Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          xcjtdhX7eIAwz7E+yQDjkEVT0kkofNijuRBRsLlYLwA=
Subject key identifier:   A1:6E:E4:5D:05:8A:8D:5F:6D:C0:41:FD:0A:74:B7:63:C2:BB:58:2E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3BC911847CBFD4526E97D327A449FB478FC2EE6E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
Signing time:             Tue 16 Jun 2026 13:35:04 +0000
ROA not before:           Tue 16 Jun 2026 13:30:04 +0000
ROA not after:            Tue 15 Jun 2027 13:35:04 +0000
asID:                     57043
IP address blocks:        140.150.226.0/24 maxlen: 24
                          148.135.208.0/24 maxlen: 24
                          148.135.209.0/24 maxlen: 24
                          148.135.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 30 Jun 2026 10:50:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:c9:11:84:7c:bf:d4:52:6e:97:d3:27:a4:49:fb:47:8f:c2:ee:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 16 13:30:04 2026 GMT
            Not After : Jun 15 13:35:04 2027 GMT
        Subject: CN=A16EE45D058A8D5F6DC041FD0A74B763C2BB582E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:41:f5:7c:56:bd:c8:64:80:24:76:1f:c1:39:
                    b8:20:18:28:5c:0e:6a:84:1a:a0:58:7b:d9:ec:7a:
                    6d:0d:da:36:f2:9a:cc:d4:7d:49:35:08:d5:08:48:
                    3e:74:16:87:0a:08:c9:be:47:de:87:65:47:c5:b7:
                    af:80:1e:f1:2a:69:f4:f9:cf:15:d1:cc:49:38:ba:
                    5f:20:2d:64:2e:1c:12:b5:97:d6:6f:05:60:4a:ff:
                    45:f3:3f:cc:c7:4a:cc:b8:5e:30:20:eb:5d:bc:49:
                    49:88:48:a1:0b:46:26:80:fc:f8:39:67:34:ee:48:
                    06:2f:ca:fe:f5:9a:18:34:9c:9f:d0:54:47:9f:25:
                    03:98:ab:79:0b:41:90:47:84:7e:5b:28:9d:88:9a:
                    ae:31:9b:02:a5:9d:99:62:f3:b3:d4:a9:66:59:1d:
                    ca:42:c1:e8:be:eb:d9:f0:18:29:2f:1e:f8:d6:41:
                    bf:76:64:7a:e3:5c:c0:72:2a:2e:71:25:3c:ef:27:
                    da:e6:f3:62:3a:9e:14:8a:28:f1:c6:25:08:1a:02:
                    73:d2:ea:00:82:08:6c:3b:0c:1f:8e:2a:40:cc:28:
                    27:f3:d6:4e:c5:35:24:5f:fa:fc:99:6a:1b:cb:9a:
                    83:a9:3e:61:67:19:b0:0a:fd:b2:27:2e:fa:6f:a8:
                    d1:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:6E:E4:5D:05:8A:8D:5F:6D:C0:41:FD:0A:74:B7:63:C2:BB:58:2E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.226.0/24
                  148.135.208.0/23
                  148.135.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:a6:85:f0:e3:b3:ff:7a:a1:59:09:92:c5:98:bc:46:90:24:
         5d:28:94:c6:83:a0:42:9e:04:ed:81:47:14:8b:8e:a9:06:b9:
         e3:b2:c3:14:f1:82:b3:6e:6c:13:63:64:9f:a1:a5:cf:2b:f5:
         c1:75:39:e0:07:98:ce:98:29:ee:71:0f:fd:40:38:b3:39:3e:
         9c:d8:c8:c1:73:a3:44:46:8b:16:f3:71:e8:20:4f:40:e4:2a:
         31:8d:73:65:54:e6:ca:d4:3a:44:33:c4:12:3e:78:a0:f1:ea:
         55:9a:9b:a2:e6:8e:28:b5:fe:5d:2d:c0:51:0d:8c:d9:2a:c6:
         77:62:7a:f2:fd:88:c4:66:21:96:ce:60:da:61:ec:40:b1:b8:
         aa:f0:9c:a0:45:43:97:a5:b4:0a:2e:12:52:43:78:96:6d:45:
         ac:1e:41:12:b1:81:9c:77:20:09:51:80:de:f0:5b:89:e2:60:
         b4:d4:66:0a:1a:f7:0b:2b:e3:04:05:d9:ef:22:87:f1:61:f9:
         26:cb:11:1f:ea:6d:52:a3:13:48:cf:fe:e3:a4:1d:25:19:d1:
         a7:34:22:d2:d3:9f:6a:0d:e1:ae:07:4b:2f:f4:1e:16:a9:30:
         f3:d8:92:90:a2:33:11:c0:d3:e7:68:57:30:97:bc:25:50:83:
         83:46:0b:54
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUO8kRhHy/1FJul9MnpEn7R4/C7m4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTYxMzMwMDRaFw0yNzA2MTUxMzM1MDRaMDMxMTAvBgNV
BAMTKEExNkVFNDVEMDU4QThENUY2REMwNDFGRDBBNzRCNzYzQzJCQjU4MkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGQfV8Vr3IZIAkdh/BObggGChc
DmqEGqBYe9nsem0N2jbymszUfUk1CNUISD50FocKCMm+R96HZUfFt6+AHvEqafT5
zxXRzEk4ul8gLWQuHBK1l9ZvBWBK/0XzP8zHSsy4XjAg6128SUmISKELRiaA/Pg5
ZzTuSAYvyv71mhg0nJ/QVEefJQOYq3kLQZBHhH5bKJ2Imq4xmwKlnZli87PUqWZZ
HcpCwei+69nwGCkvHvjWQb92ZHrjXMByKi5xJTzvJ9rm82I6nhSKKPHGJQgaAnPS
6gCCCGw7DB+OKkDMKCfz1k7FNSRf+vyZahvLmoOpPmFnGbAK/bInLvpvqNEtAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUoW7kXQWKjV9twEH9CnS3Y8K7WC4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACMluID
BAGUh9ADBACUh9MwDQYJKoZIhvcNAQELBQADggEBALWmhfDjs/96oVkJksWYvEaQ
JF0olMaDoEKeBO2BRxSLjqkGueOywxTxgrNubBNjZJ+hpc8r9cF1OeAHmM6YKe5x
D/1AOLM5PpzYyMFzo0RGixbzceggT0DkKjGNc2VU5srUOkQzxBI+eKDx6lWam6Lm
jii1/l0twFENjNkqxndievL9iMRmIZbOYNph7ECxuKrwnKBFQ5eltAouElJDeJZt
RaweQRKxgZx3IAlRgN7wW4niYLTUZgoa9wsr4wQF2e8ih/Fh+SbLER/qbVKjE0jP
/uOkHSUZ0ac0ItLTn2oN4a4HSy/0HhapMPPYkpCiMxHA0+doVzCXvCVQg4NGC1Q=
-----END CERTIFICATE-----