Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          adBr5w2pu5Q5UTSKPvrL9hH8kGnOn3kjxir6BEHBNRA=
Subject key identifier:   BD:D9:4C:75:0C:13:4B:BC:69:A3:3B:E1:08:27:3B:BC:3E:E5:95:DE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       5BBE76B8E809429A6CF134C9FF58293F99CDE46E
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
Signing time:             Mon 15 Apr 2024 09:05:16 +0000
ROA not before:           Mon 15 Apr 2024 09:00:16 +0000
ROA not after:            Mon 14 Apr 2025 09:05:16 +0000
asID:                     209242
IP address blocks:        147.78.121.0/24 maxlen: 24
                          194.113.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:be:76:b8:e8:09:42:9a:6c:f1:34:c9:ff:58:29:3f:99:cd:e4:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 15 09:00:16 2024 GMT
            Not After : Apr 14 09:05:16 2025 GMT
        Subject: CN=BDD94C750C134BBC69A33BE108273BBC3EE595DE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:60:36:fc:10:fe:09:73:f6:ac:c8:3a:55:db:
                    57:8f:67:25:26:87:bf:b5:5f:18:0a:e4:fd:76:23:
                    fc:a7:37:d5:9a:fd:f3:0d:af:3f:1d:29:95:4c:92:
                    36:ed:b0:b0:e5:bf:ab:91:79:c2:0c:d9:7c:49:87:
                    ee:af:97:d1:d8:6b:21:23:40:10:d4:11:bb:fe:5a:
                    32:ee:f6:4e:02:d1:fd:93:b6:f4:23:41:12:0e:95:
                    db:6b:41:5f:7f:2d:2a:bd:b9:f0:a4:53:36:b4:f6:
                    f2:4e:c0:cc:ce:3a:85:eb:2d:20:aa:a0:4c:b8:a2:
                    29:0d:29:fb:89:f0:b6:dc:9e:13:db:a2:43:19:e7:
                    98:06:5f:4a:6e:90:51:ca:cc:80:8d:6b:92:c7:f8:
                    0a:4c:bb:44:65:88:e2:06:f2:04:12:8e:96:38:7f:
                    93:91:3b:4e:c2:14:63:ab:90:f1:6e:d2:e2:53:be:
                    3c:02:07:6b:69:73:e1:c5:6f:38:95:96:d3:de:cf:
                    cc:81:77:48:26:c7:40:3f:f8:1f:eb:23:8d:c0:4b:
                    a2:0f:4f:db:e5:29:ea:e9:d8:35:a8:50:93:68:56:
                    1c:4b:43:eb:11:98:aa:72:f6:11:e1:43:31:a3:21:
                    9f:17:ff:e0:5c:79:5e:81:9c:f3:ea:bf:1c:61:7a:
                    b5:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:D9:4C:75:0C:13:4B:BC:69:A3:3B:E1:08:27:3B:BC:3E:E5:95:DE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.121.0/24
                  194.113.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:63:53:e3:22:fe:93:e1:dd:85:05:a8:88:83:7d:16:25:7f:
         9c:11:53:13:1d:e3:19:67:f1:57:24:ff:04:3f:99:9c:75:fc:
         c5:be:c0:d1:32:9e:13:ea:1a:bd:3e:6a:43:17:a6:e9:df:ee:
         5e:2c:be:7c:66:e7:01:9c:e8:f1:37:d8:44:5b:ba:4f:7f:5c:
         32:6a:3a:1d:5b:a7:cd:e0:2b:04:09:ac:69:f7:9e:c5:bd:2d:
         98:76:c4:c5:ad:3f:27:70:d5:de:c6:62:12:31:1d:6c:0b:30:
         e6:6d:42:2a:d3:31:5d:4f:a6:4b:85:b8:1b:11:cf:7a:32:07:
         fe:0c:68:2b:a0:27:83:bd:01:c6:61:bc:c1:06:87:1c:04:bc:
         13:b7:f4:21:b4:96:15:d6:50:ef:c6:82:69:02:46:7d:66:df:
         11:46:64:64:59:77:45:01:b1:bf:32:e7:a3:a4:da:9c:68:e5:
         db:9b:94:b0:f4:43:de:61:ef:e3:7e:2c:b1:17:f0:cd:76:ec:
         42:2f:3b:9f:07:4a:0c:8e:82:07:2a:21:4f:54:86:69:9b:6f:
         8d:09:8c:15:df:6c:b5:00:86:48:c4:d0:f0:85:9d:92:3d:d5:
         78:a3:52:c7:3f:ac:20:86:e3:ea:14:49:2a:8b:9f:6e:e3:4b:
         49:e5:ad:ac
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUW752uOgJQpps8TTJ/1gpP5nN5G4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA0MTUwOTAwMTZaFw0yNTA0MTQwOTA1MTZaMDMxMTAvBgNV
BAMTKEJERDk0Qzc1MEMxMzRCQkM2OUEzM0JFMTA4MjczQkJDM0VFNTk1REUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzYDb8EP4Jc/asyDpV21ePZyUm
h7+1XxgK5P12I/ynN9Wa/fMNrz8dKZVMkjbtsLDlv6uRecIM2XxJh+6vl9HYayEj
QBDUEbv+WjLu9k4C0f2TtvQjQRIOldtrQV9/LSq9ufCkUza09vJOwMzOOoXrLSCq
oEy4oikNKfuJ8LbcnhPbokMZ55gGX0pukFHKzICNa5LH+ApMu0RliOIG8gQSjpY4
f5ORO07CFGOrkPFu0uJTvjwCB2tpc+HFbziVltPez8yBd0gmx0A/+B/rI43AS6IP
T9vlKerp2DWoUJNoVhxLQ+sRmKpy9hHhQzGjIZ8X/+BceV6BnPPqvxxherUDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUvdlMdQwTS7xpozvhCCc7vD7lld4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk055
AwQAwnHfMA0GCSqGSIb3DQEBCwUAA4IBAQC8Y1PjIv6T4d2FBaiIg30WJX+cEVMT
HeMZZ/FXJP8EP5mcdfzFvsDRMp4T6hq9PmpDF6bp3+5eLL58ZucBnOjxN9hEW7pP
f1wyajodW6fN4CsECaxp957FvS2YdsTFrT8ncNXexmISMR1sCzDmbUIq0zFdT6ZL
hbgbEc96Mgf+DGgroCeDvQHGYbzBBoccBLwTt/QhtJYV1lDvxoJpAkZ9Zt8RRmRk
WXdFAbG/MuejpNqcaOXbm5Sw9EPeYe/jfiyxF/DNduxCLzufB0oMjoIHKiFPVIZp
m2+NCYwV32y1AIZIxNDwhZ2SPdV4o1LHP6wghuPqFEkqi59u40tJ5a2s
-----END CERTIFICATE-----