Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
File:                     AS209242.roa (raw, json)
Hash identifier:          DNs1q3La+KUy1RuDQo7DjaXWZbsHUrMC0kL3jk106Sk=
Subject key identifier:   EA:43:9E:57:7F:27:FD:6D:FC:1A:D3:A3:77:D4:D0:EC:1D:4F:02:90
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       49729989DA44A1FF3BB117C634778C5B0CCD02B5
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa
Signing time:             Tue 25 Jun 2024 10:12:46 +0000
ROA not before:           Tue 25 Jun 2024 10:07:46 +0000
ROA not after:            Tue 24 Jun 2025 10:12:46 +0000
asID:                     209242
IP address blocks:        45.153.7.0/24 maxlen: 24
                          147.78.121.0/24 maxlen: 24
                          194.113.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:72:99:89:da:44:a1:ff:3b:b1:17:c6:34:77:8c:5b:0c:cd:02:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jun 25 10:07:46 2024 GMT
            Not After : Jun 24 10:12:46 2025 GMT
        Subject: CN=EA439E577F27FD6DFC1AD3A377D4D0EC1D4F0290
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6d:32:85:6c:ad:51:df:71:d8:85:a9:1a:35:
                    92:41:c7:78:2d:17:c9:8f:1d:b0:f1:ce:a7:bf:67:
                    48:5b:40:17:4a:21:51:d8:46:a5:a2:5b:be:63:00:
                    e7:21:b5:fd:94:02:fe:57:3c:86:63:01:79:e0:a4:
                    d0:48:11:27:42:61:0b:6d:e3:4d:3a:d0:9d:2e:b8:
                    cb:9e:4f:df:45:87:91:07:08:4f:5d:67:66:fd:d5:
                    96:f1:1f:eb:63:6b:54:b2:c5:1f:eb:d0:66:4a:b3:
                    1f:3c:b2:6e:eb:5e:90:c2:71:eb:b6:c2:01:7f:7c:
                    4f:8b:ba:88:c9:98:e9:06:95:e3:63:8c:20:2e:32:
                    9e:73:75:a1:f1:16:4b:3a:0f:4b:42:5d:3a:dd:fe:
                    f0:13:6c:14:c6:66:26:a2:d6:d5:32:ff:e1:f9:b0:
                    b5:5f:af:53:2e:63:25:ed:cd:60:39:64:2f:4c:c9:
                    b0:ca:2f:11:77:47:5d:37:2f:ee:2f:e7:a2:8d:65:
                    09:db:b5:7c:8b:39:79:6a:41:46:7b:26:ba:34:56:
                    fe:04:7c:c3:08:62:23:d8:e5:6e:ff:63:4e:94:99:
                    c7:20:cc:32:ad:4d:0d:e6:18:aa:e0:35:74:cc:6c:
                    47:9b:53:88:ca:c8:90:17:9b:be:da:a7:3a:3f:16:
                    39:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:43:9E:57:7F:27:FD:6D:FC:1A:D3:A3:77:D4:D0:EC:1D:4F:02:90
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209242.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.7.0/24
                  147.78.121.0/24
                  194.113.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:19:96:ff:c7:21:ea:4f:07:5c:e4:94:03:58:08:73:fc:b7:
         81:62:e0:4f:a6:37:1d:94:a4:77:48:b8:1e:eb:36:1a:89:a8:
         06:46:dd:8f:42:59:d6:f6:d3:d1:cc:41:27:a6:fc:09:32:ff:
         6a:ec:b5:27:8e:b4:de:8c:23:04:9a:e1:0b:d9:2b:84:53:21:
         5a:95:22:6c:fe:4d:60:68:15:0d:f7:de:89:20:f1:a0:41:36:
         af:82:21:b8:06:6c:90:21:6b:46:84:cb:5c:ce:c2:93:58:e2:
         f6:2e:88:5a:cd:79:46:69:2d:c0:b0:09:3e:15:69:ac:29:56:
         95:5f:2e:e3:69:a8:86:2f:63:d4:cd:43:45:fe:c1:92:8a:90:
         83:71:b4:f2:42:ce:23:90:4e:c3:fe:ec:c9:5d:4a:df:91:2c:
         eb:ae:5e:d9:1a:8c:63:85:17:0f:99:32:a4:e9:43:08:cf:0b:
         67:c3:e3:93:b7:2f:51:ba:48:02:ee:d9:22:c5:bd:27:80:e6:
         1c:a2:62:89:bc:09:bb:86:b5:cc:d5:c0:35:59:ca:ba:9b:58:
         1f:5e:14:d0:a2:1b:7a:d8:87:a1:d3:dc:d1:11:2a:e6:b9:dc:
         c1:70:c6:b5:a1:47:19:47:3b:fa:bb:f5:72:b4:06:bc:5a:35:
         6b:ed:48:55
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUSXKZidpEof87sRfGNHeMWwzNArUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA2MjUxMDA3NDZaFw0yNTA2MjQxMDEyNDZaMDMxMTAvBgNV
BAMTKEVBNDM5RTU3N0YyN0ZENkRGQzFBRDNBMzc3RDREMEVDMUQ0RjAyOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkbTKFbK1R33HYhakaNZJBx3gt
F8mPHbDxzqe/Z0hbQBdKIVHYRqWiW75jAOchtf2UAv5XPIZjAXngpNBIESdCYQtt
40060J0uuMueT99Fh5EHCE9dZ2b91ZbxH+tja1SyxR/r0GZKsx88sm7rXpDCceu2
wgF/fE+LuojJmOkGleNjjCAuMp5zdaHxFks6D0tCXTrd/vATbBTGZiai1tUy/+H5
sLVfr1MuYyXtzWA5ZC9MybDKLxF3R103L+4v56KNZQnbtXyLOXlqQUZ7Jro0Vv4E
fMMIYiPY5W7/Y06UmccgzDKtTQ3mGKrgNXTMbEebU4jKyJAXm77apzo/Fjl1AgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU6kOeV38n/W38GtOjd9TQ7B1PApAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA5MjQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZkH
AwQAk055AwQAwnHfMA0GCSqGSIb3DQEBCwUAA4IBAQBIGZb/xyHqTwdc5JQDWAhz
/LeBYuBPpjcdlKR3SLge6zYaiagGRt2PQlnW9tPRzEEnpvwJMv9q7LUnjrTejCME
muEL2SuEUyFalSJs/k1gaBUN996JIPGgQTavgiG4BmyQIWtGhMtczsKTWOL2Loha
zXlGaS3AsAk+FWmsKVaVXy7jaaiGL2PUzUNF/sGSipCDcbTyQs4jkE7D/uzJXUrf
kSzrrl7ZGoxjhRcPmTKk6UMIzwtnw+OTty9RukgC7tkixb0ngOYcomKJvAm7hrXM
1cA1Wcq6m1gfXhTQoht62Ieh09zRESrmudzBcMa1oUcZRzv6u/VytAa8WjVr7UhV
-----END CERTIFICATE-----