Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          1wNyXe9G4LuSbNXhnvfmlBNvrXEZLFprLCPBGrioT8Q=
Subject key identifier:   32:CE:AD:48:A1:C6:30:35:66:3D:81:76:A1:1D:6F:71:C7:79:21:50
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1BCEFE3A4DD2A667393D368925FE64F5919E16AF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
Signing time:             Mon 14 Jul 2025 09:32:35 +0000
ROA not before:           Mon 14 Jul 2025 09:27:35 +0000
ROA not after:            Mon 13 Jul 2026 09:32:35 +0000
asID:                     22427
IP address blocks:        143.14.136.0/24 maxlen: 24
                          155.117.247.0/24 maxlen: 24
                          167.148.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:ce:fe:3a:4d:d2:a6:67:39:3d:36:89:25:fe:64:f5:91:9e:16:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 14 09:27:35 2025 GMT
            Not After : Jul 13 09:32:35 2026 GMT
        Subject: CN=32CEAD48A1C63035663D8176A11D6F71C7792150
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:0b:bb:99:e9:2d:b8:cc:17:6f:ab:58:8c:5a:
                    9f:e5:73:ae:77:7f:66:f1:5c:99:77:aa:e8:2c:90:
                    30:f0:78:f0:5d:26:8e:ce:5d:e9:bd:45:8a:00:1d:
                    1b:8d:53:9e:06:92:e8:6f:37:52:01:cf:4c:32:06:
                    9a:8f:74:ab:60:fb:3d:e0:fc:97:0b:68:9f:90:74:
                    a3:c1:8f:dc:e5:ca:5b:3b:4d:bb:7a:c6:a9:70:e2:
                    ca:f3:dd:8f:9e:2c:c6:f4:99:e1:e2:60:b8:84:44:
                    b5:49:01:03:e7:36:89:83:20:fd:9d:cf:53:ca:78:
                    11:83:0c:bc:da:9d:75:d0:07:6e:b9:75:4e:15:33:
                    b9:a3:c4:a5:84:a1:21:76:b3:8b:e1:3a:00:70:b3:
                    56:27:19:15:12:5c:3a:50:a7:f2:d0:2b:4d:44:ac:
                    13:a0:0c:e3:9e:21:0a:0c:1a:9d:7f:06:b1:ec:e9:
                    be:eb:19:d1:6f:82:4a:2a:e4:49:0d:8c:4d:4a:b4:
                    c7:a7:0a:85:da:7e:34:3e:59:05:e2:87:5a:ec:10:
                    26:bc:63:b4:d9:0e:5d:38:9d:da:d0:26:37:82:a8:
                    ab:d0:4e:93:1d:0c:76:77:43:12:e6:15:71:7d:59:
                    4e:2f:66:8b:4c:ea:47:ed:29:d6:e8:a1:4f:e9:4b:
                    1f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:CE:AD:48:A1:C6:30:35:66:3D:81:76:A1:1D:6F:71:C7:79:21:50
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.136.0/24
                  155.117.247.0/24
                  167.148.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:fb:52:66:e4:a2:33:a2:0e:a9:93:72:05:7f:1c:89:be:5e:
         3c:51:0f:72:40:22:2e:a8:68:a4:b6:9b:5b:cd:78:fd:db:5a:
         65:0b:4f:c1:bb:86:71:2f:b2:08:3e:4b:a3:e8:2a:88:5e:0d:
         d9:c3:13:6b:e5:d0:1d:de:d5:30:ce:e5:0d:a7:2b:bf:4f:34:
         5d:93:dc:8c:9e:f6:f7:dc:a5:a1:4d:9a:33:17:68:c9:e5:1f:
         88:db:1b:dd:7e:34:e8:f3:1b:26:87:a8:a6:6d:dd:9c:24:9a:
         71:2a:24:f6:f7:a5:13:52:3e:ee:8a:4d:4a:c9:22:9e:88:e9:
         98:f0:80:fd:01:bd:fd:b2:d4:3d:22:14:64:0b:07:95:29:48:
         5a:52:9c:ce:09:b1:f3:2d:b5:cc:db:78:8b:1c:a8:32:c0:47:
         98:a2:1b:3d:47:1d:9d:52:ef:64:80:bb:b0:88:b1:cf:2b:6f:
         79:86:d8:27:70:88:82:34:90:bf:05:31:ad:56:71:b6:12:0c:
         09:e6:5b:d5:fa:b5:6c:29:44:a6:28:37:a4:6b:65:36:38:d6:
         2c:6f:a1:d7:e8:5c:c6:1c:6e:55:e2:b1:41:b8:81:7d:b9:14:
         1b:18:f5:39:bf:ce:4e:b8:97:cf:b2:be:d4:1d:1d:11:7d:76:
         c0:ac:17:bd
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUG87+Ok3Spmc5PTaJJf5k9ZGeFq8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTQwOTI3MzVaFw0yNjA3MTMwOTMyMzVaMDMxMTAvBgNV
BAMTKDMyQ0VBRDQ4QTFDNjMwMzU2NjNEODE3NkExMUQ2RjcxQzc3OTIxNTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmC7uZ6S24zBdvq1iMWp/lc653
f2bxXJl3qugskDDwePBdJo7OXem9RYoAHRuNU54GkuhvN1IBz0wyBpqPdKtg+z3g
/JcLaJ+QdKPBj9zlyls7Tbt6xqlw4srz3Y+eLMb0meHiYLiERLVJAQPnNomDIP2d
z1PKeBGDDLzanXXQB265dU4VM7mjxKWEoSF2s4vhOgBws1YnGRUSXDpQp/LQK01E
rBOgDOOeIQoMGp1/BrHs6b7rGdFvgkoq5EkNjE1KtMenCoXafjQ+WQXih1rsECa8
Y7TZDl04ndrQJjeCqKvQTpMdDHZ3QxLmFXF9WU4vZotM6kftKdbooU/pSx+5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUMs6tSKHGMDVmPYF2oR1vccd5IVAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPDogD
BACbdfcDBACnlLMwDQYJKoZIhvcNAQELBQADggEBACf7UmbkojOiDqmTcgV/HIm+
XjxRD3JAIi6oaKS2m1vNeP3bWmULT8G7hnEvsgg+S6PoKoheDdnDE2vl0B3e1TDO
5Q2nK79PNF2T3Iye9vfcpaFNmjMXaMnlH4jbG91+NOjzGyaHqKZt3ZwkmnEqJPb3
pRNSPu6KTUrJIp6I6ZjwgP0Bvf2y1D0iFGQLB5UpSFpSnM4JsfMttczbeIscqDLA
R5iiGz1HHZ1S72SAu7CIsc8rb3mG2CdwiII0kL8FMa1WcbYSDAnmW9X6tWwpRKYo
N6RrZTY41ixvodfoXMYcblXisUG4gX25FBsY9Tm/zk64l8+yvtQdHRF9dsCsF70=
-----END CERTIFICATE-----