Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa
File:                     AS209474.roa (raw, json)
Hash identifier:          8WyY50MWf2Hfbw2950nOGLiIE+FeO23xAKd6eVU/oqE=
Subject key identifier:   9A:C0:AF:56:61:97:5F:19:95:A3:2C:40:12:D3:BC:98:2C:50:F2:FD
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       43295E7E763864D5B261468FFABDB1B14B2F72DF
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa
Signing time:             Mon 10 Feb 2025 20:26:06 +0000
ROA not before:           Mon 10 Feb 2025 20:21:06 +0000
ROA not after:            Mon 09 Feb 2026 20:26:06 +0000
asID:                     209474
IP address blocks:        193.17.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            43:29:5e:7e:76:38:64:d5:b2:61:46:8f:fa:bd:b1:b1:4b:2f:72:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Feb 10 20:21:06 2025 GMT
            Not After : Feb  9 20:26:06 2026 GMT
        Subject: CN=9AC0AF5661975F1995A32C4012D3BC982C50F2FD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:02:35:13:1b:1a:fb:03:0e:cb:72:84:f9:c9:
                    2d:3e:fc:2e:e7:a8:20:24:b5:7d:d6:68:34:c1:d2:
                    6c:a2:83:6e:20:49:e7:72:f7:6a:89:fd:9d:3b:c6:
                    d2:e9:d8:4c:26:ff:28:09:96:42:ef:bd:64:e2:a1:
                    9e:0e:08:f3:8d:cb:75:89:7b:b8:54:55:9d:7d:20:
                    9e:83:80:e6:d4:54:0a:7e:41:a2:a4:ac:3c:d9:e3:
                    77:02:45:9d:3d:5a:14:6a:f4:60:4b:a9:e0:48:ba:
                    57:f7:b2:d8:0e:0c:a7:80:17:1d:dc:af:15:e8:8e:
                    46:bc:b6:f3:fd:c4:55:20:f2:83:93:ce:c5:ad:5b:
                    bd:ab:c4:53:50:28:ab:a8:c2:48:36:d6:82:50:d9:
                    a8:bc:a2:8c:7c:a2:d0:ed:af:5c:79:66:2b:3f:7f:
                    3b:7c:4e:2d:82:7d:46:a9:19:ce:bc:3e:d5:bb:a8:
                    00:f2:f2:b7:20:b0:54:4f:b6:34:93:5c:5d:7c:fa:
                    92:da:c1:10:0e:d4:e3:8d:0f:ec:ae:52:b8:02:57:
                    7d:2c:5e:b2:4a:51:13:a4:fb:e0:41:05:f4:9f:ff:
                    9c:b1:bb:9b:a6:e6:af:94:09:50:bb:23:72:f1:f2:
                    db:4e:a7:d1:76:c7:d9:c6:e3:86:03:de:3b:71:22:
                    7a:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C0:AF:56:61:97:5F:19:95:A3:2C:40:12:D3:BC:98:2C:50:F2:FD
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS209474.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.17.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:a7:09:00:4a:5e:49:e3:77:3f:98:91:0a:22:53:f9:2f:c7:
         f8:a5:94:e2:9b:d1:0d:6b:83:a4:c7:38:af:ee:50:e7:5f:43:
         34:fb:87:5d:b6:88:b0:76:b9:92:71:3d:56:c3:c3:3e:84:80:
         4a:09:23:69:31:3f:87:0a:3d:e8:33:43:99:4c:b6:c8:eb:9c:
         11:34:da:85:4f:e1:7f:bc:64:50:02:c0:1c:c2:98:c9:9b:bb:
         82:7a:50:f7:95:ae:33:31:26:c5:4e:45:26:ac:7a:d2:ba:12:
         ed:b5:44:16:03:e7:fe:47:a1:9d:6f:34:25:f4:24:7d:f5:4f:
         85:ec:0b:dd:0c:0f:f2:55:e3:dc:b7:f3:df:8d:a9:d8:a1:6f:
         40:58:77:60:86:1b:39:b9:3a:94:8b:78:fe:e1:fe:58:b0:ce:
         c0:3f:e3:4c:8e:09:77:c8:f1:75:12:96:fa:0f:40:7f:a0:0c:
         e5:63:38:02:19:97:e3:25:b7:de:d1:be:5c:53:de:ca:f4:b4:
         02:ee:5a:ee:70:c0:ef:ed:f4:31:de:6b:a5:03:a1:ec:bb:20:
         88:e9:4d:60:01:4b:52:51:13:87:6d:37:43:fb:85:31:9d:9e:
         9c:bc:4a:9b:ff:99:0e:ec:c9:c5:a6:4b:69:0f:4f:47:c8:8c:
         2f:07:f6:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQylefnY4ZNWyYUaP+r2xsUsvct8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTAyMTAyMDIxMDZaFw0yNjAyMDkyMDI2MDZaMDMxMTAvBgNV
BAMTKDlBQzBBRjU2NjE5NzVGMTk5NUEzMkM0MDEyRDNCQzk4MkM1MEYyRkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5AjUTGxr7Aw7LcoT5yS0+/C7n
qCAktX3WaDTB0myig24gSedy92qJ/Z07xtLp2Ewm/ygJlkLvvWTioZ4OCPONy3WJ
e7hUVZ19IJ6DgObUVAp+QaKkrDzZ43cCRZ09WhRq9GBLqeBIulf3stgODKeAFx3c
rxXojka8tvP9xFUg8oOTzsWtW72rxFNQKKuowkg21oJQ2ai8oox8otDtr1x5Zis/
fzt8Ti2CfUapGc68PtW7qADy8rcgsFRPtjSTXF18+pLawRAO1OOND+yuUrgCV30s
XrJKUROk++BBBfSf/5yxu5um5q+UCVC7I3Lx8ttOp9F2x9nG44YD3jtxInqvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmsCvVmGXXxmVoyxAEtO8mCxQ8v0wHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMjA5NDc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwREG
MA0GCSqGSIb3DQEBCwUAA4IBAQAKpwkASl5J43c/mJEKIlP5L8f4pZTim9ENa4Ok
xziv7lDnX0M0+4ddtoiwdrmScT1Ww8M+hIBKCSNpMT+HCj3oM0OZTLbI65wRNNqF
T+F/vGRQAsAcwpjJm7uCelD3la4zMSbFTkUmrHrSuhLttUQWA+f+R6GdbzQl9CR9
9U+F7AvdDA/yVePct/PfjanYoW9AWHdghhs5uTqUi3j+4f5YsM7AP+NMjgl3yPF1
Epb6D0B/oAzlYzgCGZfjJbfe0b5cU97K9LQC7lrucMDv7fQx3mulA6HsuyCI6U1g
AUtSUROHbTdD+4UxnZ6cvEqb/5kO7MnFpktpD09HyIwvB/Za
-----END CERTIFICATE-----