Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          aAn6W1nHAFh7NVqf0hfGrkzonEVGDCr4wgZgQ4dxQnY=
Subject key identifier:   92:66:01:A9:35:57:2E:73:B0:C1:71:01:9A:3B:EF:26:D0:5A:B6:CA
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       750445A00FD5630FA1BA752F4FA0848FB17E8FAB
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS23532.roa
Signing time:             Tue 19 May 2026 10:02:02 +0000
ROA not before:           Tue 19 May 2026 09:57:02 +0000
ROA not after:            Tue 18 May 2027 10:02:02 +0000
asID:                     23532
IP address blocks:        82.139.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 04:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:04:45:a0:0f:d5:63:0f:a1:ba:75:2f:4f:a0:84:8f:b1:7e:8f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 19 09:57:02 2026 GMT
            Not After : May 18 10:02:02 2027 GMT
        Subject: CN=926601A935572E73B0C171019A3BEF26D05AB6CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:51:77:13:0e:18:27:62:2a:06:00:2c:c1:8f:
                    be:65:6d:1f:b8:95:19:3f:1a:12:32:97:6a:55:04:
                    3e:6c:9d:1e:c3:6c:62:ee:7f:00:2b:16:8d:69:39:
                    50:04:7c:3e:a6:a0:46:40:02:46:e3:cf:3f:cd:2d:
                    27:63:55:e2:52:a4:16:e2:f9:d5:22:97:0d:07:1e:
                    f6:10:7f:1a:6a:4b:db:12:da:22:90:67:88:ed:24:
                    d4:51:2b:f0:c4:97:78:d2:ae:9c:63:b1:68:0c:45:
                    e9:b5:12:54:11:01:2a:16:82:f0:e6:59:ea:8c:56:
                    0a:ec:62:2a:90:8e:7e:d6:1e:4b:e0:64:7c:c7:ed:
                    9d:40:d9:c9:65:42:da:cc:6e:6b:f7:34:73:7a:5a:
                    04:22:ea:24:2b:8a:14:f9:d8:dc:6f:d6:52:2b:0f:
                    fa:49:f5:e9:c4:af:ef:ce:0e:87:df:8f:60:3d:7e:
                    2c:38:33:79:42:6c:08:95:f8:f5:3e:0c:ab:93:28:
                    90:d9:07:e6:e2:08:a7:62:5a:1e:a4:7f:ba:40:ae:
                    f7:90:f0:99:9e:54:56:b4:4e:75:91:dc:2d:65:3e:
                    d3:69:a6:fb:bd:eb:35:3b:6a:b9:84:91:fc:82:6a:
                    2d:be:10:7a:90:92:b9:4e:c4:77:88:21:3a:fa:19:
                    54:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:66:01:A9:35:57:2E:73:B0:C1:71:01:9A:3B:EF:26:D0:5A:B6:CA
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:73:4c:82:8f:08:64:52:06:34:04:a5:83:4d:b8:c3:7c:2e:
         f9:54:37:4b:4e:a2:05:60:d8:d7:9c:c7:d7:4e:a5:fa:0b:01:
         a0:ef:cb:1c:6e:aa:15:ce:3f:e4:c5:37:36:77:b0:af:45:7a:
         27:36:23:70:b5:a9:28:a1:c3:7c:a0:85:57:ad:15:bd:26:59:
         fe:c5:7b:ab:79:b2:3a:3e:70:af:a9:dc:6b:5b:38:23:7e:83:
         0b:d5:bf:0f:8e:9c:0f:18:1c:45:2f:56:b4:76:97:2f:fb:ac:
         8e:84:71:c8:5a:6f:0e:d8:c3:ef:01:7f:41:fa:d0:67:fe:cc:
         c6:c6:c6:6c:b9:02:c1:a5:86:0c:35:17:9e:4c:c2:2a:d9:11:
         a0:19:73:bf:e6:ee:71:2c:b7:4c:44:8d:31:a8:3d:8f:b0:1b:
         84:07:bf:9c:9f:60:27:fb:dd:e1:23:ac:62:74:e3:3f:18:90:
         29:06:74:07:92:fd:7b:f1:6f:0d:e3:13:7b:a6:f1:1d:e8:d9:
         71:f6:66:5f:ab:3a:d8:1f:68:20:5e:fe:46:ee:66:84:09:1a:
         39:3f:fc:fd:c9:f7:99:3c:8c:27:b6:cb:d5:d3:9d:4f:05:fb:
         74:3e:f5:84:3b:52:70:a3:d4:84:a1:d0:dc:96:8d:77:3a:f9:
         a6:fd:44:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdQRFoA/VYw+hunUvT6CEj7F+j6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTkwOTU3MDJaFw0yNzA1MTgxMDAyMDJaMDMxMTAvBgNV
BAMTKDkyNjYwMUE5MzU1NzJFNzNCMEMxNzEwMTlBM0JFRjI2RDA1QUI2Q0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwUXcTDhgnYioGACzBj75lbR+4
lRk/GhIyl2pVBD5snR7DbGLufwArFo1pOVAEfD6moEZAAkbjzz/NLSdjVeJSpBbi
+dUilw0HHvYQfxpqS9sS2iKQZ4jtJNRRK/DEl3jSrpxjsWgMRem1ElQRASoWgvDm
WeqMVgrsYiqQjn7WHkvgZHzH7Z1A2cllQtrMbmv3NHN6WgQi6iQrihT52Nxv1lIr
D/pJ9enEr+/ODoffj2A9fiw4M3lCbAiV+PU+DKuTKJDZB+biCKdiWh6kf7pArveQ
8JmeVFa0TnWR3C1lPtNppvu96zU7armEkfyCai2+EHqQkrlOxHeIITr6GVRvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUkmYBqTVXLnOwwXEBmjvvJtBatsowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi80w
DQYJKoZIhvcNAQELBQADggEBACZzTIKPCGRSBjQEpYNNuMN8LvlUN0tOogVg2Nec
x9dOpfoLAaDvyxxuqhXOP+TFNzZ3sK9Feic2I3C1qSihw3yghVetFb0mWf7Fe6t5
sjo+cK+p3GtbOCN+gwvVvw+OnA8YHEUvVrR2ly/7rI6Ecchabw7Yw+8Bf0H60Gf+
zMbGxmy5AsGlhgw1F55MwirZEaAZc7/m7nEst0xEjTGoPY+wG4QHv5yfYCf73eEj
rGJ04z8YkCkGdAeS/Xvxbw3jE3um8R3o2XH2Zl+rOtgfaCBe/kbuZoQJGjk//P3J
95k8jCe2y9XTnU8F+3Q+9YQ7UnCj1ISh0NyWjXc6+ab9RAM=
-----END CERTIFICATE-----