Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa
File:                     AS209874.roa (raw, json)
Hash identifier:          D+2Y0Uxe5dx+WD7C3pPYXPo/iiy2/3yz4k93x5ODtVY=
Subject key identifier:   E1:E4:DC:35:39:FF:3F:69:45:72:30:31:4A:90:9C:AD:20:7A:31:77
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       47E6A748B2BFB675EECBB95BCF40786BBD8755FF
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa
Signing time:             Thu 04 Sep 2025 02:26:53 +0000
ROA not before:           Thu 04 Sep 2025 02:21:53 +0000
ROA not after:            Thu 03 Sep 2026 02:26:53 +0000
asID:                     209874
IP address blocks:        2a14:7583:4000::/36 maxlen: 48
                          2a14:7583:5000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:e6:a7:48:b2:bf:b6:75:ee:cb:b9:5b:cf:40:78:6b:bd:87:55:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Sep  4 02:21:53 2025 GMT
            Not After : Sep  3 02:26:53 2026 GMT
        Subject: CN=E1E4DC3539FF3F69457230314A909CAD207A3177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:35:d8:fd:f9:92:6b:c5:e0:df:17:c6:68:9a:
                    07:f5:db:a2:9f:7a:2f:f1:07:f7:cd:21:d0:0d:fe:
                    2f:34:77:19:89:2e:2e:c2:a3:d8:c2:53:e1:02:a0:
                    4c:5c:37:f6:15:7b:ec:14:de:66:ef:51:4e:f1:05:
                    58:3e:44:26:67:19:8a:77:23:30:27:81:a8:64:12:
                    bc:c2:eb:83:58:ff:b8:1c:20:42:56:27:35:ef:71:
                    d7:71:45:23:fb:7b:28:03:1b:2b:3e:7a:e5:41:2f:
                    16:52:ad:2f:33:97:76:85:83:0a:6d:2c:d0:c3:5f:
                    79:39:af:4d:40:cd:0a:d4:79:13:a4:59:ec:14:ee:
                    cb:f2:48:22:ec:5a:55:3d:6e:cc:86:f7:f7:a9:ed:
                    29:4d:31:c7:34:11:94:69:02:ce:e3:bc:58:0e:8d:
                    be:14:7c:18:c9:ff:04:8c:05:8c:77:5f:b8:5e:62:
                    f6:40:fb:c2:17:6a:5c:f6:41:2c:08:f6:af:63:c7:
                    97:08:8e:9a:ef:3e:6c:fb:18:1f:60:35:11:dd:66:
                    80:50:63:1f:ab:55:36:6c:b7:2a:19:d5:74:57:78:
                    31:14:8f:db:90:ce:ae:1e:47:19:f7:c6:a0:22:f5:
                    0b:e1:d5:ce:45:b6:27:3d:30:06:88:08:58:53:6c:
                    d6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:E4:DC:35:39:FF:3F:69:45:72:30:31:4A:90:9C:AD:20:7A:31:77
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS209874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:4000::/35

    Signature Algorithm: sha256WithRSAEncryption
         05:cc:f6:0e:65:b1:25:c0:4f:59:9c:9d:d8:c4:70:9b:28:6c:
         d6:33:85:f0:35:89:ab:93:e8:d8:16:35:43:82:e2:ba:7d:f4:
         de:22:54:a6:1c:bf:80:a4:4b:4f:40:f7:83:fb:a2:34:74:5d:
         11:f9:b6:c6:11:db:6b:77:b4:f9:51:e0:44:7b:a7:65:e9:74:
         0d:cb:52:c7:77:3e:77:fa:da:7e:04:b4:3b:a1:8c:e6:e6:6f:
         6b:db:97:34:14:6a:66:14:5a:c5:f1:cc:f1:4a:49:b1:e1:79:
         c2:05:a0:3c:b6:68:eb:16:a4:5d:ab:21:d8:59:ca:ac:70:da:
         4b:ba:55:54:95:98:4c:54:3c:96:d0:a9:80:00:8c:2f:5a:d1:
         5c:c2:3c:dd:6a:8f:86:56:80:e4:03:af:20:c0:83:71:8d:39:
         22:85:1f:ac:6e:e5:a4:07:10:fd:12:46:3a:4e:89:70:c9:bc:
         20:cc:8d:15:a7:5c:94:aa:85:00:4c:f4:af:9d:a2:02:54:c1:
         83:0f:aa:21:76:e9:be:8e:94:de:96:b6:fc:4a:d8:c8:e0:b0:
         ba:ce:cc:94:a6:34:20:0f:c6:bc:f9:c6:1e:9d:28:ee:12:90:
         4e:91:59:18:d7:f4:af:c8:50:27:73:a2:cf:c0:56:48:15:9d:
         e6:a4:83:a3
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUR+anSLK/tnXuy7lbz0B4a72HVf8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA5MDQwMjIxNTNaFw0yNjA5MDMwMjI2NTNaMDMxMTAvBgNV
BAMTKEUxRTREQzM1MzlGRjNGNjk0NTcyMzAzMTRBOTA5Q0FEMjA3QTMxNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNdj9+ZJrxeDfF8Zomgf126Kf
ei/xB/fNIdAN/i80dxmJLi7Co9jCU+ECoExcN/YVe+wU3mbvUU7xBVg+RCZnGYp3
IzAngahkErzC64NY/7gcIEJWJzXvcddxRSP7eygDGys+euVBLxZSrS8zl3aFgwpt
LNDDX3k5r01AzQrUeROkWewU7svySCLsWlU9bsyG9/ep7SlNMcc0EZRpAs7jvFgO
jb4UfBjJ/wSMBYx3X7heYvZA+8IXalz2QSwI9q9jx5cIjprvPmz7GB9gNRHdZoBQ
Yx+rVTZstyoZ1XRXeDEUj9uQzq4eRxn3xqAi9Qvh1c5Ftic9MAaICFhTbNaHAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQU4eTcNTn/P2lFcjAxSpCcrSB6MXcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA5ODc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYFKhR1
g0AwDQYJKoZIhvcNAQELBQADggEBAAXM9g5lsSXAT1mcndjEcJsobNYzhfA1iauT
6NgWNUOC4rp99N4iVKYcv4CkS09A94P7ojR0XRH5tsYR22t3tPlR4ER7p2XpdA3L
Usd3Pnf62n4EtDuhjObmb2vblzQUamYUWsXxzPFKSbHhecIFoDy2aOsWpF2rIdhZ
yqxw2ku6VVSVmExUPJbQqYAAjC9a0VzCPN1qj4ZWgOQDryDAg3GNOSKFH6xu5aQH
EP0SRjpOiXDJvCDMjRWnXJSqhQBM9K+dogJUwYMPqiF26b6OlN6WtvxK2MjgsLrO
zJSmNCAPxrz5xh6dKO4SkE6RWRjX9K/IUCdzos/AVkgVneakg6M=
-----END CERTIFICATE-----