fe:1c:f5:c2:0a:42:75:89:23:4f:fd:88:03:95:
                    3d:1c:d2:ba:de:89:63:6e:ad:04:36:87:c8:fb:40:
                    d4:9d:97:1a:1d:2d:66:d4:e7:44:1d:c2:36:b9:aa:
                    8b:bc:28:d7:fc:c1:49:05:d9:f2:45:ec:3f:cd:d4:
                    34:5d:4f:75:6a:e9:d7:69:51:0d:a7:94:90:e3:10:
                    48:5d:13:ce:10:22:49:78:9d:90:e6:47:ba:fc:1f:
                    86:df:c5:53:51:91:e5:9b:ae:ae:39:fa:66:5d:db:
                    04:ac:32:a4:7c:99:13:30:18:89:ef:37:fb:2e:fe:
                    02:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:D3:D3:D2:60:C4:4D:97:A7:61:54:30:06:C5:66:39:38:08:93:65
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS209622.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:04:8e:60:37:13:74:b8:f8:f3:c0:98:ee:13:d5:83:d3:3a:
         fc:55:21:e8:32:96:5d:31:2f:fe:44:ea:68:4c:2c:9c:b9:07:
         83:8d:a6:aa:5c:d4:f9:53:bd:23:ff:c1:81:1b:e8:27:d4:09:
         bf:16:63:2b:92:8f:14:78:50:4b:c9:cd:d4:8e:12:87:a5:88:
         d5:10:43:63:b7:ed:37:6b:34:c0:5f:e3:d7:08:a1:c9:06:76:
         a9:f2:d4:ff:6b:5d:62:b0:e3:2a:b6:9c:4b:78:40:1e:36:8f:
         44:aa:bd:86:58:6a:d3:ec:d2:75:c9:c9:40:33:86:59:ec:2f:
         cf:cd:91:e4:e7:98:82:dc:37:fd:27:d0:a7:37:99:db:52:c9:
         78:f9:07:4f:e8:12:bf:bd:65:5b:04:1a:b6:78:6d:06:7d:fe:
         c6:92:f8:79:cf:5a:4e:72:3f:78:c4:51:df:65:ca:79:4f:a8:
         3a:7c:3b:05:b4:30:4d:ab:9a:d5:be:2d:fd:17:0a:27:f5:52:
         3f:ee:2a:e0:07:c5:11:d8:6a:11:d4:39:99:4c:a0:a4:12:a1:
         4c:8e:9a:ea:35:8f:ec:d0:73:dd:dd:6e:ff:0e:f5:10:d3:01:
         50:4c:e6:84:5a:cc:95:b8:6f:16:e1:5e:78:d1:9e:30:89:df:
         3d:89:3f:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZCyBxdftiZ8ENnZMrHDpCE8VzGgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDUxMDU1MjlaFw0yNzA2MDQxMTAwMjlaMDMxMTAvBgNV
BAMTKEMwRDNEM0QyNjBDNDREOTdBNzYxNTQzMDA2QzU2NjM5MzgwODkzNjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyF8sPFePp1+NvM652vzoiH9tX
E2lMhD+39wr1Xj3Va4UFC63tQOCXJgOI1i82VkjgjDPQQKUt01A/qGjwt0Y09AJ9
11ZYQcdV4hZwra2RYQsWaVYucLuvem+1NzbjHNCUIwzdM0nNkEMsGDZN8IbiZL+5
X0yO1m0zjh5IjEcxKFBdmyYcXX3+HPXCCkJ1iSNP/YgDlT0c0rreiWNurQQ2h8j7
QNSdlxodLWbU50Qdwja5qou8KNf8wUkF2fJF7D/N1DRdT3Vq6ddpUQ2nlJDjEEhd
E84QIkl4nZDmR7r8H4bfxVNRkeWbrq45+mZd2wSsMqR8mRMwGInvN/su/gL9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUwNPT0mDETZenYVQwBsVmOTgIk2UwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA5NjIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3V9
MA0GCSqGSIb3DQEBCwUAA4IBAQAvBI5gNxN0uPjzwJjuE9WD0zr8VSHoMpZdMS/+
ROpoTCycuQeDjaaqXNT5U70j/8GBG+gn1Am/FmMrko8UeFBLyc3UjhKHpYjVEENj
t+03azTAX+PXCKHJBnap8tT/a11isOMqtpxLeEAeNo9Eqr2GWGrT7NJ1yclAM4ZZ
7C/PzZHk55iC3Df9J9CnN5nbUsl4+QdP6BK/vWVbBBq2eG0Gff7Gkvh5z1pOcj94
xFHfZcp5T6g6fDsFtDBNq5rVvi39Fwon9VI/7irgB8UR2GoR1DmZTKCkEqFMjprq
NY/s0HPd3W7/DvUQ0wFQTOaEWsyVuG8W4V540Z4wid89iT/W
-----END CERTIFICATE-----