Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209466.roa
File:                     AS209466.roa (raw, json)
Hash identifier:          bxBBSI+bohxkbdXBrkK9s5C4V66e+owEXoWzEIR9P2M=
Subject key identifier:   B7:DD:59:1B:F8:4B:6E:9F:F2:AB:62:B4:4D:7C:62:DF:F1:4B:4A:AC
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0781479183F1B0876D14ADB9F4E80D6DB08C0B99
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209466.roa
Signing time:             Sat 01 Mar 2025 15:32:45 +0000
ROA not before:           Sat 01 Mar 2025 15:27:45 +0000
ROA not after:            Sat 28 Feb 2026 15:32:45 +0000
asID:                     209466
IP address blocks:        45.157.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:81:47:91:83:f1:b0:87:6d:14:ad:b9:f4:e8:0d:6d:b0:8c:0b:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  1 15:27:45 2025 GMT
            Not After : Feb 28 15:32:45 2026 GMT
        Subject: CN=B7DD591BF84B6E9FF2AB62B44D7C62DFF14B4AAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c2:7b:74:b2:6c:f3:0e:0c:f7:cf:6a:31:30:
                    c7:ac:1b:96:62:b7:69:79:c8:8b:79:a1:76:80:32:
                    0c:ae:ab:de:51:cc:b0:48:6d:10:94:64:c2:0e:11:
                    8e:8a:6b:ed:1d:48:d5:8a:07:72:28:63:0d:8f:b7:
                    8b:ea:bc:d8:95:c1:b8:09:a8:7e:b7:bc:d2:bf:1f:
                    7b:a0:9f:d6:d3:f6:82:09:05:93:23:31:5e:6c:1e:
                    20:82:c1:95:8d:9c:bd:a0:20:91:a2:8e:a9:cc:4d:
                    27:82:f7:7d:de:27:d5:8c:b9:d2:53:ca:a4:cb:bf:
                    b5:28:7f:04:32:02:9c:b0:f0:35:ed:bf:0f:dd:ea:
                    21:56:ea:d6:fa:a7:c9:23:68:d4:4b:ca:f0:35:b5:
                    15:c5:26:a8:3a:26:76:f5:dc:7a:63:db:b0:9b:cb:
                    75:c8:87:d0:a5:e7:b5:ee:8e:75:ff:4f:ee:1a:4e:
                    3e:2f:26:26:a6:ce:3e:51:54:9b:1c:55:4f:be:1f:
                    16:fd:ee:bc:df:60:64:e6:82:91:86:1c:dc:43:36:
                    7f:70:b7:db:73:c3:7f:26:c4:63:9d:d8:9b:88:7d:
                    8a:d5:b1:17:6d:e2:00:9d:55:29:0e:34:33:f0:40:
                    f3:49:c0:3c:11:cd:d8:8f:15:ca:c7:89:8d:1d:96:
                    d3:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:DD:59:1B:F8:4B:6E:9F:F2:AB:62:B4:4D:7C:62:DF:F1:4B:4A:AC
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS209466.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:de:53:f3:a9:23:97:d5:ed:7c:82:50:4f:27:6c:91:78:1c:
         32:8c:5c:5b:8b:d0:28:e9:0b:8e:c9:94:7a:06:03:16:28:7d:
         85:b5:e0:00:97:08:6d:9d:a4:5e:fd:5c:3f:62:22:52:89:b8:
         a4:fe:ca:fc:7f:cd:4c:72:36:10:ac:d7:96:65:6c:ac:b8:70:
         7b:b3:a9:ca:08:0a:46:20:ad:32:77:4b:20:fb:68:f5:7f:cc:
         9a:c9:e1:8e:64:cd:b7:26:81:06:38:34:4b:27:82:71:c8:7d:
         5c:17:26:10:2d:76:0f:59:79:04:7e:f9:04:59:b9:22:d9:94:
         c3:85:62:8f:e7:71:ad:11:13:97:10:73:e1:a8:91:72:2c:6c:
         a9:22:49:91:16:6e:ae:e9:4f:d8:88:01:1c:5a:f9:d0:f0:d9:
         65:25:10:c8:00:e5:80:7e:1a:ac:68:04:da:23:97:c5:d6:5b:
         c8:02:d7:ce:bf:43:4d:70:51:54:9a:aa:40:5e:22:d2:c2:78:
         a0:3f:2c:be:87:0d:5e:dd:55:e9:5f:6c:6a:3a:05:65:34:e3:
         c1:6f:54:98:c7:d6:ef:12:96:39:c8:fb:3e:ad:9e:fe:51:e0:
         7a:16:00:8c:67:91:52:21:99:f2:bd:87:a3:af:5e:52:91:12:
         c9:32:4c:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB4FHkYPxsIdtFK259OgNbbCMC5kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMDExNTI3NDVaFw0yNjAyMjgxNTMyNDVaMDMxMTAvBgNV
BAMTKEI3REQ1OTFCRjg0QjZFOUZGMkFCNjJCNDREN0M2MkRGRjE0QjRBQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbwnt0smzzDgz3z2oxMMesG5Zi
t2l5yIt5oXaAMgyuq95RzLBIbRCUZMIOEY6Ka+0dSNWKB3IoYw2Pt4vqvNiVwbgJ
qH63vNK/H3ugn9bT9oIJBZMjMV5sHiCCwZWNnL2gIJGijqnMTSeC933eJ9WMudJT
yqTLv7UofwQyApyw8DXtvw/d6iFW6tb6p8kjaNRLyvA1tRXFJqg6Jnb13Hpj27Cb
y3XIh9Cl57XujnX/T+4aTj4vJiamzj5RVJscVU++Hxb97rzfYGTmgpGGHNxDNn9w
t9tzw38mxGOd2JuIfYrVsRdt4gCdVSkONDPwQPNJwDwRzdiPFcrHiY0dltMbAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUt91ZG/hLbp/yq2K0TXxi3/FLSqwwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMjA5NDY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ0Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCi3lPzqSOX1e18glBPJ2yReBwyjFxbi9Ao6QuO
yZR6BgMWKH2FteAAlwhtnaRe/Vw/YiJSibik/sr8f81McjYQrNeWZWysuHB7s6nK
CApGIK0yd0sg+2j1f8yayeGOZM23JoEGODRLJ4JxyH1cFyYQLXYPWXkEfvkEWbki
2ZTDhWKP53GtEROXEHPhqJFyLGypIkmRFm6u6U/YiAEcWvnQ8NllJRDIAOWAfhqs
aATaI5fF1lvIAtfOv0NNcFFUmqpAXiLSwnigPyy+hw1e3VXpX2xqOgVlNOPBb1SY
x9bvEpY5yPs+rZ7+UeB6FgCMZ5FSIZnyvYejr15SkRLJMkxf
-----END CERTIFICATE-----