Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6935.roa
File:                     AS6935.roa (raw, json)
Hash identifier:          CCLmtM6NIhHFsBvGWfQeb1BZrqjlXAJ9MCHob2nJ8XA=
Subject key identifier:   32:32:0C:79:7E:8A:23:24:1A:B5:CC:24:36:3E:8F:C6:B0:C2:42:29
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       498F133CE8655861A991185D265ED69917CDEF46
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6935.roa
Signing time:             Mon 20 Oct 2025 04:39:08 +0000
ROA not before:           Mon 20 Oct 2025 04:34:08 +0000
ROA not after:            Mon 19 Oct 2026 04:39:08 +0000
asID:                     6935
IP address blocks:        143.14.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 18:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:8f:13:3c:e8:65:58:61:a9:91:18:5d:26:5e:d6:99:17:cd:ef:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 20 04:34:08 2025 GMT
            Not After : Oct 19 04:39:08 2026 GMT
        Subject: CN=32320C797E8A23241AB5CC24363E8FC6B0C24229
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:df:5e:92:d2:cb:31:b9:ae:f6:6a:a9:2c:99:
                    06:69:56:e4:f8:51:a1:b6:47:9c:8a:d8:83:4e:43:
                    f7:10:c9:51:f0:e7:ba:06:75:79:7e:7a:42:0c:1c:
                    79:6a:7e:4b:89:1d:f7:91:cd:a2:57:b2:e9:64:8e:
                    fd:11:a9:50:4a:4e:46:99:3a:35:9d:43:0c:13:43:
                    5e:5b:c0:43:24:30:c4:e1:e2:26:86:df:42:3b:bb:
                    ab:f2:be:e9:df:d0:88:96:30:06:26:d4:6d:93:fc:
                    64:98:f0:68:65:20:43:69:f6:5a:e0:b2:45:b9:80:
                    86:af:df:be:12:b3:9f:92:4d:8e:a7:d6:7b:54:cf:
                    cd:7a:34:9a:df:0a:85:c6:12:6c:96:2c:c5:bf:70:
                    8d:67:73:07:fa:ce:9d:9a:0f:69:0a:3d:ab:c7:19:
                    55:a5:aa:a1:9c:5d:92:15:55:69:31:64:6d:c9:da:
                    fb:7d:f5:44:6e:1d:03:3d:c6:3d:b5:88:a0:72:78:
                    fa:4e:9f:70:09:25:43:ab:77:34:90:e3:77:a1:c6:
                    50:8e:f6:3e:3a:34:e8:c4:b2:f5:b3:91:76:6b:1d:
                    f1:8a:86:d1:3d:e6:1e:5f:d1:c7:14:cf:21:88:5f:
                    b4:c1:8f:8a:53:a4:f3:58:f4:d2:7a:5d:60:98:e4:
                    c7:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:32:0C:79:7E:8A:23:24:1A:B5:CC:24:36:3E:8F:C6:B0:C2:42:29
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6935.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:e1:a3:80:e7:ff:3e:a3:ca:9d:88:82:c7:99:9f:63:5d:9e:
         78:b5:98:df:28:5c:f4:27:4d:43:7e:a9:cb:85:4e:17:4d:41:
         5e:1a:40:7a:21:23:a0:e0:f8:ae:98:48:63:5c:da:58:3c:ed:
         70:bd:a0:d6:fd:72:95:e9:d0:8e:6d:7d:8a:ce:97:b3:dc:5c:
         02:1d:28:b1:c5:c6:35:45:0e:ed:cd:f9:e0:fa:f0:13:58:8e:
         5f:9a:1f:36:8d:12:e5:72:86:88:8a:5a:56:c0:06:a7:87:ab:
         30:13:e7:28:3b:66:d0:a2:b0:03:4d:f1:1a:4c:f2:15:cd:44:
         62:1c:a4:55:f7:3f:66:5d:1e:11:3f:94:7e:ce:47:ed:93:92:
         03:73:d2:2b:7c:8f:c7:fb:6a:d5:1b:41:74:62:e3:c0:55:47:
         a8:c4:7c:49:e4:f9:94:35:95:54:b1:1c:96:21:9b:6b:26:ec:
         aa:6e:4c:7c:22:56:7f:21:32:55:a1:a7:5c:bd:2f:b8:34:d4:
         9b:f9:f6:29:99:5e:1f:7b:6d:59:ad:04:bd:90:1a:6f:e2:38:
         97:6c:50:9e:e5:29:a6:cc:93:8d:f7:c5:f8:c0:9d:7a:97:01:
         3e:c4:87:ca:d3:06:5a:bc:e8:7a:8f:a2:8d:f8:5d:67:d6:a5:
         6e:4d:20:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUSY8TPOhlWGGpkRhdJl7WmRfN70YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjAwNDM0MDhaFw0yNjEwMTkwNDM5MDhaMDMxMTAvBgNV
BAMTKDMyMzIwQzc5N0U4QTIzMjQxQUI1Q0MyNDM2M0U4RkM2QjBDMjQyMjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL316S0ssxua72aqksmQZpVuT4
UaG2R5yK2INOQ/cQyVHw57oGdXl+ekIMHHlqfkuJHfeRzaJXsulkjv0RqVBKTkaZ
OjWdQwwTQ15bwEMkMMTh4iaG30I7u6vyvunf0IiWMAYm1G2T/GSY8GhlIENp9lrg
skW5gIav374Ss5+STY6n1ntUz816NJrfCoXGEmyWLMW/cI1ncwf6zp2aD2kKPavH
GVWlqqGcXZIVVWkxZG3J2vt99URuHQM9xj21iKByePpOn3AJJUOrdzSQ43ehxlCO
9j46NOjEsvWzkXZrHfGKhtE95h5f0ccUzyGIX7TBj4pTpPNY9NJ6XWCY5MedAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUMjIMeX6KIyQatcwkNj6PxrDCQikwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjkzNS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8OrTAN
BgkqhkiG9w0BAQsFAAOCAQEAoeGjgOf/PqPKnYiCx5mfY12eeLWY3yhc9CdNQ36p
y4VOF01BXhpAeiEjoOD4rphIY1zaWDztcL2g1v1ylenQjm19is6Xs9xcAh0oscXG
NUUO7c354PrwE1iOX5ofNo0S5XKGiIpaVsAGp4erMBPnKDtm0KKwA03xGkzyFc1E
YhykVfc/Zl0eET+Ufs5H7ZOSA3PSK3yPx/tq1RtBdGLjwFVHqMR8SeT5lDWVVLEc
liGbaybsqm5MfCJWfyEyVaGnXL0vuDTUm/n2KZleH3ttWa0EvZAab+I4l2xQnuUp
psyTjffF+MCdepcBPsSHytMGWrzoeo+ijfhdZ9albk0gkA==
-----END CERTIFICATE-----
Generated at Tue Oct 21 11:01:43 2025 by rpki-client