Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa
File:                     AS209474.roa (raw, json)
Hash identifier:          gsFSSDvKnRNuxuGkLE8Bhbz07uLX4Bh8jKS/s3EEroo=
Subject key identifier:   81:A1:F3:2E:C3:CB:3A:55:E4:4F:85:C8:74:04:E8:25:DA:B7:F9:32
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       7D6FC6466C6834C4AFFC9130AA878B979F07383E
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa
Signing time:             Wed 15 Jan 2025 16:37:37 +0000
ROA not before:           Wed 15 Jan 2025 16:32:37 +0000
ROA not after:            Wed 14 Jan 2026 16:37:37 +0000
asID:                     209474
IP address blocks:        193.17.6.0/24 maxlen: 24
                          193.111.78.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:6f:c6:46:6c:68:34:c4:af:fc:91:30:aa:87:8b:97:9f:07:38:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Jan 15 16:32:37 2025 GMT
            Not After : Jan 14 16:37:37 2026 GMT
        Subject: CN=81A1F32EC3CB3A55E44F85C87404E825DAB7F932
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:19:56:78:ea:39:47:27:96:89:a8:4c:ac:b5:
                    2c:43:17:71:4f:7d:b0:de:4f:c4:d7:43:1b:85:d1:
                    fd:6b:ea:eb:fe:5e:ac:7d:80:0f:fa:2c:dc:62:fd:
                    f3:4c:6f:37:57:54:bb:54:38:82:fc:c5:24:fa:6f:
                    48:5a:ea:fb:a6:9b:98:a1:c5:ec:75:a5:f4:c8:40:
                    42:a8:35:6c:d6:9f:87:1f:be:9f:67:68:4d:f8:9c:
                    80:81:c4:d9:cf:47:fd:92:f7:3d:4c:7b:e0:26:d8:
                    e0:be:ca:88:ea:8f:13:38:74:18:60:be:3c:ea:ab:
                    b4:f9:90:0a:dc:63:a4:bd:13:55:f0:93:39:57:9d:
                    2e:25:d4:28:4a:31:1b:01:25:0c:f8:fe:43:e5:de:
                    4f:95:d6:8a:4d:a7:09:e6:92:86:b2:21:c5:d5:0c:
                    06:47:34:37:52:4c:9e:81:a1:5f:8b:32:b9:3a:f1:
                    f4:3e:99:d1:9e:f6:8f:d1:4b:1a:88:8d:f3:7d:02:
                    48:c3:6a:3c:7e:9a:92:02:68:7f:50:63:00:49:db:
                    c6:1f:8d:35:72:4b:a2:3f:2f:02:e5:cf:00:8c:75:
                    4f:a8:28:e8:50:c1:2b:11:9d:a7:ff:88:d8:6d:6f:
                    19:a6:65:c4:e4:ce:ac:5b:2c:d7:1d:62:cd:3b:76:
                    06:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A1:F3:2E:C3:CB:3A:55:E4:4F:85:C8:74:04:E8:25:DA:B7:F9:32
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.6.0/24
                  193.111.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:f7:96:52:c6:dd:3e:0e:0a:5a:b4:7d:a0:a5:20:04:2b:db:
         50:8e:a5:42:11:25:b0:56:ab:7a:34:40:f8:5a:cd:ee:e7:9b:
         e1:44:ea:f6:4e:4e:ca:46:17:9a:43:a1:7e:51:b7:7f:38:8f:
         bc:d8:d2:2f:e2:8e:06:ad:33:08:4a:40:e7:ab:d1:48:29:86:
         42:27:09:6e:c0:75:88:1a:40:d5:91:ce:36:69:58:4b:37:e9:
         71:5a:8d:2b:1c:58:bd:9f:00:ab:63:92:09:50:28:80:44:27:
         2e:2c:14:28:d6:7c:38:30:66:bb:64:c3:d3:15:fb:9e:27:56:
         9a:33:77:9a:25:6a:ea:31:45:16:7c:5c:f2:4e:9f:86:03:14:
         9f:df:f4:b8:e8:4d:17:8a:a0:bd:dc:12:25:0f:be:74:89:21:
         f6:f0:bf:36:ad:c0:fb:62:49:eb:ac:1f:6c:2e:11:43:e8:0d:
         0c:ad:23:26:52:c5:50:ac:d2:d2:01:15:e3:13:5a:00:d4:fc:
         6b:36:72:86:36:6d:71:1c:e1:da:88:44:2f:45:85:0b:09:8f:
         be:0c:7c:34:59:20:6f:9e:ad:51:6b:d0:6e:c8:be:86:7a:13:
         ed:98:5e:90:00:bf:dd:83:5e:35:90:80:66:c0:9d:b9:7d:12:
         b1:cb:c4:58
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUfW/GRmxoNMSv/JEwqoeLl58HOD4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAxMTUxNjMyMzdaFw0yNjAxMTQxNjM3MzdaMDMxMTAvBgNV
BAMTKDgxQTFGMzJFQzNDQjNBNTVFNDRGODVDODc0MDRFODI1REFCN0Y5MzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBGVZ46jlHJ5aJqEystSxDF3FP
fbDeT8TXQxuF0f1r6uv+Xqx9gA/6LNxi/fNMbzdXVLtUOIL8xST6b0ha6vumm5ih
xex1pfTIQEKoNWzWn4cfvp9naE34nICBxNnPR/2S9z1Me+Am2OC+yojqjxM4dBhg
vjzqq7T5kArcY6S9E1XwkzlXnS4l1ChKMRsBJQz4/kPl3k+V1opNpwnmkoayIcXV
DAZHNDdSTJ6BoV+LMrk68fQ+mdGe9o/RSxqIjfN9AkjDajx+mpICaH9QYwBJ28Yf
jTVyS6I/LwLlzwCMdU+oKOhQwSsRnaf/iNhtbxmmZcTkzqxbLNcdYs07dgYbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUgaHzLsPLOlXkT4XIdAToJdq3+TIwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA5NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwREG
AwQAwW9OMA0GCSqGSIb3DQEBCwUAA4IBAQCH95ZSxt0+DgpatH2gpSAEK9tQjqVC
ESWwVqt6NED4Ws3u55vhROr2Tk7KRheaQ6F+Ubd/OI+82NIv4o4GrTMISkDnq9FI
KYZCJwluwHWIGkDVkc42aVhLN+lxWo0rHFi9nwCrY5IJUCiARCcuLBQo1nw4MGa7
ZMPTFfueJ1aaM3eaJWrqMUUWfFzyTp+GAxSf3/S46E0XiqC93BIlD750iSH28L82
rcD7YknrrB9sLhFD6A0MrSMmUsVQrNLSARXjE1oA1PxrNnKGNm1xHOHaiEQvRYUL
CY++DHw0WSBvnq1Ra9BuyL6GehPtmF6QAL/dg141kIBmwJ25fRKxy8RY
-----END CERTIFICATE-----