Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209507.roa
File:                     AS209507.roa (raw, json)
Hash identifier:          M4yq+ErJMZbNfOK5JLJQGn2swA7fGovW+jZFK0F9DDc=
Subject key identifier:   B4:29:3B:5D:CF:9A:E6:5A:A8:1B:A7:BA:BD:A5:A8:B9:0F:2C:63:54
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2EA1998C017F9BC28BA7DC4A7540CE7584A1B925
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209507.roa
Signing time:             Fri 15 Nov 2024 23:35:39 +0000
ROA not before:           Fri 15 Nov 2024 23:30:39 +0000
ROA not after:            Fri 14 Nov 2025 23:35:39 +0000
asID:                     209507
IP address blocks:        2a0f:85c1:25::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:a1:99:8c:01:7f:9b:c2:8b:a7:dc:4a:75:40:ce:75:84:a1:b9:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Nov 15 23:30:39 2024 GMT
            Not After : Nov 14 23:35:39 2025 GMT
        Subject: CN=B4293B5DCF9AE65AA81BA7BABDA5A8B90F2C6354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:a8:97:c3:19:15:9b:55:58:85:30:e5:e9:df:
                    ac:d8:22:3c:74:e5:c3:f6:f1:80:26:9e:2c:26:20:
                    e0:c3:cd:c0:d6:ca:ba:c6:cb:db:c7:57:3e:99:2e:
                    4c:51:bf:4d:0e:72:b9:05:99:77:4b:17:2f:d8:f9:
                    4c:55:c7:0a:bb:23:81:e8:e5:9f:dd:da:df:fb:c1:
                    cb:7d:dd:5b:43:25:6d:2a:d4:17:8a:4e:23:1b:2d:
                    70:74:57:86:88:64:10:22:51:ca:ba:fd:28:33:b6:
                    7c:09:ba:a2:7c:c9:35:2c:55:1c:95:21:be:d4:da:
                    9e:dd:54:a1:12:ca:3f:c8:3c:20:84:37:fb:23:2e:
                    b0:ba:23:47:1d:9d:30:80:e5:9c:73:12:9e:1d:bd:
                    5a:17:1e:f4:d3:f2:2a:b6:a9:da:1b:fb:40:a7:11:
                    e8:53:77:79:4f:49:8b:89:2d:3b:12:06:be:cc:47:
                    84:8d:92:bf:98:59:83:9c:07:49:43:13:8f:68:18:
                    28:33:a8:04:da:73:33:c3:03:e4:f5:67:e8:a7:a5:
                    3e:f6:ff:f2:f2:00:4a:39:d9:a7:b0:fb:10:fd:c0:
                    69:63:f6:76:f3:50:57:1d:12:df:a6:b0:db:f3:c6:
                    13:36:83:e9:5e:05:d6:a5:79:cd:b4:e3:e6:8b:26:
                    b5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:29:3B:5D:CF:9A:E6:5A:A8:1B:A7:BA:BD:A5:A8:B9:0F:2C:63:54
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS209507.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:25::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:3a:d6:16:28:01:cd:5a:75:1b:ff:8d:16:03:e7:f3:f8:d2:
         01:2d:78:3b:d0:7d:78:56:80:32:f0:fb:3a:bd:df:ab:6f:09:
         63:71:1f:6b:79:ff:67:a6:56:0c:73:7c:f2:fe:a1:07:3b:99:
         bc:c9:a5:6f:a1:76:b2:ee:3a:e3:0b:f4:ab:f1:ee:9b:7c:12:
         3e:05:cb:8a:ff:ba:33:06:58:fa:cf:70:29:af:69:ae:87:3b:
         6b:79:75:14:35:d5:40:1e:d0:73:c0:95:11:86:3a:cd:04:0d:
         f1:9d:90:1a:1e:c0:94:61:81:55:81:a1:a6:c5:71:0b:71:03:
         cf:76:69:59:38:c2:d0:32:ef:f7:c0:53:6e:c9:c4:f0:cf:f0:
         27:7e:db:ab:3f:78:9d:b9:3c:26:d8:58:95:dd:37:58:54:56:
         04:93:d3:09:1e:4b:02:53:e2:83:6e:6b:35:5e:32:46:fc:61:
         a9:e1:7f:cb:50:e8:b4:c0:42:27:77:eb:6d:66:fa:aa:55:92:
         d7:4c:43:46:b1:9c:e9:ad:20:3e:88:d6:0d:c1:bd:88:4d:0d:
         a1:35:fd:3f:9e:47:61:d5:0f:64:d6:3a:19:86:dd:47:29:cd:
         7e:20:d1:0d:ea:1a:5d:82:96:89:8d:6b:49:e6:0e:d9:c4:6f:
         8a:8c:61:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIULqGZjAF/m8KLp9xKdUDOdYShuSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDExMTUyMzMwMzlaFw0yNTExMTQyMzM1MzlaMDMxMTAvBgNV
BAMTKEI0MjkzQjVEQ0Y5QUU2NUFBODFCQTdCQUJEQTVBOEI5MEYyQzYzNTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDwqJfDGRWbVViFMOXp36zYIjx0
5cP28YAmniwmIODDzcDWyrrGy9vHVz6ZLkxRv00OcrkFmXdLFy/Y+UxVxwq7I4Ho
5Z/d2t/7wct93VtDJW0q1BeKTiMbLXB0V4aIZBAiUcq6/SgztnwJuqJ8yTUsVRyV
Ib7U2p7dVKESyj/IPCCEN/sjLrC6I0cdnTCA5ZxzEp4dvVoXHvTT8iq2qdob+0Cn
EehTd3lPSYuJLTsSBr7MR4SNkr+YWYOcB0lDE49oGCgzqATaczPDA+T1Z+inpT72
//LyAEo52aew+xD9wGlj9nbzUFcdEt+msNvzxhM2g+leBdalec204+aLJrUpAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUtCk7Xc+a5lqoG6e6vaWouQ8sY1QwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA5NTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAlMA0GCSqGSIb3DQEBCwUAA4IBAQB7OtYWKAHNWnUb/40WA+fz+NIBLXg70H14
VoAy8Ps6vd+rbwljcR9ref9nplYMc3zy/qEHO5m8yaVvoXay7jrjC/Sr8e6bfBI+
BcuK/7ozBlj6z3Apr2muhztreXUUNdVAHtBzwJURhjrNBA3xnZAaHsCUYYFVgaGm
xXELcQPPdmlZOMLQMu/3wFNuycTwz/AnfturP3iduTwm2FiV3TdYVFYEk9MJHksC
U+KDbms1XjJG/GGp4X/LUOi0wEInd+ttZvqqVZLXTENGsZzprSA+iNYNwb2ITQ2h
Nf0/nkdh1Q9k1joZht1HKc1+INEN6hpdgpaJjWtJ5g7ZxG+KjGEa
-----END CERTIFICATE-----