Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS56582.roa
File:                     AS56582.roa (raw, json)
Hash identifier:          SSqDGj+/CCueUEMuj8zZBfOE8WMSOTrrlUTr5824SCM=
Subject key identifier:   E2:B2:A8:1F:0F:34:86:47:A3:CD:70:F8:15:0D:A8:18:5C:2D:35:BD
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       7862B8E24FF0B636A0359423E1182C610E560A7F
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS56582.roa
Signing time:             Thu 04 Jun 2026 09:07:56 +0000
ROA not before:           Thu 04 Jun 2026 09:02:56 +0000
ROA not after:            Thu 03 Jun 2027 09:07:56 +0000
asID:                     56582
IP address blocks:        5.133.101.0/24 maxlen: 24
                          212.87.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:62:b8:e2:4f:f0:b6:36:a0:35:94:23:e1:18:2c:61:0e:56:0a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Jun  4 09:02:56 2026 GMT
            Not After : Jun  3 09:07:56 2027 GMT
        Subject: CN=E2B2A81F0F348647A3CD70F8150DA8185C2D35BD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:2e:cc:a3:68:64:70:cd:18:f4:69:64:a3:
                    f5:b3:70:84:03:4b:b9:22:59:1c:e4:9f:d3:71:ca:
                    f5:4f:12:6e:64:ba:77:20:83:b3:b3:ad:07:bc:98:
                    50:11:90:7d:28:98:e7:9c:f4:98:36:7a:c2:c1:c1:
                    3e:df:1c:2d:aa:02:b0:8f:ee:5b:61:e5:bc:b7:cb:
                    06:64:0b:fd:64:94:6b:1a:84:83:e9:6e:b0:c0:90:
                    70:ff:84:f9:f7:cf:e0:53:a1:e8:0d:0a:12:9d:9e:
                    d8:12:a5:a4:4d:77:26:1b:cc:45:b4:5b:c4:99:91:
                    ae:50:2f:47:b6:6d:2a:9b:92:a5:93:44:5b:32:69:
                    a6:b0:38:2e:a9:76:ea:ef:11:32:15:1a:ec:60:4f:
                    24:b1:8f:6c:91:05:f2:aa:d7:d1:0f:e1:cb:27:1e:
                    05:c7:42:f5:7e:8e:72:84:9e:b2:b5:b1:17:4c:40:
                    88:26:16:e3:4b:e1:61:e8:c9:db:fc:f1:a7:be:7e:
                    3a:80:30:8b:10:2c:53:ca:e1:96:4f:4f:ab:10:80:
                    38:19:71:ea:34:64:43:f8:c6:bf:c8:20:8a:e3:3d:
                    e9:d6:02:0f:4a:ae:50:cd:1e:ce:f3:a3:ab:89:14:
                    2e:9e:52:71:af:05:3d:4e:f8:31:7f:c9:01:4c:54:
                    0a:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B2:A8:1F:0F:34:86:47:A3:CD:70:F8:15:0D:A8:18:5C:2D:35:BD
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS56582.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.133.101.0/24
                  212.87.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:fc:4b:4a:4c:9e:90:d0:1e:70:8b:e3:f2:d1:0b:e2:f7:54:
         93:7d:08:9e:e0:da:ca:d1:73:25:82:cc:1b:be:f2:4d:f0:74:
         a4:b4:97:1d:5e:ca:c7:93:d4:1f:77:30:15:0b:ac:e7:e0:6e:
         f3:00:07:10:4e:72:9f:df:d9:fa:f6:f7:80:a3:2b:12:ff:c5:
         d4:8a:10:ee:5b:a2:47:f7:0a:c1:ae:25:42:ee:62:74:83:14:
         f4:0e:7f:8c:c1:cd:3b:8a:81:26:10:80:38:2a:31:c8:7f:a2:
         8f:d2:05:7a:ca:7e:54:ac:07:3c:a9:d4:04:99:f3:7f:b4:49:
         a2:b7:c3:24:5e:4f:2f:a8:c9:f4:a7:e4:37:72:e7:45:3f:4b:
         2a:77:5f:4d:b7:43:c5:3d:ae:50:9c:b8:f2:05:49:b7:c2:9c:
         84:e7:3b:f3:9e:b4:55:aa:08:7a:99:57:3a:39:00:bd:74:9f:
         b2:d8:b0:35:e0:ea:a9:09:44:fb:f9:a6:11:aa:80:53:ea:f7:
         8f:ec:18:ed:b6:47:6e:e5:b0:a8:db:c4:ed:f1:fe:5d:35:de:
         16:06:4e:f1:1c:da:50:40:47:a5:97:90:e3:72:a8:c0:d1:86:
         04:f1:fe:cf:bc:4b:da:4a:d2:13:3b:8d:d2:1a:87:29:bb:fd:
         0f:36:2f:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUeGK44k/wtjagNZQj4RgsYQ5WCn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA2MDQwOTAyNTZaFw0yNzA2MDMwOTA3NTZaMDMxMTAvBgNV
BAMTKEUyQjJBODFGMEYzNDg2NDdBM0NENzBGODE1MERBODE4NUMyRDM1QkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBDC7Mo2hkcM0Y9Glko/WzcIQD
S7kiWRzkn9NxyvVPEm5kuncgg7OzrQe8mFARkH0omOec9Jg2esLBwT7fHC2qArCP
7lth5by3ywZkC/1klGsahIPpbrDAkHD/hPn3z+BToegNChKdntgSpaRNdyYbzEW0
W8SZka5QL0e2bSqbkqWTRFsyaaawOC6pdurvETIVGuxgTySxj2yRBfKq19EP4csn
HgXHQvV+jnKEnrK1sRdMQIgmFuNL4WHoydv88ae+fjqAMIsQLFPK4ZZPT6sQgDgZ
ceo0ZEP4xr/IIIrjPenWAg9KrlDNHs7zo6uJFC6eUnGvBT1O+DF/yQFMVAodAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU4rKoHw80hkejzXD4FQ2oGFwtNb0wHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTNTY1ODIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAFhWUD
BADUV8QwDQYJKoZIhvcNAQELBQADggEBAFH8S0pMnpDQHnCL4/LRC+L3VJN9CJ7g
2srRcyWCzBu+8k3wdKS0lx1eyseT1B93MBULrOfgbvMABxBOcp/f2fr294CjKxL/
xdSKEO5bokf3CsGuJULuYnSDFPQOf4zBzTuKgSYQgDgqMch/oo/SBXrKflSsBzyp
1ASZ83+0SaK3wyReTy+oyfSn5Ddy50U/Syp3X023Q8U9rlCcuPIFSbfCnITnO/Oe
tFWqCHqZVzo5AL10n7LYsDXg6qkJRPv5phGqgFPq94/sGO22R27lsKjbxO3x/l01
3hYGTvEc2lBAR6WXkONyqMDRhgTx/s+8S9pK0hM7jdIahym7/Q82L+g=
-----END CERTIFICATE-----