Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS55201.roa
File:                     AS55201.roa (raw, json)
Hash identifier:          hHr+QQMrwUqQRqvT6GASepW5HYeplmwByVzCIF+VicQ=
Subject key identifier:   51:04:DF:17:DC:B5:05:0E:57:0A:55:0B:F9:1D:97:2D:F6:64:3F:38
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       76F844914DD332502AC324DECC7ABF1D8A6DAD5C
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS55201.roa
Signing time:             Tue 19 May 2026 10:02:02 +0000
ROA not before:           Tue 19 May 2026 09:57:02 +0000
ROA not after:            Tue 18 May 2027 10:02:02 +0000
asID:                     55201
IP address blocks:        82.139.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 15:05:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:f8:44:91:4d:d3:32:50:2a:c3:24:de:cc:7a:bf:1d:8a:6d:ad:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May 19 09:57:02 2026 GMT
            Not After : May 18 10:02:02 2027 GMT
        Subject: CN=5104DF17DCB5050E570A550BF91D972DF6643F38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:8e:b7:7a:ad:07:41:4e:4c:40:3e:22:c8:d0:
                    7e:25:ee:fe:79:46:53:80:8a:f6:88:b4:9b:bf:8e:
                    66:55:74:c9:6d:5f:2a:de:fc:b1:8a:7e:02:66:59:
                    b5:ca:cb:cf:1d:64:38:80:6f:9c:85:9d:01:4a:41:
                    98:1f:6d:a0:0f:f7:ee:0e:14:ed:3b:6c:dc:e8:56:
                    af:7b:14:5c:be:ec:9b:6c:ed:91:31:23:05:8e:6a:
                    d0:5a:23:86:0d:81:39:ad:a3:66:0d:10:ea:13:b9:
                    01:56:c3:14:d7:1d:dc:40:91:6c:fa:ec:0f:78:52:
                    a4:dd:89:53:23:f7:2a:cc:ad:84:c7:71:0c:ce:39:
                    99:94:2a:70:d2:3b:24:39:80:84:17:7a:da:f0:eb:
                    51:ba:20:6f:66:f3:b9:bb:b3:e4:ec:fc:19:32:ca:
                    f6:6c:de:78:6d:07:15:2a:44:c3:c6:f3:d0:b7:7e:
                    03:fe:fc:3a:10:cc:51:35:b2:4e:fe:3b:9d:a9:06:
                    ac:89:70:85:b3:2b:62:6c:e4:6a:ab:eb:38:8e:5d:
                    a7:e4:e7:cb:01:9e:77:db:86:82:1e:6c:bb:81:de:
                    66:42:3c:ca:70:1e:86:1b:e2:40:05:f3:75:0a:4c:
                    0d:52:b1:bd:6f:e3:95:0e:85:86:17:da:46:11:cf:
                    30:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:04:DF:17:DC:B5:05:0E:57:0A:55:0B:F9:1D:97:2D:F6:64:3F:38
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS55201.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:4f:13:bc:a0:3e:2c:ae:ea:60:73:a1:97:d7:6c:58:48:a1:
         b9:1e:2d:70:5b:e3:3d:79:93:fa:ee:4f:37:9a:d0:05:bd:d7:
         9d:c6:85:26:57:d3:0d:87:0b:0f:3f:68:8c:dd:b4:46:b2:28:
         72:60:22:1b:a7:b2:ac:7a:18:8e:91:e9:3f:07:f0:80:6a:57:
         61:06:dc:ec:d1:16:48:03:df:f8:e0:0f:bb:59:dd:41:56:18:
         d3:22:c7:ca:fb:46:74:32:47:14:2b:02:9e:d7:e1:32:d2:4a:
         58:d5:62:65:2a:cc:a9:f7:94:7e:d3:ba:d8:5e:4d:96:b9:2c:
         ec:84:ff:91:0e:61:48:3d:b6:04:86:e5:5b:5c:81:70:be:f7:
         1b:aa:b0:0b:f9:18:74:7c:eb:97:b1:2e:0d:80:94:86:2f:39:
         4f:45:c0:2a:fc:40:6d:a3:e5:e8:a9:f6:24:12:4a:0c:fc:13:
         f0:db:62:7f:32:79:56:ae:28:38:84:91:dc:4d:5a:70:fe:18:
         dd:89:92:eb:65:85:27:a8:8f:64:8e:74:ed:d9:62:6f:f4:1d:
         fe:e6:c4:2c:df:a6:0c:60:f8:98:d7:37:d2:5f:bb:f4:a8:79:
         09:b5:ee:c0:67:b7:02:27:53:af:13:2a:46:1c:da:b4:93:dd:
         4a:f9:28:ad
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdvhEkU3TMlAqwyTezHq/HYptrVwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MTkwOTU3MDJaFw0yNzA1MTgxMDAyMDJaMDMxMTAvBgNV
BAMTKDUxMDRERjE3RENCNTA1MEU1NzBBNTUwQkY5MUQ5NzJERjY2NDNGMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIjrd6rQdBTkxAPiLI0H4l7v55
RlOAivaItJu/jmZVdMltXyre/LGKfgJmWbXKy88dZDiAb5yFnQFKQZgfbaAP9+4O
FO07bNzoVq97FFy+7Jts7ZExIwWOatBaI4YNgTmto2YNEOoTuQFWwxTXHdxAkWz6
7A94UqTdiVMj9yrMrYTHcQzOOZmUKnDSOyQ5gIQXetrw61G6IG9m87m7s+Ts/Bky
yvZs3nhtBxUqRMPG89C3fgP+/DoQzFE1sk7+O52pBqyJcIWzK2Js5Gqr6ziOXafk
58sBnnfbhoIebLuB3mZCPMpwHoYb4kAF83UKTA1Ssb1v45UOhYYX2kYRzzCTAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUUQTfF9y1BQ5XClUL+R2XLfZkPzgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNTUyMDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSi80w
DQYJKoZIhvcNAQELBQADggEBACJPE7ygPiyu6mBzoZfXbFhIobkeLXBb4z15k/ru
Tzea0AW9153GhSZX0w2HCw8/aIzdtEayKHJgIhunsqx6GI6R6T8H8IBqV2EG3OzR
FkgD3/jgD7tZ3UFWGNMix8r7RnQyRxQrAp7X4TLSSljVYmUqzKn3lH7TutheTZa5
LOyE/5EOYUg9tgSG5VtcgXC+9xuqsAv5GHR865exLg2AlIYvOU9FwCr8QG2j5eip
9iQSSgz8E/DbYn8yeVauKDiEkdxNWnD+GN2JkutlhSeoj2SOdO3ZYm/0Hf7mxCzf
pgxg+JjXN9Jfu/SoeQm17sBntwInU68TKkYc2rST3Ur5KK0=
-----END CERTIFICATE-----