Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS59796.roa
File:                     AS59796.roa (raw, json)
Hash identifier:          XUP1CZvq3bVsf8uXAFnKAVLAopPyZyzMr+zdcFP1jjU=
Subject key identifier:   79:1A:63:1D:63:DE:B3:D0:80:FB:08:58:46:B6:2B:90:EA:99:14:3D
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       791EB92C94642DB48B9C7B89CE60011E2B638F53
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS59796.roa
Signing time:             Tue 21 Apr 2026 09:48:57 +0000
ROA not before:           Tue 21 Apr 2026 09:43:57 +0000
ROA not after:            Tue 20 Apr 2027 09:48:57 +0000
asID:                     59796
IP address blocks:        212.87.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 11:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:1e:b9:2c:94:64:2d:b4:8b:9c:7b:89:ce:60:01:1e:2b:63:8f:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr 21 09:43:57 2026 GMT
            Not After : Apr 20 09:48:57 2027 GMT
        Subject: CN=791A631D63DEB3D080FB085846B62B90EA99143D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:73:f1:db:b5:23:48:3f:3c:0a:27:98:ff:6d:
                    b6:36:fa:68:dd:1e:7f:40:44:00:ac:27:0a:6d:69:
                    1f:ee:6a:c1:ba:75:e2:b6:89:fe:f9:50:e5:6b:df:
                    8b:ab:f2:bd:60:c8:5d:48:7e:8c:7c:19:8a:23:8a:
                    44:02:be:7f:16:16:b6:c5:03:cf:81:7b:19:47:75:
                    d9:c9:70:63:d2:1d:6c:bb:06:73:f0:e3:7c:92:68:
                    6e:90:3d:58:f8:53:ab:1b:6b:79:52:50:3b:2a:a4:
                    84:19:cd:f3:09:2b:8f:bf:c9:53:53:12:26:9f:0b:
                    98:06:ca:11:b8:db:84:ae:39:29:ee:2d:af:db:35:
                    ed:98:64:a7:2b:2e:44:1b:0c:6c:84:3b:80:28:c7:
                    5c:09:8a:92:88:b3:be:da:b6:d3:48:bc:c1:9f:50:
                    de:b3:1b:9d:56:77:00:03:b5:97:56:81:84:4f:99:
                    a8:9b:41:be:79:4b:3e:ca:ac:d3:d3:7d:f6:07:70:
                    13:bb:a3:f4:86:c2:00:ab:24:f6:63:0f:bf:2d:19:
                    bb:aa:c2:f0:e4:44:e1:a7:92:fa:c3:bf:fb:47:8b:
                    cf:08:e0:6b:0f:9d:ec:55:3d:31:d9:cf:38:91:8a:
                    8f:ff:b7:f0:b2:e8:71:d0:02:6d:ae:9c:d6:54:77:
                    ec:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:1A:63:1D:63:DE:B3:D0:80:FB:08:58:46:B6:2B:90:EA:99:14:3D
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS59796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.87.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:29:ad:0f:9b:2e:98:19:09:29:67:55:ac:ad:c5:63:18:d4:
         ce:f1:05:59:87:de:35:a9:e1:56:3e:99:e0:d7:d5:17:93:4f:
         7a:c0:e9:79:b4:ed:2d:c5:c8:2a:dd:4c:ae:5e:58:ce:18:32:
         1e:1d:18:1d:a9:07:a2:e5:5e:1b:82:32:f6:75:e8:d3:a1:2a:
         96:d0:36:98:1e:b3:e9:c5:3e:1c:3c:11:96:76:a9:98:6f:00:
         8f:90:78:ec:62:eb:4c:d5:51:13:8d:b7:fa:89:96:46:f7:8d:
         4f:76:52:d4:c2:54:80:58:30:e0:97:65:25:ab:ca:39:b7:9e:
         ed:71:93:6b:cc:23:86:81:ef:be:d5:77:6e:5f:16:28:6e:d3:
         73:2a:95:47:b8:f7:b1:30:4a:cb:59:d1:f3:c1:c5:62:9e:07:
         96:02:12:79:13:d3:bc:13:9e:84:d6:fb:64:2f:ab:ad:f5:48:
         19:2e:55:de:60:15:2d:02:70:20:e3:39:4e:da:1e:2e:2a:14:
         87:1f:42:b6:1f:dc:64:04:24:1c:6a:85:76:3f:be:74:8e:59:
         2e:91:a4:f1:21:9d:9b:f1:cd:d5:35:3e:e4:6c:ab:55:23:2a:
         85:5d:d0:f8:09:1c:fe:20:f7:12:f3:70:ea:50:5b:16:a0:9b:
         89:04:82:63
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeR65LJRkLbSLnHuJzmABHitjj1MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MjEwOTQzNTdaFw0yNzA0MjAwOTQ4NTdaMDMxMTAvBgNV
BAMTKDc5MUE2MzFENjNERUIzRDA4MEZCMDg1ODQ2QjYyQjkwRUE5OTE0M0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZc/HbtSNIPzwKJ5j/bbY2+mjd
Hn9ARACsJwptaR/uasG6deK2if75UOVr34ur8r1gyF1Ifox8GYojikQCvn8WFrbF
A8+BexlHddnJcGPSHWy7BnPw43ySaG6QPVj4U6sba3lSUDsqpIQZzfMJK4+/yVNT
EiafC5gGyhG424SuOSnuLa/bNe2YZKcrLkQbDGyEO4Aox1wJipKIs77attNIvMGf
UN6zG51WdwADtZdWgYRPmaibQb55Sz7KrNPTffYHcBO7o/SGwgCrJPZjD78tGbuq
wvDkROGnkvrDv/tHi88I4GsPnexVPTHZzziRio//t/Cy6HHQAm2unNZUd+yfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeRpjHWPes9CA+whYRrYrkOqZFD0wHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTNTk3OTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUV8Qw
DQYJKoZIhvcNAQELBQADggEBAEgprQ+bLpgZCSlnVaytxWMY1M7xBVmH3jWp4VY+
meDX1ReTT3rA6Xm07S3FyCrdTK5eWM4YMh4dGB2pB6LlXhuCMvZ16NOhKpbQNpge
s+nFPhw8EZZ2qZhvAI+QeOxi60zVURONt/qJlkb3jU92UtTCVIBYMOCXZSWryjm3
nu1xk2vMI4aB777Vd25fFihu03MqlUe497EwSstZ0fPBxWKeB5YCEnkT07wTnoTW
+2Qvq631SBkuVd5gFS0CcCDjOU7aHi4qFIcfQrYf3GQEJBxqhXY/vnSOWS6RpPEh
nZvxzdU1PuRsq1UjKoVd0PgJHP4g9xLzcOpQWxagm4kEgmM=
-----END CERTIFICATE-----