Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS208609.roa
File:                     AS208609.roa (raw, json)
Hash identifier:          WnIX0av7VhO7G2ZWnsQg4SKrFIshFNdJ2sINSvqdLWI=
Subject key identifier:   94:B4:A8:9B:0C:29:9A:07:D9:2B:63:D8:F5:B4:26:95:61:EA:09:D9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4931423E9FEE8DE2B4D454647AF935633585B276
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS208609.roa
Signing time:             Wed 20 May 2026 07:43:03 +0000
ROA not before:           Wed 20 May 2026 07:38:03 +0000
ROA not after:            Wed 19 May 2027 07:43:03 +0000
asID:                     208609
IP address blocks:        2a14:7583:eff8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:31:42:3e:9f:ee:8d:e2:b4:d4:54:64:7a:f9:35:63:35:85:b2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 20 07:38:03 2026 GMT
            Not After : May 19 07:43:03 2027 GMT
        Subject: CN=94B4A89B0C299A07D92B63D8F5B4269561EA09D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f9:06:36:14:df:a1:fc:f7:33:a0:7b:89:b2:
                    32:bf:d5:33:f0:a5:fa:93:66:2e:4b:b7:d1:ad:88:
                    9c:af:b0:af:69:e9:15:19:06:13:16:fb:28:5a:db:
                    8f:9d:57:ac:0e:41:36:a5:eb:89:d0:d4:ea:e2:a4:
                    ea:ce:8e:37:bf:b2:67:80:7d:a2:82:9a:db:69:1d:
                    c9:72:17:6e:fd:4e:dd:87:84:44:d5:f6:cc:ed:24:
                    4f:87:83:85:32:16:96:c7:9b:a5:38:64:a2:da:72:
                    9c:6f:7c:8a:f9:14:0b:94:50:a2:78:55:da:d7:5a:
                    b6:56:7c:64:2b:61:ed:ec:c1:8e:05:46:b1:ad:9a:
                    e8:fb:f3:23:91:93:24:00:c6:8e:bb:dc:01:35:85:
                    fa:8b:11:06:00:f5:4d:92:f3:54:d6:ef:f4:be:8b:
                    4f:41:c2:c3:fd:4b:67:5a:5c:21:5b:f3:80:d5:07:
                    9b:ff:95:c6:77:76:70:e2:cc:a8:18:43:95:5d:a7:
                    33:88:37:69:32:ef:4d:d9:ad:f7:1d:a9:47:37:e6:
                    ab:81:11:ac:c8:5f:f0:47:51:ad:95:29:40:51:f4:
                    ca:03:b3:52:b3:27:f6:69:aa:d2:7f:f0:e2:df:46:
                    bf:39:63:ea:8c:5c:3e:d1:62:20:f1:31:0a:29:1d:
                    3c:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B4:A8:9B:0C:29:9A:07:D9:2B:63:D8:F5:B4:26:95:61:EA:09:D9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS208609.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:eff8::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:08:e0:99:9f:ac:ce:7e:77:5f:c1:79:f7:15:e5:db:a9:06:
         40:9d:74:e4:f4:81:a6:51:66:cf:aa:dd:f7:f7:f1:af:be:6c:
         63:e2:e2:d7:a0:03:82:2c:7b:bf:63:a2:b5:41:b8:bd:65:d8:
         75:4f:8c:81:ba:89:13:31:42:55:9f:8b:0f:1d:4b:56:6c:e5:
         e2:c1:43:d7:a6:c9:29:28:4c:1b:53:08:a6:39:0d:c7:6b:47:
         fb:ba:60:84:8a:fa:ee:5b:bc:ce:ba:e5:a1:95:b9:be:ee:71:
         7e:09:17:92:24:2a:35:35:07:78:df:1f:15:54:b2:2d:d9:13:
         3f:74:da:42:13:bc:75:70:7f:ff:14:c3:de:ae:6c:26:d8:04:
         b1:e4:75:6b:93:49:a7:4e:32:ae:2b:12:4f:1a:c0:a3:9e:89:
         32:51:2b:76:44:c4:be:12:ce:c0:7b:b3:dc:99:5c:ee:cb:da:
         f3:c1:24:ed:b1:e1:ea:ad:d4:3e:a2:ad:7f:3b:dd:cc:21:58:
         0a:3e:08:e0:be:aa:f3:a1:f6:9e:55:13:98:0e:4c:e6:a2:6c:
         7b:86:37:28:71:fa:08:08:b4:af:92:d3:2f:c2:69:88:2b:e0:
         44:f8:81:9c:81:b0:d1:36:3c:f8:7f:21:92:7f:b3:05:0f:c2:
         23:91:fb:69
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUSTFCPp/ujeK01FRkevk1YzWFsnYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MjAwNzM4MDNaFw0yNzA1MTkwNzQzMDNaMDMxMTAvBgNV
BAMTKDk0QjRBODlCMEMyOTlBMDdEOTJCNjNEOEY1QjQyNjk1NjFFQTA5RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCa+QY2FN+h/PczoHuJsjK/1TPw
pfqTZi5Lt9GtiJyvsK9p6RUZBhMW+yha24+dV6wOQTal64nQ1OripOrOjje/smeA
faKCmttpHclyF279Tt2HhETV9sztJE+Hg4UyFpbHm6U4ZKLacpxvfIr5FAuUUKJ4
VdrXWrZWfGQrYe3swY4FRrGtmuj78yORkyQAxo673AE1hfqLEQYA9U2S81TW7/S+
i09BwsP9S2daXCFb84DVB5v/lcZ3dnDizKgYQ5VdpzOIN2ky703ZrfcdqUc35quB
EazIX/BHUa2VKUBR9MoDs1KzJ/ZpqtJ/8OLfRr85Y+qMXD7RYiDxMQopHTz5AgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUlLSomwwpmgfZK2PY9bQmlWHqCdkwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA4NjA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhR1
g+/4MA0GCSqGSIb3DQEBCwUAA4IBAQADCOCZn6zOfndfwXn3FeXbqQZAnXTk9IGm
UWbPqt339/Gvvmxj4uLXoAOCLHu/Y6K1Qbi9Zdh1T4yBuokTMUJVn4sPHUtWbOXi
wUPXpskpKEwbUwimOQ3Ha0f7umCEivruW7zOuuWhlbm+7nF+CReSJCo1NQd43x8V
VLIt2RM/dNpCE7x1cH//FMPermwm2ASx5HVrk0mnTjKuKxJPGsCjnokyUSt2RMS+
Es7Ae7PcmVzuy9rzwSTtseHqrdQ+oq1/O93MIVgKPgjgvqrzofaeVROYDkzmomx7
hjcocfoICLSvktMvwmmIK+BE+IGcgbDRNjz4fyGSf7MFD8Ijkftp
-----END CERTIFICATE-----