Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209557.roa
File:                     AS209557.roa (raw, json)
Hash identifier:          f6IqIFKysaQ2TAwjP3EBwYFdD0npGr9U7w/Aj7tz3E4=
Subject key identifier:   74:91:A4:3D:15:42:18:6B:CC:E9:8E:B6:C2:ED:A9:E0:68:F7:DA:9D
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2873813A2D0EB86AC4EA4CBC71A8AD72E2096364
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209557.roa
Signing time:             Tue 19 May 2026 11:32:15 +0000
ROA not before:           Tue 19 May 2026 11:27:15 +0000
ROA not after:            Tue 18 May 2027 11:32:15 +0000
asID:                     209557
IP address blocks:        141.11.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 17:49:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:73:81:3a:2d:0e:b8:6a:c4:ea:4c:bc:71:a8:ad:72:e2:09:63:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 19 11:27:15 2026 GMT
            Not After : May 18 11:32:15 2027 GMT
        Subject: CN=7491A43D1542186BCCE98EB6C2EDA9E068F7DA9D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:86:c3:4e:21:53:64:be:e1:ef:fa:24:61:a6:
                    30:d7:65:bc:29:e8:6c:9a:5b:3a:44:2f:be:23:5e:
                    f4:2f:40:29:8f:50:37:30:a7:03:f6:35:e6:2a:97:
                    d6:45:9e:48:bc:8b:20:c2:2f:86:03:18:f5:4b:8b:
                    e0:bc:e0:65:4b:8c:13:d0:f3:8b:8f:9c:ae:d4:1d:
                    88:78:d5:a1:53:ed:81:c1:50:f1:94:12:51:6e:45:
                    1f:1a:25:08:97:50:3c:e3:b8:dc:c7:32:97:f0:97:
                    f5:0f:d6:f1:61:34:9e:82:23:e6:a0:01:a4:f0:54:
                    1f:c0:68:7d:36:c4:44:e6:88:6a:c8:43:8d:18:4c:
                    7c:55:78:fc:ec:93:af:d9:94:88:dd:8b:c5:72:14:
                    8a:69:e5:86:59:83:7e:62:a8:e6:fa:af:7f:ef:d8:
                    e9:05:03:4a:2f:99:5a:43:64:c4:c1:0c:0d:8c:bf:
                    88:45:51:9e:27:72:d7:aa:c8:ba:aa:72:3f:f4:c7:
                    69:f8:d9:df:89:bb:f3:50:8e:a3:38:dd:e1:29:28:
                    5a:60:c2:0f:6f:2c:4e:7c:d5:06:a5:9d:55:94:a4:
                    a0:18:c1:75:83:c3:f7:3f:d9:00:df:e3:bb:29:99:
                    73:47:d1:a9:86:c4:17:3b:47:a8:29:b6:ac:23:82:
                    be:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:91:A4:3D:15:42:18:6B:CC:E9:8E:B6:C2:ED:A9:E0:68:F7:DA:9D
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS209557.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d7:da:69:64:6b:04:32:37:d1:80:e0:d7:89:e7:3c:5a:9e:7e:
         bc:22:ad:f1:ee:40:a6:60:34:1f:ea:75:a8:c4:c0:d5:9a:34:
         35:6d:eb:d2:45:70:d0:38:d1:b6:d6:84:64:10:45:d7:1b:5c:
         a2:54:34:80:47:a2:8b:37:39:92:f7:1d:57:20:76:21:a0:24:
         c0:3e:7e:93:35:3f:be:3b:bf:e6:ba:a4:c5:52:a9:90:f6:06:
         be:73:b1:a7:22:6a:16:39:68:18:f0:2b:bf:77:ec:f6:41:4d:
         9b:57:91:15:2b:4f:ab:98:98:5a:40:a8:ff:70:51:ca:b5:b1:
         13:9a:71:ca:d5:c7:04:9a:f7:d1:fd:2f:a6:c5:9f:e2:13:42:
         9f:57:e1:b8:84:c2:4f:4c:a0:06:ba:63:8c:c9:3d:be:5f:b7:
         aa:3b:11:36:ce:12:0d:bd:98:02:6e:4b:7a:af:dd:74:5f:17:
         ef:69:fb:5a:f6:8d:d6:6c:2b:24:24:15:a0:35:75:9f:a5:03:
         61:ff:77:e0:c2:4b:74:81:fa:89:b1:8a:e6:9f:66:5d:1d:6d:
         84:2c:70:d3:37:27:68:ee:60:1e:25:45:ea:5b:e4:92:9d:e4:
         39:0f:e4:df:43:c1:f7:fc:cb:ed:61:f6:e0:83:c0:64:8a:9c:
         92:48:f8:ed
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKHOBOi0OuGrE6ky8caitcuIJY2QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTkxMTI3MTVaFw0yNzA1MTgxMTMyMTVaMDMxMTAvBgNV
BAMTKDc0OTFBNDNEMTU0MjE4NkJDQ0U5OEVCNkMyRURBOUUwNjhGN0RBOUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlhsNOIVNkvuHv+iRhpjDXZbwp
6GyaWzpEL74jXvQvQCmPUDcwpwP2NeYql9ZFnki8iyDCL4YDGPVLi+C84GVLjBPQ
84uPnK7UHYh41aFT7YHBUPGUElFuRR8aJQiXUDzjuNzHMpfwl/UP1vFhNJ6CI+ag
AaTwVB/AaH02xETmiGrIQ40YTHxVePzsk6/ZlIjdi8VyFIpp5YZZg35iqOb6r3/v
2OkFA0ovmVpDZMTBDA2Mv4hFUZ4ncteqyLqqcj/0x2n42d+Ju/NQjqM43eEpKFpg
wg9vLE581QalnVWUpKAYwXWDw/c/2QDf47spmXNH0amGxBc7R6gptqwjgr5XAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdJGkPRVCGGvM6Y62wu2p4Gj32p0wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjA5NTU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDX2mlkawQyN9GA4NeJ5zxann68Iq3x7kCmYDQf
6nWoxMDVmjQ1bevSRXDQONG21oRkEEXXG1yiVDSAR6KLNzmS9x1XIHYhoCTAPn6T
NT++O7/muqTFUqmQ9ga+c7GnImoWOWgY8Cu/d+z2QU2bV5EVK0+rmJhaQKj/cFHK
tbETmnHK1ccEmvfR/S+mxZ/iE0KfV+G4hMJPTKAGumOMyT2+X7eqOxE2zhINvZgC
bkt6r910Xxfvafta9o3WbCskJBWgNXWfpQNh/3fgwkt0gfqJsYrmn2ZdHW2ELHDT
Nydo7mAeJUXqW+SSneQ5D+TfQ8H3/MvtYfbgg8BkipySSPjt
-----END CERTIFICATE-----