Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
File:                     AS209768.roa (raw, json)
Hash identifier:          izw7SRcuFaBAkGaQRjDiSogN9Aya2jed2nCx1NpUFkI=
Subject key identifier:   DF:71:4A:EA:24:7A:19:4B:DC:CE:E7:F8:3E:55:EF:39:5C:EB:E3:2D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       45768204393E1C5D09737896D733A72244189E87
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa
Signing time:             Tue 02 Sep 2025 15:46:33 +0000
ROA not before:           Tue 02 Sep 2025 15:41:33 +0000
ROA not after:            Tue 01 Sep 2026 15:46:33 +0000
asID:                     209768
IP address blocks:        191.96.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:76:82:04:39:3e:1c:5d:09:73:78:96:d7:33:a7:22:44:18:9e:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Sep  2 15:41:33 2025 GMT
            Not After : Sep  1 15:46:33 2026 GMT
        Subject: CN=DF714AEA247A194BDCCEE7F83E55EF395CEBE32D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:92:d4:5c:6f:f2:3d:21:2b:b1:8a:8d:74:3e:
                    0d:ed:5b:f6:ec:4e:64:3b:24:90:08:c5:9e:4f:f7:
                    b0:42:f5:fb:66:fb:f8:a8:5e:2f:16:22:44:c9:1a:
                    e5:b5:97:72:39:88:2f:f9:e6:d9:14:d6:55:d9:a3:
                    8e:e3:40:6e:1e:5c:34:7c:1e:cc:04:75:01:08:36:
                    bf:48:21:12:4d:42:46:f6:08:8a:48:bb:b6:74:c7:
                    2f:f0:3a:c5:36:84:c9:e3:54:e5:71:5c:b4:3c:b5:
                    f0:f6:04:c6:ea:e4:8d:45:8b:dc:ed:15:ef:d3:8c:
                    d4:9c:2b:a5:54:a3:9d:ae:f8:69:be:4d:50:97:f3:
                    c9:b9:21:a5:14:5b:c5:b7:47:42:89:bc:44:2b:34:
                    7d:cd:c7:53:78:d5:f8:16:84:66:c9:3f:31:8e:79:
                    d0:c7:36:d6:a5:9d:9e:9e:f7:23:ed:89:8c:0f:d2:
                    bc:38:fd:a7:b5:74:c0:11:44:89:41:7a:7b:14:76:
                    5d:ac:42:31:5e:e1:ea:5e:0a:67:ad:50:8a:13:b9:
                    fb:b6:e9:7c:db:ad:60:1d:81:78:7b:b3:6d:21:02:
                    7b:d3:44:01:5c:45:5e:75:03:6e:da:c0:78:cc:d3:
                    3f:53:cd:8f:2d:4d:15:a2:d3:a3:b1:40:c7:c4:3f:
                    10:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:71:4A:EA:24:7A:19:4B:DC:CE:E7:F8:3E:55:EF:39:5C:EB:E3:2D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS209768.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:91:5f:3a:82:82:9f:42:be:92:29:be:50:e0:7d:8d:14:fd:
         66:06:b5:0d:7b:36:3f:9f:df:cc:24:5d:5d:74:da:d3:6f:5b:
         b2:07:e6:2e:9d:9c:aa:b5:33:66:b9:df:9d:7c:14:0b:04:aa:
         9f:ba:3d:23:29:2f:9b:d3:a0:8f:4a:fd:c1:95:ad:26:7b:de:
         2c:00:ac:ee:0b:08:10:75:89:f9:2c:9f:af:5f:f2:6c:02:dd:
         4f:e5:a5:5a:3e:df:a0:dc:62:ad:e0:85:84:c7:b7:6d:02:cc:
         6f:aa:01:7a:1f:36:86:87:c5:c5:5f:ec:02:55:ea:1e:ae:f5:
         45:03:5f:ea:6b:a9:e9:80:3a:b1:8a:e7:0c:a3:2c:60:b2:4a:
         28:d0:25:1a:0a:55:f2:7b:13:fc:c8:29:ff:a3:78:a6:94:e9:
         9c:90:7c:88:51:94:8a:6b:50:2d:b3:f0:ad:b1:6f:a5:df:eb:
         f7:27:34:f7:b0:ab:a5:a2:70:3c:8d:6d:8a:7c:6a:4e:f3:73:
         c9:ac:ed:9c:f5:08:ed:0c:9e:05:c3:22:6b:f2:c1:ea:21:37:
         9a:6d:88:a7:a6:53:16:78:a0:f9:22:5b:85:e3:31:b1:26:06:
         07:37:44:f7:fd:3c:c0:42:e7:ee:fe:33:6a:af:9e:96:9a:ec:
         72:b8:4a:ce
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURXaCBDk+HF0Jc3iW1zOnIkQYnocwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA5MDIxNTQxMzNaFw0yNjA5MDExNTQ2MzNaMDMxMTAvBgNV
BAMTKERGNzE0QUVBMjQ3QTE5NEJEQ0NFRTdGODNFNTVFRjM5NUNFQkUzMkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPktRcb/I9ISuxio10Pg3tW/bs
TmQ7JJAIxZ5P97BC9ftm+/ioXi8WIkTJGuW1l3I5iC/55tkU1lXZo47jQG4eXDR8
HswEdQEINr9IIRJNQkb2CIpIu7Z0xy/wOsU2hMnjVOVxXLQ8tfD2BMbq5I1Fi9zt
Fe/TjNScK6VUo52u+Gm+TVCX88m5IaUUW8W3R0KJvEQrNH3Nx1N41fgWhGbJPzGO
edDHNtalnZ6e9yPtiYwP0rw4/ae1dMARRIlBensUdl2sQjFe4epeCmetUIoTufu2
6XzbrWAdgXh7s20hAnvTRAFcRV51A27awHjM0z9TzY8tTRWi06OxQMfEPxAPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU33FK6iR6GUvczuf4PlXvOVzr4y0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMjA5NzY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Cw
MA0GCSqGSIb3DQEBCwUAA4IBAQAikV86goKfQr6SKb5Q4H2NFP1mBrUNezY/n9/M
JF1ddNrTb1uyB+YunZyqtTNmud+dfBQLBKqfuj0jKS+b06CPSv3Bla0me94sAKzu
CwgQdYn5LJ+vX/JsAt1P5aVaPt+g3GKt4IWEx7dtAsxvqgF6HzaGh8XFX+wCVeoe
rvVFA1/qa6npgDqxiucMoyxgskoo0CUaClXyexP8yCn/o3imlOmckHyIUZSKa1At
s/CtsW+l3+v3JzT3sKulonA8jW2KfGpO83PJrO2c9QjtDJ4FwyJr8sHqITeabYin
plMWeKD5IluF4zGxJgYHN0T3/TzAQufu/jNqr56WmuxyuErO
-----END CERTIFICATE-----