Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209468.roa
File:                     AS209468.roa (raw, json)
Hash identifier:          /vru4uvo/brLzKVanLPq/7WfseWHVVXMJnw+R6xTa2Y=
Subject key identifier:   40:22:DD:0F:CE:7C:DB:A6:31:87:A9:B8:A6:72:F0:CD:4A:F4:5A:64
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       664230F5529DBEE6F9AC4ABB1723B8432187C46E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209468.roa
Signing time:             Wed 12 Feb 2025 12:26:45 +0000
ROA not before:           Wed 12 Feb 2025 12:21:45 +0000
ROA not after:            Wed 11 Feb 2026 12:26:45 +0000
asID:                     209468
IP address blocks:        5.252.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:42:30:f5:52:9d:be:e6:f9:ac:4a:bb:17:23:b8:43:21:87:c4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 12 12:21:45 2025 GMT
            Not After : Feb 11 12:26:45 2026 GMT
        Subject: CN=4022DD0FCE7CDBA63187A9B8A672F0CD4AF45A64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:69:11:40:2b:00:7e:2d:dc:64:00:d0:90:65:
                    39:ab:ca:97:06:17:95:97:22:0e:c6:bc:b1:2c:e2:
                    e7:b9:d8:18:c6:3d:55:14:2b:da:66:b7:6b:e5:a3:
                    0e:33:7a:77:26:74:30:3c:06:6f:38:bf:b8:31:ec:
                    de:68:4a:2f:ea:8b:25:d4:0f:bd:a1:e1:da:d2:e6:
                    a4:fe:16:84:c2:bb:6d:d2:af:66:d1:ff:cd:02:ce:
                    4d:98:5c:16:85:1d:51:f5:01:e8:dc:db:1b:64:05:
                    cc:42:f1:78:e4:8c:aa:51:f1:0b:62:ef:f9:d7:ad:
                    61:15:f7:7d:b3:76:16:ee:9d:7b:e4:86:04:13:68:
                    9a:e1:0e:e7:ac:8d:12:86:88:e3:53:e3:57:dc:8a:
                    91:65:08:50:73:db:1f:4e:96:a6:1c:39:3c:dc:e9:
                    03:f4:6e:7c:05:8f:2e:23:db:00:89:42:5d:f4:de:
                    f3:83:44:a0:af:3e:ed:5b:4c:78:5c:a4:46:79:cf:
                    01:75:57:75:40:07:ac:7e:43:db:f6:e3:4f:19:22:
                    09:ad:6f:55:5e:be:86:a3:4a:a3:6b:43:a6:95:f5:
                    52:28:13:99:f8:5d:68:e1:34:e5:38:31:93:4f:f2:
                    02:d2:ca:22:2b:ec:03:91:e1:2a:39:00:81:46:13:
                    0f:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:22:DD:0F:CE:7C:DB:A6:31:87:A9:B8:A6:72:F0:CD:4A:F4:5A:64
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209468.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:29:13:e8:99:56:e7:13:04:21:d7:de:5b:17:1d:f5:08:75:
         ec:8d:ac:15:c0:35:da:25:e2:fe:4f:16:64:81:df:16:dc:c7:
         58:3f:97:04:1c:61:24:6e:e5:15:77:93:40:e4:7a:4c:0d:57:
         14:4d:c4:ae:8c:d4:2d:67:7b:cf:d6:72:0f:5b:4c:4f:ed:ca:
         64:be:41:f0:67:fe:fe:03:2e:02:87:68:7c:c6:87:61:7d:77:
         0d:2a:6e:70:6a:32:b8:e4:7b:aa:9f:8d:f9:5a:db:c7:99:01:
         a5:55:7f:7f:85:13:a7:17:54:7f:31:74:3d:54:7e:00:8a:68:
         a3:31:9a:90:c8:5f:86:5e:66:0b:50:b9:11:c5:fb:69:bd:6b:
         06:be:a8:07:0a:75:1e:2a:c6:fa:14:95:c5:aa:cb:26:70:38:
         ae:e9:38:0c:c6:72:47:1d:67:12:91:ec:58:00:04:40:c2:e0:
         68:95:49:4d:37:e0:5f:7a:42:d4:f9:6e:90:df:43:55:ba:c8:
         cf:90:f6:47:aa:06:27:ae:e8:3b:e1:38:7f:f7:4c:77:fa:06:
         85:f1:96:1f:cf:de:80:3f:c1:4e:3d:2e:46:cb:35:b6:8f:93:
         0d:08:eb:c1:5a:eb:e2:4c:63:05:d4:5b:11:51:04:46:3a:b3:
         84:09:6b:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZkIw9VKdvub5rEq7FyO4QyGHxG4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAyMTIxMjIxNDVaFw0yNjAyMTExMjI2NDVaMDMxMTAvBgNV
BAMTKDQwMjJERDBGQ0U3Q0RCQTYzMTg3QTlCOEE2NzJGMENENEFGNDVBNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRaRFAKwB+LdxkANCQZTmrypcG
F5WXIg7GvLEs4ue52BjGPVUUK9pmt2vlow4zencmdDA8Bm84v7gx7N5oSi/qiyXU
D72h4drS5qT+FoTCu23Sr2bR/80Czk2YXBaFHVH1Aejc2xtkBcxC8XjkjKpR8Qti
7/nXrWEV932zdhbunXvkhgQTaJrhDuesjRKGiONT41fcipFlCFBz2x9OlqYcOTzc
6QP0bnwFjy4j2wCJQl303vODRKCvPu1bTHhcpEZ5zwF1V3VAB6x+Q9v2408ZIgmt
b1VevoajSqNrQ6aV9VIoE5n4XWjhNOU4MZNP8gLSyiIr7AOR4So5AIFGEw9jAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUQCLdD85826Yxh6m4pnLwzUr0WmQwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5NDY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfxS
MA0GCSqGSIb3DQEBCwUAA4IBAQA4KRPomVbnEwQh195bFx31CHXsjawVwDXaJeL+
TxZkgd8W3MdYP5cEHGEkbuUVd5NA5HpMDVcUTcSujNQtZ3vP1nIPW0xP7cpkvkHw
Z/7+Ay4Ch2h8xodhfXcNKm5wajK45Huqn435WtvHmQGlVX9/hROnF1R/MXQ9VH4A
imijMZqQyF+GXmYLULkRxftpvWsGvqgHCnUeKsb6FJXFqssmcDiu6TgMxnJHHWcS
kexYAARAwuBolUlNN+BfekLU+W6Q30NVusjPkPZHqgYnrug74Th/90x3+gaF8ZYf
z96AP8FOPS5GyzW2j5MNCOvBWuviTGMF1FsRUQRGOrOECWtu
-----END CERTIFICATE-----