Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa
File:                     AS207609.roa (raw, json)
Hash identifier:          hvk97FL/d4cnShjH4/p9GUOMFy29lLIsvGBXZprJIS0=
Subject key identifier:   9A:43:5C:C8:84:EC:B9:FD:36:E7:20:78:63:D7:64:C7:AD:07:F2:BE
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       44F0D4C165FCFADE0F033AF82A775CA06BF14756
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa
Signing time:             Fri 23 Aug 2024 08:01:20 +0000
ROA not before:           Fri 23 Aug 2024 07:56:20 +0000
ROA not after:            Fri 22 Aug 2025 08:01:20 +0000
asID:                     207609
IP address blocks:        2a0f:85c1:c080::/41 maxlen: 48
                          2a0f:85c1:c0d0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f0:d4:c1:65:fc:fa:de:0f:03:3a:f8:2a:77:5c:a0:6b:f1:47:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:20 2024 GMT
            Not After : Aug 22 08:01:20 2025 GMT
        Subject: CN=9A435CC884ECB9FD36E7207863D764C7AD07F2BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:65:9e:72:2a:7a:9a:75:ff:60:c3:b4:c7:cb:
                    6b:83:f9:3a:b9:93:a5:23:6f:b5:0f:24:21:2d:a8:
                    fb:61:1a:f7:f4:2e:0f:23:a5:d2:b1:62:2b:98:ed:
                    df:55:eb:80:86:e7:0c:37:ca:b1:d4:22:f4:fa:df:
                    52:51:ee:30:c6:8a:22:da:04:c2:e7:80:e4:d6:f0:
                    24:cf:15:cb:0c:a5:6c:cf:97:33:bf:b0:a8:a1:3d:
                    ba:a5:48:00:5d:4e:94:f0:b5:85:db:5f:04:9f:d8:
                    0f:95:d8:3c:7b:82:4e:8e:11:e8:05:a3:04:f7:66:
                    e5:2f:7e:2b:ba:30:90:78:54:0e:c0:1a:06:c0:65:
                    b1:90:f5:7b:39:ff:4b:45:16:94:88:dd:24:bc:1d:
                    8e:a3:be:81:3c:e1:95:f5:af:3f:bb:33:24:ca:62:
                    7d:be:a4:6f:e9:6a:91:22:96:3f:24:85:0b:32:3d:
                    e9:91:22:1f:d9:a5:8a:64:60:63:23:e0:3a:c0:49:
                    97:88:67:cf:1e:23:38:a4:3e:5a:72:e3:3a:15:cd:
                    ac:08:d2:ae:6f:98:f8:8a:be:d8:2c:89:58:23:0a:
                    0a:10:1c:8f:27:1c:58:15:07:9b:24:c6:1f:43:db:
                    7f:76:6e:d6:fc:07:cd:74:ee:77:dd:85:93:16:a5:
                    01:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:43:5C:C8:84:EC:B9:FD:36:E7:20:78:63:D7:64:C7:AD:07:F2:BE
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS207609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:c080::/41

    Signature Algorithm: sha256WithRSAEncryption
         3c:6c:6e:65:80:57:62:e0:30:e8:e2:48:2a:a8:25:ed:45:96:
         56:2c:29:ce:5e:4a:79:30:a5:4b:6e:06:ec:7a:ce:06:b0:2e:
         ff:f8:58:fc:df:f4:44:5b:d1:32:bf:d8:e3:7c:a6:c6:55:26:
         6d:69:0b:ee:31:c3:35:59:d8:8e:62:a9:12:9c:9a:06:64:4c:
         13:f3:8b:24:02:9c:5e:ce:a5:ae:a7:c3:3d:d2:ce:57:44:32:
         af:03:e5:61:87:90:bb:76:c9:45:9a:3e:ff:70:48:eb:8e:09:
         2f:e2:59:93:d5:6b:27:b4:c6:2a:73:d3:aa:07:1f:4b:0f:a2:
         1c:9b:b5:26:07:64:c0:45:f1:68:a3:51:3c:43:73:56:9c:d0:
         cd:4d:31:53:fe:e5:bb:4e:03:ba:89:85:fa:4f:02:b0:26:93:
         16:10:0d:a4:ad:88:63:08:4e:28:d4:12:f2:2e:31:3f:77:86:
         c8:73:8f:26:7e:6f:3a:9d:19:66:79:25:0c:cf:91:35:11:7b:
         96:69:98:c3:b6:79:55:ac:ea:58:81:58:3d:e7:ab:e1:00:26:
         98:ba:4f:0e:48:e4:27:79:9d:77:f1:7b:5a:79:67:16:10:ef:
         68:fd:7a:45:c2:9f:39:c6:7d:41:ea:c0:7d:a9:8a:ba:b3:f1:
         f9:e1:4f:3e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIURPDUwWX8+t4PAzr4KndcoGvxR1YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjBaFw0yNTA4MjIwODAxMjBaMDMxMTAvBgNV
BAMTKDlBNDM1Q0M4ODRFQ0I5RkQzNkU3MjA3ODYzRDc2NEM3QUQwN0YyQkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwZZ5yKnqadf9gw7THy2uD+Tq5
k6Ujb7UPJCEtqPthGvf0Lg8jpdKxYiuY7d9V64CG5ww3yrHUIvT631JR7jDGiiLa
BMLngOTW8CTPFcsMpWzPlzO/sKihPbqlSABdTpTwtYXbXwSf2A+V2Dx7gk6OEegF
owT3ZuUvfiu6MJB4VA7AGgbAZbGQ9Xs5/0tFFpSI3SS8HY6jvoE84ZX1rz+7MyTK
Yn2+pG/papEilj8khQsyPemRIh/ZpYpkYGMj4DrASZeIZ88eIzikPlpy4zoVzawI
0q5vmPiKvtgsiVgjCgoQHI8nHFgVB5skxh9D2392btb8B8107nfdhZMWpQFJAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUmkNcyITsuf025yB4Y9dkx60H8r4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA3NjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcHKg+F
wcCAMA0GCSqGSIb3DQEBCwUAA4IBAQA8bG5lgFdi4DDo4kgqqCXtRZZWLCnOXkp5
MKVLbgbses4GsC7/+Fj83/REW9Eyv9jjfKbGVSZtaQvuMcM1WdiOYqkSnJoGZEwT
84skApxezqWup8M90s5XRDKvA+Vhh5C7dslFmj7/cEjrjgkv4lmT1WsntMYqc9Oq
Bx9LD6Icm7UmB2TARfFoo1E8Q3NWnNDNTTFT/uW7TgO6iYX6TwKwJpMWEA2krYhj
CE4o1BLyLjE/d4bIc48mfm86nRlmeSUMz5E1EXuWaZjDtnlVrOpYgVg956vhACaY
uk8OSOQneZ138XtaeWcWEO9o/XpFwp85xn1B6sB9qYq6s/H54U8+
-----END CERTIFICATE-----