Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208504.roa
File:                     AS208504.roa (raw, json)
Hash identifier:          sycvs0b8frTlD7DOAsAqe2Cbp0V7k638M3JtBXBViCk=
Subject key identifier:   72:C2:EF:C7:39:CF:20:6B:B7:93:90:AE:2E:7C:C5:48:76:79:5B:31
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       069B68A0D337DBD62DE285193427165B0B84E8C1
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208504.roa
Signing time:             Tue 21 Apr 2026 17:04:33 +0000
ROA not before:           Tue 21 Apr 2026 16:59:33 +0000
ROA not after:            Tue 20 Apr 2027 17:04:33 +0000
asID:                     208504
IP address blocks:        46.202.49.0/24 maxlen: 24
                          91.124.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 20:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            06:9b:68:a0:d3:37:db:d6:2d:e2:85:19:34:27:16:5b:0b:84:e8:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 21 16:59:33 2026 GMT
            Not After : Apr 20 17:04:33 2027 GMT
        Subject: CN=72C2EFC739CF206BB79390AE2E7CC54876795B31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:f3:3c:28:eb:1e:07:da:b7:dc:75:bb:d4:84:
                    51:5e:0d:3e:40:2f:e4:6e:17:e2:f4:c3:b3:01:4e:
                    b4:37:ba:05:e4:74:48:c7:5b:f5:ab:be:48:6a:5b:
                    2e:02:5c:dd:0c:b1:21:30:f1:2f:43:46:67:4a:b1:
                    88:6d:41:56:02:29:32:c7:84:9e:43:7b:c0:eb:2e:
                    55:3b:49:93:23:ad:d4:69:98:99:bd:d7:02:6c:9e:
                    20:15:3c:f9:cf:5e:63:8d:44:70:24:9b:a6:47:8b:
                    0e:87:be:24:54:e2:b7:3e:a5:12:c2:a8:0e:da:76:
                    74:37:82:76:d1:12:e4:16:f2:f1:50:c6:dc:9f:d3:
                    d4:02:d0:db:2c:f7:10:61:55:cf:07:b3:bd:78:01:
                    2f:42:03:c0:97:86:fa:ee:1f:f4:2a:7a:49:c9:3b:
                    67:10:24:f8:1f:05:6a:ef:73:7d:b0:2c:33:37:fe:
                    22:6b:73:fa:e7:e3:3f:70:27:63:42:07:9f:af:ef:
                    c5:20:4e:dc:3f:5e:89:03:49:38:38:79:4a:3a:2c:
                    cc:e9:6f:cd:59:7d:b7:dd:57:85:cf:24:25:b7:41:
                    84:67:9a:7e:54:0c:be:17:8b:1a:ab:ec:a2:ee:b0:
                    6b:cc:d6:a1:ea:c7:b5:1b:38:a5:4f:b5:9c:89:58:
                    a2:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:C2:EF:C7:39:CF:20:6B:B7:93:90:AE:2E:7C:C5:48:76:79:5B:31
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS208504.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.49.0/24
                  91.124.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:dc:d8:be:cd:d4:81:a7:96:3c:65:c9:ae:da:e5:7c:a7:6e:
         ba:30:4b:34:6d:8f:c2:95:6e:78:2c:38:36:1c:b3:79:a0:81:
         82:63:8b:c6:4b:92:9e:e2:27:60:a6:be:bf:fc:58:1e:56:45:
         00:a2:6b:c5:82:bd:03:7f:22:99:f8:02:d8:64:5f:2e:11:6b:
         e2:8f:1e:f4:b5:5f:7d:af:4d:34:46:51:13:52:be:8b:86:67:
         54:69:63:c7:61:38:e1:39:ac:ba:f7:fe:78:21:62:d8:66:7a:
         ea:42:6a:9f:25:bc:c7:ea:ca:14:f8:ff:42:e2:22:bf:69:24:
         c0:58:02:22:a2:bf:93:0c:bd:4e:3a:f5:f9:05:a1:96:34:af:
         20:55:34:1d:14:2c:24:9c:92:13:57:03:fb:a6:63:cb:ca:ed:
         a5:40:cb:57:16:41:39:4d:87:c0:fc:98:c4:9f:2c:11:b6:f0:
         da:1a:83:6c:ec:7f:6f:6b:cf:57:d6:55:30:ef:5f:9d:49:8e:
         c1:f7:da:4b:ae:12:5e:67:eb:90:2c:d1:e8:25:76:cf:b7:2b:
         53:4a:43:66:ed:e1:33:56:18:47:ab:50:b6:84:ae:ec:a0:f9:
         a8:e1:2c:28:86:f3:a0:3b:c8:64:54:1f:86:79:c4:3e:6a:a8:
         15:2f:30:d6
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBptooNM329Yt4oUZNCcWWwuE6MEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjExNjU5MzNaFw0yNzA0MjAxNzA0MzNaMDMxMTAvBgNV
BAMTKDcyQzJFRkM3MzlDRjIwNkJCNzkzOTBBRTJFN0NDNTQ4NzY3OTVCMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCn8zwo6x4H2rfcdbvUhFFeDT5A
L+RuF+L0w7MBTrQ3ugXkdEjHW/WrvkhqWy4CXN0MsSEw8S9DRmdKsYhtQVYCKTLH
hJ5De8DrLlU7SZMjrdRpmJm91wJsniAVPPnPXmONRHAkm6ZHiw6HviRU4rc+pRLC
qA7adnQ3gnbREuQW8vFQxtyf09QC0Nss9xBhVc8Hs714AS9CA8CXhvruH/QqeknJ
O2cQJPgfBWrvc32wLDM3/iJrc/rn4z9wJ2NCB5+v78UgTtw/XokDSTg4eUo6LMzp
b81ZfbfdV4XPJCW3QYRnmn5UDL4Xixqr7KLusGvM1qHqx7UbOKVPtZyJWKJbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUcsLvxznPIGu3k5CuLnzFSHZ5WzEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjA4NTA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsox
AwQAW3wLMA0GCSqGSIb3DQEBCwUAA4IBAQB93Ni+zdSBp5Y8Zcmu2uV8p266MEs0
bY/ClW54LDg2HLN5oIGCY4vGS5Ke4idgpr6//FgeVkUAomvFgr0DfyKZ+ALYZF8u
EWvijx70tV99r000RlETUr6LhmdUaWPHYTjhOay69/54IWLYZnrqQmqfJbzH6soU
+P9C4iK/aSTAWAIior+TDL1OOvX5BaGWNK8gVTQdFCwknJITVwP7pmPLyu2lQMtX
FkE5TYfA/JjEnywRtvDaGoNs7H9va89X1lUw71+dSY7B99pLrhJeZ+uQLNHoJXbP
tytTSkNm7eEzVhhHq1C2hK7soPmo4SwohvOgO8hkVB+GecQ+aqgVLzDW
-----END CERTIFICATE-----