Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          61XPprf3ONh7XJKaRdeUZJYi0lFUGpcu1+0Ape3ebwg=
Subject key identifier:   E5:86:58:07:29:98:0C:A1:9B:0E:CA:C9:DA:1F:16:B6:DF:21:FA:B5
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       44E41B486F1D06DC844E1C7D61856DB3A7D38FF2
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
Signing time:             Mon 25 Aug 2025 11:23:31 +0000
ROA not before:           Mon 25 Aug 2025 11:18:31 +0000
ROA not after:            Mon 24 Aug 2026 11:23:31 +0000
asID:                     209242
IP address blocks:        45.153.7.0/24 maxlen: 24
                          194.113.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:e4:1b:48:6f:1d:06:dc:84:4e:1c:7d:61:85:6d:b3:a7:d3:8f:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 25 11:18:31 2025 GMT
            Not After : Aug 24 11:23:31 2026 GMT
        Subject: CN=E586580729980CA19B0ECAC9DA1F16B6DF21FAB5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:13:25:a3:00:e4:ab:7d:1c:7e:72:7c:66:32:
                    df:89:3b:8c:39:15:2d:6a:8c:ad:46:16:96:70:bf:
                    07:8c:dd:e4:d4:f4:43:25:10:77:5f:88:5a:fc:ce:
                    5f:48:b0:53:44:86:1b:a3:76:2e:c3:3a:87:e2:a0:
                    c4:03:7a:fb:f6:96:7b:65:f3:75:0a:7a:20:d5:e6:
                    02:2e:f8:48:28:17:2f:13:13:7c:15:6e:aa:ca:21:
                    c4:9c:e9:57:47:ae:8e:d3:43:e9:d1:a4:d0:76:6d:
                    78:99:cb:a3:93:e0:7b:b7:4a:ea:39:df:99:53:f8:
                    30:74:0a:bd:ed:76:f0:39:34:72:5e:f5:35:5a:68:
                    a1:b1:6e:40:9e:fe:bb:c0:33:bc:a6:30:c3:75:c2:
                    5c:a2:2e:bc:e2:86:44:c8:c5:df:86:b2:89:ad:d9:
                    02:54:22:a6:1f:38:e9:0f:8a:aa:4e:34:79:5b:21:
                    84:be:6a:17:a6:6f:6f:0c:78:c5:4d:b3:1e:c6:6e:
                    d3:d2:55:1c:fc:6d:51:76:e1:ac:6c:b7:97:77:1b:
                    38:0f:cd:f9:3b:26:90:7c:52:2e:e0:22:b0:da:9a:
                    91:c5:56:78:77:1a:80:d9:cc:c8:06:9c:b0:4f:90:
                    f2:e1:77:77:c9:b8:6c:61:19:3a:54:06:bc:43:57:
                    80:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:86:58:07:29:98:0C:A1:9B:0E:CA:C9:DA:1F:16:B6:DF:21:FA:B5
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.7.0/24
                  194.113.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:e4:f7:b8:d3:1e:38:64:7d:8a:fc:53:78:37:25:96:e1:33:
         ce:56:3d:06:9d:f5:9c:ae:a1:2d:e6:f3:b1:28:b2:a1:37:4a:
         4b:a4:e2:3c:12:73:31:d0:46:a0:b4:1e:db:f1:9a:c6:1a:d2:
         fb:5e:ad:8e:c1:b1:e5:60:6b:02:fb:e5:77:80:d3:f1:cd:77:
         90:75:ab:dd:da:8b:99:e0:97:e1:4b:65:37:62:05:f6:0d:60:
         51:49:3c:96:fe:6c:5c:68:86:70:39:29:6b:2c:a9:02:d6:93:
         02:3c:48:49:4c:47:44:8c:4b:e7:94:56:4e:59:2e:7f:10:16:
         06:72:90:98:71:f4:eb:de:74:6e:f1:8c:14:9e:ba:90:43:7a:
         9e:b3:d3:e8:8e:f1:57:5e:6c:ca:3a:b3:37:07:af:c2:2a:30:
         c5:10:f0:d6:1c:ef:3f:ce:6f:a5:fc:cf:ff:1e:de:17:ac:9f:
         b6:c8:d7:e4:5f:f6:6b:dc:10:52:4e:8a:38:5f:14:23:ac:80:
         23:27:fc:c8:b7:6d:4c:e0:05:10:6e:d3:5e:2f:0a:24:e5:68:
         15:d3:fd:49:a1:84:88:94:59:e8:09:fc:0a:49:47:96:44:36:
         92:f5:75:9b:55:ca:a3:9b:a5:e4:15:e2:9c:31:fb:7b:11:47:
         45:ba:9f:6e
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUROQbSG8dBtyEThx9YYVts6fTj/IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MjUxMTE4MzFaFw0yNjA4MjQxMTIzMzFaMDMxMTAvBgNV
BAMTKEU1ODY1ODA3Mjk5ODBDQTE5QjBFQ0FDOURBMUYxNkI2REYyMUZBQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUEyWjAOSrfRx+cnxmMt+JO4w5
FS1qjK1GFpZwvweM3eTU9EMlEHdfiFr8zl9IsFNEhhujdi7DOofioMQDevv2lntl
83UKeiDV5gIu+EgoFy8TE3wVbqrKIcSc6VdHro7TQ+nRpNB2bXiZy6OT4Hu3Suo5
35lT+DB0Cr3tdvA5NHJe9TVaaKGxbkCe/rvAM7ymMMN1wlyiLrzihkTIxd+Gsomt
2QJUIqYfOOkPiqpONHlbIYS+ahemb28MeMVNsx7GbtPSVRz8bVF24axst5d3GzgP
zfk7JpB8Ui7gIrDampHFVnh3GoDZzMgGnLBPkPLhd3fJuGxhGTpUBrxDV4A/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU5YZYBymYDKGbDsrJ2h8Wtt8h+rUwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZkH
AwQAwnHfMA0GCSqGSIb3DQEBCwUAA4IBAQBS5Pe40x44ZH2K/FN4NyWW4TPOVj0G
nfWcrqEt5vOxKLKhN0pLpOI8EnMx0EagtB7b8ZrGGtL7Xq2OwbHlYGsC++V3gNPx
zXeQdavd2ouZ4JfhS2U3YgX2DWBRSTyW/mxcaIZwOSlrLKkC1pMCPEhJTEdEjEvn
lFZOWS5/EBYGcpCYcfTr3nRu8YwUnrqQQ3qes9PojvFXXmzKOrM3B6/CKjDFEPDW
HO8/zm+l/M//Ht4XrJ+2yNfkX/Zr3BBSToo4XxQjrIAjJ/zIt21M4AUQbtNeLwok
5WgV0/1JoYSIlFnoCfwKSUeWRDaS9XWbVcqjm6XkFeKcMft7EUdFup9u
-----END CERTIFICATE-----