Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          FxjaZ2lNHPSQdD6NSv9AIwW5bqZ9RPCNLiwKhl40uK0=
Subject key identifier:   1D:0D:83:B1:05:2E:AB:F3:D7:AE:92:5D:FD:BD:05:5F:EA:90:C2:47
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       33BF6604CBE847A29E8A21297A26F3D625BDC9E1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa
Signing time:             Mon 28 Oct 2024 10:43:25 +0000
ROA not before:           Mon 28 Oct 2024 10:38:25 +0000
ROA not after:            Mon 27 Oct 2025 10:43:25 +0000
asID:                     209242
IP address blocks:        185.135.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:bf:66:04:cb:e8:47:a2:9e:8a:21:29:7a:26:f3:d6:25:bd:c9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Oct 28 10:38:25 2024 GMT
            Not After : Oct 27 10:43:25 2025 GMT
        Subject: CN=1D0D83B1052EABF3D7AE925DFDBD055FEA90C247
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b8:aa:13:0f:48:45:ae:6a:41:8e:94:db:9d:
                    8d:89:a7:7b:a4:4c:22:19:19:cd:1f:b4:46:fe:94:
                    ee:2e:2f:b8:20:fc:b4:27:c2:f6:91:57:3e:79:01:
                    4c:71:41:f3:4c:9b:a3:31:ec:05:d6:dc:fd:72:35:
                    6a:7d:7d:9f:29:ff:4f:b8:f3:28:fe:1d:84:a4:3a:
                    f3:91:2a:09:c2:4c:30:50:f9:52:5d:65:a1:1d:ae:
                    1f:78:d3:87:b2:3b:c2:17:87:a7:c0:2e:fa:1c:4c:
                    d7:64:8f:4e:c1:3b:d7:22:1e:7b:73:5c:f3:2f:2c:
                    35:47:f8:e1:a9:d9:6b:26:06:90:d3:cc:cb:43:c3:
                    00:17:11:39:1d:58:d8:1b:4c:3d:e4:fa:dc:a7:c0:
                    a5:6c:5e:70:52:b1:a2:39:83:e2:6a:6a:a7:49:b0:
                    1b:7a:b7:34:5d:21:7b:61:bc:44:a1:7b:5f:47:bc:
                    03:b8:52:5a:a3:09:aa:1c:19:e5:15:8f:a4:fc:b6:
                    71:02:b3:32:2b:21:e8:8e:eb:cb:68:8d:f2:a1:6d:
                    da:91:7f:c9:68:2a:ff:88:50:0b:d6:82:2a:54:b5:
                    72:dd:d7:72:4e:96:84:40:a7:0b:77:a2:a8:97:71:
                    b0:40:3f:fc:1c:3f:0a:eb:b8:67:b9:4a:3b:db:4e:
                    f1:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:0D:83:B1:05:2E:AB:F3:D7:AE:92:5D:FD:BD:05:5F:EA:90:C2:47
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.135.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:fc:ff:cb:f5:85:bd:ee:5c:c9:22:af:65:43:2a:4a:e9:ba:
         f0:9b:4e:65:4d:b3:5f:a7:f8:18:37:ed:56:52:be:09:3d:5f:
         9b:84:92:96:d8:bd:d9:db:c9:7a:ed:7b:76:37:a8:b0:49:0d:
         7d:25:4e:7e:58:25:b5:f7:df:17:cc:d4:6f:71:3b:1c:6b:d2:
         25:4a:06:65:49:30:1d:07:0e:11:d6:4f:87:f5:a3:ae:6e:9a:
         ea:b5:2b:94:d5:27:f7:f8:e4:5f:76:e9:f1:ff:da:35:c3:4e:
         70:4d:a1:7c:32:0d:a8:48:05:23:38:29:48:8d:bc:9e:11:fc:
         46:8e:17:dc:c1:1e:9c:79:66:96:3f:67:c5:0d:0c:d9:3a:a6:
         5b:5a:56:f0:00:15:91:04:4b:76:9a:ab:4f:e1:48:38:18:24:
         d8:96:7f:b5:35:fa:bc:04:8a:b9:bc:79:e2:7f:96:80:98:a3:
         c5:d3:3d:21:5f:ad:2f:61:36:85:75:c6:be:a7:01:1c:65:95:
         62:4a:85:d1:13:36:59:53:61:eb:bf:45:b6:38:9f:f9:b5:ab:
         fb:e7:15:ff:35:c7:45:5a:eb:d3:9d:b0:a6:f2:37:a5:7f:f5:
         ec:35:22:fc:d5:ef:9f:e3:09:34:8c:c7:f0:9f:85:ea:43:a1:
         04:e0:0b:04
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM79mBMvoR6KeiiEpeibz1iW9yeEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDEwMjgxMDM4MjVaFw0yNTEwMjcxMDQzMjVaMDMxMTAvBgNV
BAMTKDFEMEQ4M0IxMDUyRUFCRjNEN0FFOTI1REZEQkQwNTVGRUE5MEMyNDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6uKoTD0hFrmpBjpTbnY2Jp3uk
TCIZGc0ftEb+lO4uL7gg/LQnwvaRVz55AUxxQfNMm6Mx7AXW3P1yNWp9fZ8p/0+4
8yj+HYSkOvORKgnCTDBQ+VJdZaEdrh9404eyO8IXh6fALvocTNdkj07BO9ciHntz
XPMvLDVH+OGp2WsmBpDTzMtDwwAXETkdWNgbTD3k+tynwKVsXnBSsaI5g+JqaqdJ
sBt6tzRdIXthvEShe19HvAO4UlqjCaocGeUVj6T8tnECszIrIeiO68tojfKhbdqR
f8loKv+IUAvWgipUtXLd13JOloRApwt3oqiXcbBAP/wcPwrruGe5SjvbTvEFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHQ2DsQUuq/PXrpJd/b0FX+qQwkcwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYcJ
MA0GCSqGSIb3DQEBCwUAA4IBAQBU/P/L9YW97lzJIq9lQypK6brwm05lTbNfp/gY
N+1WUr4JPV+bhJKW2L3Z28l67Xt2N6iwSQ19JU5+WCW1998XzNRvcTsca9IlSgZl
STAdBw4R1k+H9aOubprqtSuU1Sf3+ORfdunx/9o1w05wTaF8Mg2oSAUjOClIjbye
EfxGjhfcwR6ceWaWP2fFDQzZOqZbWlbwABWRBEt2mqtP4Ug4GCTYln+1Nfq8BIq5
vHnif5aAmKPF0z0hX60vYTaFdca+pwEcZZViSoXREzZZU2Hrv0W2OJ/5tav75xX/
NcdFWuvTnbCm8jelf/XsNSL81e+f4wk0jMfwn4XqQ6EE4AsE
-----END CERTIFICATE-----