Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209188.roa
File:                     AS209188.roa (raw, json)
Hash identifier:          zHOAL+RuY48q+k7LJeFRE9QvWNnWi1N9SSUKQriOcUE=
Subject key identifier:   85:81:F8:91:52:60:F1:0F:35:E0:C0:20:7D:99:FC:9E:40:55:B7:93
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0D4A0F96ADB363C3BDB30F2FCC07D1AF9EF6D89C
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209188.roa
Signing time:             Fri 23 Aug 2024 08:01:14 +0000
ROA not before:           Fri 23 Aug 2024 07:56:14 +0000
ROA not after:            Fri 22 Aug 2025 08:01:14 +0000
asID:                     209188
IP address blocks:        2a0f:85c1:200::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0d:4a:0f:96:ad:b3:63:c3:bd:b3:0f:2f:cc:07:d1:af:9e:f6:d8:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:14 2024 GMT
            Not After : Aug 22 08:01:14 2025 GMT
        Subject: CN=8581F8915260F10F35E0C0207D99FC9E4055B793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:17:e9:d5:6e:02:87:73:cb:c3:c5:44:41:4a:
                    23:0d:05:39:12:16:5a:1a:0d:c7:1d:f7:29:ff:66:
                    96:f7:6d:f2:29:f5:aa:32:39:7d:0e:5b:fc:5e:bf:
                    ae:0c:18:c4:f5:96:94:61:4b:2c:70:28:18:02:e2:
                    8c:d5:a6:02:4f:f1:35:ee:b1:30:38:ef:19:87:e6:
                    17:2e:45:3e:82:97:94:fb:90:d0:7b:18:fa:8b:99:
                    7a:4a:29:28:a6:ff:e1:a6:3b:a8:76:dd:3c:24:f2:
                    35:a5:b3:af:22:0d:95:94:a9:e5:c0:22:b6:48:4b:
                    18:0f:ac:c2:83:af:fb:47:2a:b6:3d:e6:c7:c2:5e:
                    d9:fc:a9:67:36:20:ba:78:ea:19:42:e4:b4:8d:4b:
                    78:12:f7:06:21:09:93:b7:9b:55:46:82:48:03:70:
                    31:ee:47:42:ce:7b:31:9a:7b:cd:2f:5a:e5:66:b5:
                    97:bf:69:83:04:eb:c2:f3:aa:4c:3e:08:7a:a9:5f:
                    73:a1:1f:70:d4:92:85:8f:86:f8:c5:24:56:e8:e7:
                    6e:c2:b8:87:e9:4f:9b:57:ee:57:b3:25:eb:3a:22:
                    38:78:06:ad:b3:62:df:ac:ba:70:c7:d8:bc:05:b1:
                    87:88:12:10:3b:a9:75:63:7b:5f:b3:1a:d8:f5:a0:
                    ad:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:81:F8:91:52:60:F1:0F:35:E0:C0:20:7D:99:FC:9E:40:55:B7:93
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209188.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:200::/44

    Signature Algorithm: sha256WithRSAEncryption
         95:cb:ee:7b:a2:d4:65:a6:0e:83:b1:8b:1f:77:e5:35:58:26:
         23:b1:17:09:6c:a0:7f:2a:e8:ee:a7:71:34:6e:ad:ce:6d:3a:
         7d:bf:e2:ae:4a:21:c2:4a:d9:e1:52:a5:cc:a5:8a:44:0b:eb:
         f7:04:c3:5e:2f:fc:ec:03:f0:92:69:0c:45:c1:63:fb:9f:f3:
         ef:8f:70:9e:90:00:c7:61:ce:20:7f:7d:5c:0f:be:63:12:9c:
         02:3c:20:ec:6c:65:59:44:31:b0:d4:f6:b2:9c:74:3d:63:dd:
         97:fd:35:ad:62:97:0b:7e:8c:a4:a2:93:3b:2e:43:26:0d:72:
         b2:fb:3d:47:f0:f8:a7:74:7d:76:a4:f4:96:e8:d3:8a:58:9e:
         1c:51:d7:a9:75:74:f4:d2:5b:07:d8:b1:29:b2:78:f7:9c:10:
         aa:e3:10:76:20:03:2c:25:35:e9:18:51:c0:82:7b:90:00:6d:
         fc:99:88:4d:e5:cb:fe:aa:34:7f:ae:c0:b5:55:0d:4a:34:d3:
         5d:13:df:7b:ca:58:72:fd:56:28:7b:aa:96:31:dd:84:81:df:
         75:07:9e:42:ef:31:0a:52:44:43:dc:3e:02:6e:fd:17:de:57:
         fa:af:86:2f:5a:15:c0:44:af:c3:a6:59:17:4a:11:b4:ae:10:
         bd:59:b3:28
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUDUoPlq2zY8O9sw8vzAfRr5722JwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MTRaFw0yNTA4MjIwODAxMTRaMDMxMTAvBgNV
BAMTKDg1ODFGODkxNTI2MEYxMEYzNUUwQzAyMDdEOTlGQzlFNDA1NUI3OTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/F+nVbgKHc8vDxURBSiMNBTkS
FloaDccd9yn/Zpb3bfIp9aoyOX0OW/xev64MGMT1lpRhSyxwKBgC4ozVpgJP8TXu
sTA47xmH5hcuRT6Cl5T7kNB7GPqLmXpKKSim/+GmO6h23Twk8jWls68iDZWUqeXA
IrZISxgPrMKDr/tHKrY95sfCXtn8qWc2ILp46hlC5LSNS3gS9wYhCZO3m1VGgkgD
cDHuR0LOezGae80vWuVmtZe/aYME68Lzqkw+CHqpX3OhH3DUkoWPhvjFJFbo527C
uIfpT5tX7lezJes6Ijh4Bq2zYt+sunDH2LwFsYeIEhA7qXVje1+zGtj1oK1VAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhYH4kVJg8Q814MAgfZn8nkBVt5MwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5MTg4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQIAMA0GCSqGSIb3DQEBCwUAA4IBAQCVy+57otRlpg6DsYsfd+U1WCYjsRcJbKB/
Kujup3E0bq3ObTp9v+KuSiHCStnhUqXMpYpEC+v3BMNeL/zsA/CSaQxFwWP7n/Pv
j3CekADHYc4gf31cD75jEpwCPCDsbGVZRDGw1PaynHQ9Y92X/TWtYpcLfoykopM7
LkMmDXKy+z1H8PindH12pPSW6NOKWJ4cUdepdXT00lsH2LEpsnj3nBCq4xB2IAMs
JTXpGFHAgnuQAG38mYhN5cv+qjR/rsC1VQ1KNNNdE997ylhy/VYoe6qWMd2Egd91
B55C7zEKUkRD3D4Cbv0X3lf6r4YvWhXARK/DplkXShG0rhC9WbMo
-----END CERTIFICATE-----