Route Origin Authorization 

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209267.roa
File:                     AS209267.roa (raw, json)
Hash identifier:          yP63LmuSwmLnhi53xc+wHijvauhA5ioUqErVgeezzd4=
Subject key identifier:   ED:C6:9F:F8:7C:C7:3F:40:A6:F1:80:B4:02:86:0E:92:78:17:04:4B
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       3C217DE36623C672248D872B4F631F00BF77A62B
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209267.roa
Signing time:             Fri 23 Aug 2024 08:01:23 +0000
ROA not before:           Fri 23 Aug 2024 07:56:23 +0000
ROA not after:            Fri 22 Aug 2025 08:01:23 +0000
asID:                     209267
IP address blocks:        2a0f:85c1:70::/44 maxlen: 44
                          2a0f:85c1:70::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:21:7d:e3:66:23:c6:72:24:8d:87:2b:4f:63:1f:00:bf:77:a6:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:23 2024 GMT
            Not After : Aug 22 08:01:23 2025 GMT
        Subject: CN=EDC69FF87CC73F40A6F180B402860E927817044B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:86:63:6e:20:a7:67:de:23:06:4a:da:18:c8:
                    3c:e8:90:f2:50:d0:8b:c7:93:b3:80:ad:98:af:fa:
                    ed:8f:ef:37:be:03:6c:b9:fa:59:85:85:8d:5b:de:
                    0f:21:95:9b:43:df:4e:2f:c5:64:c3:2e:67:87:c8:
                    a6:3d:14:f7:e7:4f:d8:62:48:07:a2:80:f6:34:d5:
                    3b:f3:80:f0:a3:05:a7:ca:8b:5a:f3:62:4e:98:e4:
                    ad:94:b5:64:c5:34:92:c5:02:78:fd:e0:43:16:b0:
                    ca:43:31:b8:37:db:aa:f4:ac:a0:04:e0:dc:61:95:
                    52:99:e8:5b:bd:b2:8b:01:9b:4a:c0:dd:c8:a0:e6:
                    9c:08:a6:ae:e3:f0:02:bd:ad:17:d2:0c:12:c2:9b:
                    42:47:54:fa:06:d2:50:d4:5a:49:52:e4:a7:48:5a:
                    d5:0c:00:fb:98:74:c4:31:2e:da:dd:6f:22:fc:74:
                    a8:13:d7:67:b5:71:6f:45:20:c7:e4:e3:86:33:e2:
                    a3:d0:14:a5:f5:d6:52:2a:15:23:4a:e9:0d:e6:cf:
                    63:91:91:84:a2:a4:0d:6f:44:2b:63:2b:35:c8:8b:
                    56:99:db:45:c3:b8:02:e6:a2:3f:2b:da:31:18:f6:
                    92:4d:01:ae:96:64:bf:66:8b:eb:d6:7d:9b:46:74:
                    96:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C6:9F:F8:7C:C7:3F:40:A6:F1:80:B4:02:86:0E:92:78:17:04:4B
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209267.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:70::/44

    Signature Algorithm: sha256WithRSAEncryption
         d7:a3:82:1a:fd:58:54:cb:17:26:91:af:ae:fb:1f:6f:3c:73:
         4a:67:32:c1:db:1e:15:b3:f6:2c:66:34:78:5d:6c:63:51:8b:
         aa:2b:96:6d:eb:2d:cd:ec:50:2d:12:54:06:5f:93:94:73:6a:
         53:af:5d:1f:77:15:0b:dc:5b:81:0b:25:aa:89:d3:a2:5c:0a:
         12:7a:62:0f:f0:f5:26:23:b2:a0:26:ea:2b:ca:5d:7a:8c:62:
         a9:20:27:bf:6d:5b:29:13:e3:26:f4:27:51:60:ef:b9:02:b7:
         da:f8:28:81:c3:65:23:52:d4:05:18:c2:d5:0b:61:f1:f9:e3:
         38:54:b1:e6:0c:d9:df:14:79:89:94:a1:cc:b0:d1:0d:28:39:
         e4:92:6f:7c:d6:a1:0d:70:9e:9b:95:d3:28:89:d6:05:f7:27:
         0a:b6:ea:5f:d3:88:0e:b2:4e:49:11:a0:dc:ee:d3:26:60:20:
         40:d7:43:57:ed:68:00:c9:cd:76:4b:24:cb:0b:03:46:f1:15:
         e0:3e:2c:12:51:8c:7b:0a:d4:53:78:7c:94:c9:29:96:32:75:
         5d:f1:cd:45:96:8e:c1:2c:58:65:a6:b7:a0:c4:18:f6:14:3c:
         cf:fd:60:14:16:52:0a:31:72:d9:19:2d:9b:79:b4:9a:f7:3e:
         47:05:9b:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUPCF942YjxnIkjYcrT2MfAL93piswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjNaFw0yNTA4MjIwODAxMjNaMDMxMTAvBgNV
BAMTKEVEQzY5RkY4N0NDNzNGNDBBNkYxODBCNDAyODYwRTkyNzgxNzA0NEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwhmNuIKdn3iMGStoYyDzokPJQ
0IvHk7OArZiv+u2P7ze+A2y5+lmFhY1b3g8hlZtD304vxWTDLmeHyKY9FPfnT9hi
SAeigPY01TvzgPCjBafKi1rzYk6Y5K2UtWTFNJLFAnj94EMWsMpDMbg326r0rKAE
4NxhlVKZ6Fu9sosBm0rA3cig5pwIpq7j8AK9rRfSDBLCm0JHVPoG0lDUWklS5KdI
WtUMAPuYdMQxLtrdbyL8dKgT12e1cW9FIMfk44Yz4qPQFKX11lIqFSNK6Q3mz2OR
kYSipA1vRCtjKzXIi1aZ20XDuALmoj8r2jEY9pJNAa6WZL9mi+vWfZtGdJYdAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQU7caf+HzHP0Cm8YC0AoYOkngXBEswHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5MjY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg+F
wQBwMA0GCSqGSIb3DQEBCwUAA4IBAQDXo4Ia/VhUyxcmka+u+x9vPHNKZzLB2x4V
s/YsZjR4XWxjUYuqK5Zt6y3N7FAtElQGX5OUc2pTr10fdxUL3FuBCyWqidOiXAoS
emIP8PUmI7KgJuoryl16jGKpICe/bVspE+Mm9CdRYO+5Arfa+CiBw2UjUtQFGMLV
C2Hx+eM4VLHmDNnfFHmJlKHMsNENKDnkkm981qENcJ6bldMoidYF9ycKtupf04gO
sk5JEaDc7tMmYCBA10NX7WgAyc12SyTLCwNG8RXgPiwSUYx7CtRTeHyUySmWMnVd
8c1Flo7BLFhlpregxBj2FDzP/WAUFlIKMXLZGS2bebSa9z5HBZsv
-----END CERTIFICATE-----
Generated at Thu Sep 19 13:52:02 2024 by rpki-client on console-fra.rpki-client.org