Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS209557.roa
File:                     AS209557.roa (raw, json)
Hash identifier:          jDjRhaImqPxwgVUI1E6Opbkz4Zjula5zv/YhRqqwFSc=
Subject key identifier:   3F:5B:22:70:21:9E:1B:35:1B:79:08:60:2F:31:29:FF:06:68:66:7B
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       024424615FC9B761A6B248EB28DD1F388390C1F7
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS209557.roa
Signing time:             Tue 19 May 2026 09:36:06 +0000
ROA not before:           Tue 19 May 2026 09:31:06 +0000
ROA not after:            Tue 18 May 2027 09:36:06 +0000
asID:                     209557
IP address blocks:        82.139.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:44:24:61:5f:c9:b7:61:a6:b2:48:eb:28:dd:1f:38:83:90:c1:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 19 09:31:06 2026 GMT
            Not After : May 18 09:36:06 2027 GMT
        Subject: CN=3F5B2270219E1B351B7908602F3129FF0668667B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:90:8d:a6:c4:e1:30:9b:ce:b1:cf:90:cb:4c:
                    a8:a8:5a:3c:24:4d:d9:7f:e6:e5:18:32:7c:1a:35:
                    67:07:2e:b8:4d:bb:78:a1:ba:f9:a0:bb:7e:8b:e8:
                    02:dc:12:83:ee:f9:f4:a8:8e:fc:ab:93:63:c4:4f:
                    49:fb:d1:47:90:94:fe:33:7a:08:d4:52:32:ab:88:
                    89:2f:10:35:02:2b:d8:47:c6:3d:e2:ab:d9:d3:56:
                    e9:3b:34:b3:24:b3:75:83:3d:d0:e2:ab:28:35:1b:
                    36:c8:33:89:94:8b:d9:6a:c2:7d:d0:f4:31:f4:74:
                    cf:2b:52:6e:68:b0:d4:03:03:ec:6f:2d:07:2b:fe:
                    37:b5:84:00:c1:2d:09:27:60:a4:bc:2f:13:f1:5c:
                    42:ad:a5:aa:27:29:d3:78:19:de:10:71:d8:b3:65:
                    79:61:75:25:1b:f4:d3:05:f4:cf:ff:d0:b8:83:c4:
                    7d:ec:3f:2a:f9:fa:64:ac:69:61:c9:2c:cd:22:6d:
                    69:66:63:5b:44:23:9b:1d:9d:9f:12:26:7e:cf:0d:
                    0b:d7:c1:a8:4f:90:ed:40:b3:5a:95:a3:63:8a:b7:
                    ca:f1:6d:8f:ec:4b:7d:11:80:2e:11:c7:a4:cf:9f:
                    f3:74:13:0b:9f:b0:36:42:6a:02:65:60:9b:eb:75:
                    5c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:5B:22:70:21:9E:1B:35:1B:79:08:60:2F:31:29:FF:06:68:66:7B
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS209557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:6a:50:cc:01:55:16:67:eb:db:b7:e4:3f:83:12:57:3f:
         b4:f3:65:66:1c:2f:de:05:95:64:9e:a5:b4:22:5f:4b:44:a4:
         fe:82:84:ad:96:c3:18:90:da:ee:df:f7:93:b3:19:b1:0a:b2:
         f6:bf:44:80:79:35:66:0c:b2:85:8c:99:76:c8:15:d5:de:5f:
         58:c5:87:70:dd:fa:c1:d6:1d:8d:85:71:50:04:e2:f7:2a:c8:
         a3:a9:f8:42:71:76:c4:c7:0c:b6:01:e8:a4:a2:a5:0b:a4:04:
         c4:05:a7:58:da:d1:a6:b3:06:9f:b9:0f:61:b2:e4:e5:d5:fd:
         fd:0d:18:75:9b:d2:03:fd:aa:4b:00:4b:81:58:32:bd:23:b4:
         37:6d:96:30:83:f7:57:ba:bf:3a:bd:50:51:62:52:a7:2c:09:
         1f:71:bb:35:d7:48:b2:63:2a:a0:0f:8a:d9:15:6b:32:37:93:
         94:28:03:77:f8:98:1b:9b:4d:94:6b:5e:2f:fa:44:00:1a:ff:
         b0:71:15:b5:14:89:d3:11:52:0c:d4:b1:84:69:9c:a5:ca:20:
         d2:50:4b:b9:c0:da:83:a0:d2:fe:65:fd:a7:90:97:72:f3:ff:
         6c:41:91:42:7b:9e:ba:5d:00:18:3c:94:69:55:6e:78:b4:98:
         5f:14:bb:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAkQkYV/Jt2GmskjrKN0fOIOQwfcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTkwOTMxMDZaFw0yNzA1MTgwOTM2MDZaMDMxMTAvBgNV
BAMTKDNGNUIyMjcwMjE5RTFCMzUxQjc5MDg2MDJGMzEyOUZGMDY2ODY2N0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkI2mxOEwm86xz5DLTKioWjwk
Tdl/5uUYMnwaNWcHLrhNu3ihuvmgu36L6ALcEoPu+fSojvyrk2PET0n70UeQlP4z
egjUUjKriIkvEDUCK9hHxj3iq9nTVuk7NLMks3WDPdDiqyg1GzbIM4mUi9lqwn3Q
9DH0dM8rUm5osNQDA+xvLQcr/je1hADBLQknYKS8LxPxXEKtpaonKdN4Gd4Qcdiz
ZXlhdSUb9NMF9M//0LiDxH3sPyr5+mSsaWHJLM0ibWlmY1tEI5sdnZ8SJn7PDQvX
wahPkO1As1qVo2OKt8rxbY/sS30RgC4Rx6TPn/N0EwufsDZCagJlYJvrdVw7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUP1sicCGeGzUbeQhgLzEp/wZoZnswHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjA5NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovx
MA0GCSqGSIb3DQEBCwUAA4IBAQCRwWpQzAFVFmfr27fkP4MSVz+082VmHC/eBZVk
nqW0Il9LRKT+goStlsMYkNru3/eTsxmxCrL2v0SAeTVmDLKFjJl2yBXV3l9YxYdw
3frB1h2NhXFQBOL3KsijqfhCcXbExwy2AeikoqULpATEBadY2tGmswafuQ9hsuTl
1f39DRh1m9ID/apLAEuBWDK9I7Q3bZYwg/dXur86vVBRYlKnLAkfcbs110iyYyqg
D4rZFWsyN5OUKAN3+Jgbm02Ua14v+kQAGv+wcRW1FInTEVIM1LGEaZylyiDSUEu5
wNqDoNL+Zf2nkJdy8/9sQZFCe566XQAYPJRpVW54tJhfFLsy
-----END CERTIFICATE-----