Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57169.roa
File:                     AS57169.roa (raw, json)
Hash identifier:          hZUkbSeDL3iaEU3Thid2VjVKreztH1qcanIVnC9QY5c=
Subject key identifier:   AB:86:7E:47:AB:EC:C5:04:BF:91:47:8B:D4:C7:49:DF:82:6F:F5:3E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       724373250140DE1AF23AA4E32BF4EBF75240A99A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57169.roa
Signing time:             Mon 21 Jul 2025 21:52:43 +0000
ROA not before:           Mon 21 Jul 2025 21:47:43 +0000
ROA not after:            Mon 20 Jul 2026 21:52:43 +0000
asID:                     57169
IP address blocks:        162.141.12.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:43:73:25:01:40:de:1a:f2:3a:a4:e3:2b:f4:eb:f7:52:40:a9:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 21 21:47:43 2025 GMT
            Not After : Jul 20 21:52:43 2026 GMT
        Subject: CN=AB867E47ABECC504BF91478BD4C749DF826FF53E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:bd:44:58:23:00:8e:45:14:0c:d9:5f:2c:50:
                    a9:ba:09:f4:f1:e4:53:26:4f:d0:6a:5f:94:1b:d7:
                    45:f8:a7:92:40:e8:74:2a:1d:10:30:ad:0d:74:47:
                    e6:b1:11:cd:01:d8:ed:da:55:09:0f:2c:f7:cf:47:
                    0c:3e:bf:1e:47:e9:6a:4f:9b:06:b7:4c:3a:b8:c1:
                    9a:bd:e4:8b:e4:e9:06:22:e9:31:01:cb:35:88:56:
                    b4:c9:44:33:52:f8:29:8d:ef:b1:58:93:82:4c:b3:
                    7d:6e:f7:08:2c:68:fe:a1:4d:b1:56:96:bc:c9:d3:
                    fb:1d:c0:56:7f:67:a9:6f:0f:35:e8:2d:40:34:75:
                    73:8c:58:57:98:89:a6:5e:f2:32:0e:15:a0:48:8f:
                    0a:9f:95:35:6e:72:4f:e1:c1:a3:6d:1d:30:43:7c:
                    5e:46:14:12:6a:2d:ab:dc:ba:b8:11:ae:8d:d3:e0:
                    af:aa:4f:b3:44:ef:da:62:c3:fd:62:37:45:b3:2a:
                    c2:54:da:1f:74:c7:36:e4:f6:a7:d2:7c:68:9a:70:
                    cc:f7:b1:39:34:50:ce:8e:5a:a1:cb:25:6e:3c:18:
                    51:c8:3b:52:f4:7e:45:75:8a:7c:8c:ac:b6:6a:a2:
                    fd:06:f2:5e:44:f1:8d:64:3d:68:63:e5:75:d0:da:
                    57:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:86:7E:47:AB:EC:C5:04:BF:91:47:8B:D4:C7:49:DF:82:6F:F5:3E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57169.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ec:06:ba:50:39:c7:27:c5:ca:f1:cc:08:c0:bd:83:3e:91:
         53:d4:a3:ee:d7:e4:34:35:f0:26:4a:c5:10:6f:15:16:86:e0:
         d6:f4:83:a3:dd:33:36:b0:60:c3:46:6e:31:cb:8e:9e:4b:22:
         3f:00:c3:e7:42:48:8e:96:20:3e:d9:cf:7b:82:6b:6e:5e:55:
         93:ef:d7:c9:53:0e:e8:b5:71:aa:65:53:7a:a9:0a:00:b2:2a:
         e5:4b:6d:ef:79:04:43:c2:ca:ac:f7:34:6b:ca:dd:8c:2f:7a:
         31:8f:e0:72:c7:cf:85:8b:89:cf:77:ef:9c:ff:cc:d8:24:ed:
         ca:72:e7:ca:a3:14:f6:7c:c3:67:c6:be:98:15:1e:08:7b:67:
         5e:3d:c1:1d:67:48:24:c8:24:3f:66:2b:11:99:2a:65:5c:28:
         2f:d4:f8:40:0a:71:fb:60:b4:7c:f8:63:e1:ab:4a:76:17:d8:
         b8:cf:2d:16:ce:fe:f7:f8:93:3a:36:b4:f0:de:05:89:81:e8:
         45:5e:a4:9d:07:3f:7e:aa:52:fc:b6:e6:8f:a4:52:73:5d:0d:
         43:a7:f2:29:42:9d:dd:32:a9:62:6b:a2:21:07:58:4d:46:cb:
         6c:bb:0c:3a:c8:0a:f1:40:c6:18:5a:3d:16:ac:c2:5d:fc:34:
         e5:43:41:8b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUckNzJQFA3hryOqTjK/Tr91JAqZowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MjEyMTQ3NDNaFw0yNjA3MjAyMTUyNDNaMDMxMTAvBgNV
BAMTKEFCODY3RTQ3QUJFQ0M1MDRCRjkxNDc4QkQ0Qzc0OURGODI2RkY1M0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCkvURYIwCORRQM2V8sUKm6CfTx
5FMmT9BqX5Qb10X4p5JA6HQqHRAwrQ10R+axEc0B2O3aVQkPLPfPRww+vx5H6WpP
mwa3TDq4wZq95Ivk6QYi6TEByzWIVrTJRDNS+CmN77FYk4JMs31u9wgsaP6hTbFW
lrzJ0/sdwFZ/Z6lvDzXoLUA0dXOMWFeYiaZe8jIOFaBIjwqflTVuck/hwaNtHTBD
fF5GFBJqLavcurgRro3T4K+qT7NE79piw/1iN0WzKsJU2h90xzbk9qfSfGiacMz3
sTk0UM6OWqHLJW48GFHIO1L0fkV1inyMrLZqov0G8l5E8Y1kPWhj5XXQ2lc9AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUq4Z+R6vsxQS/kUeL1MdJ34Jv9T4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcxNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACijQww
DQYJKoZIhvcNAQELBQADggEBAGHsBrpQOccnxcrxzAjAvYM+kVPUo+7X5DQ18CZK
xRBvFRaG4Nb0g6PdMzawYMNGbjHLjp5LIj8Aw+dCSI6WID7Zz3uCa25eVZPv18lT
Dui1caplU3qpCgCyKuVLbe95BEPCyqz3NGvK3YwvejGP4HLHz4WLic9375z/zNgk
7cpy58qjFPZ8w2fGvpgVHgh7Z149wR1nSCTIJD9mKxGZKmVcKC/U+EAKcftgtHz4
Y+GrSnYX2LjPLRbO/vf4kzo2tPDeBYmB6EVepJ0HP36qUvy25o+kUnNdDUOn8ilC
nd0yqWJroiEHWE1Gy2y7DDrICvFAxhhaPRaswl38NOVDQYs=
-----END CERTIFICATE-----