Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          Q0cIAC7GBIpHhgQdpotpE5DzI4qiSab4L+vLRRwLBGQ=
Subject key identifier:   CF:4E:7C:95:31:F1:5D:A4:20:16:3D:54:BA:F1:7A:DF:10:DD:1A:9B
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4134DE57D74738057331BE86A25CA15BFECB7EBF
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa
Signing time:             Thu 25 Jun 2026 06:27:42 +0000
ROA not before:           Thu 25 Jun 2026 06:22:42 +0000
ROA not after:            Thu 24 Jun 2027 06:27:42 +0000
asID:                     17497
IP address blocks:        2a13:9500:196::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Jul 2026 16:14:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:34:de:57:d7:47:38:05:73:31:be:86:a2:5c:a1:5b:fe:cb:7e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun 25 06:22:42 2026 GMT
            Not After : Jun 24 06:27:42 2027 GMT
        Subject: CN=CF4E7C9531F15DA420163D54BAF17ADF10DD1A9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:14:d1:17:7c:3c:45:3f:bb:97:cf:df:9d:83:
                    1d:09:1f:56:f1:51:f8:82:d8:fb:22:11:fa:5b:0d:
                    32:a9:67:5c:55:ae:22:12:34:50:64:78:d1:ad:d0:
                    12:6f:fb:5e:58:29:55:04:e8:a5:32:4d:cb:9d:f6:
                    16:a6:87:e8:0a:b3:d1:ea:b9:ab:65:44:8f:d2:ed:
                    76:9d:54:40:ad:ce:43:fe:a4:7e:af:5e:1e:a9:fd:
                    62:75:94:bf:75:29:f7:bb:d5:de:26:2c:30:0b:29:
                    c4:1a:16:c6:4d:61:51:bc:45:88:d8:42:fc:69:f4:
                    c8:55:0f:2f:8a:47:de:38:51:42:a0:bd:15:ac:cf:
                    20:8f:84:24:2a:91:8c:54:0f:f4:19:57:69:ac:ac:
                    1f:d4:2b:a3:fe:27:bd:f1:5e:f1:d6:07:48:d6:05:
                    5f:f4:6d:87:5b:1d:be:81:de:af:50:9b:6e:61:bd:
                    84:90:9a:fe:ab:10:3a:40:6c:1b:2e:2a:aa:0f:90:
                    34:df:f3:76:98:02:02:62:d3:a6:c9:83:e7:dc:35:
                    68:6a:69:e4:46:ef:0d:52:ec:1f:06:90:a7:0c:45:
                    96:cd:f5:1a:c8:51:13:39:9e:65:9d:c3:1e:85:91:
                    3c:66:4f:00:03:11:40:bb:5e:4e:09:54:5b:1e:9a:
                    0d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:4E:7C:95:31:F1:5D:A4:20:16:3D:54:BA:F1:7A:DF:10:DD:1A:9B
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:9500:196::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:fb:5a:ae:1d:b8:11:bd:4d:a4:cc:bc:b3:46:8c:7c:9e:c1:
         b1:04:f2:2f:d2:9d:b8:17:4c:fd:41:9d:78:d5:ba:44:1f:0a:
         41:f0:4f:0a:4c:89:a8:68:aa:ae:2b:6c:ed:9c:2a:d8:34:21:
         67:bc:52:01:8c:26:c8:4c:d7:b3:7f:7a:db:9c:0e:56:39:cd:
         a5:f4:7f:06:00:27:1b:78:d8:ce:b9:89:e4:69:57:4f:f1:28:
         59:8a:ea:1d:ce:3f:79:72:cd:60:d4:53:01:94:a7:2f:6c:eb:
         22:f7:db:b8:3e:2f:f6:bb:6f:64:5c:0f:09:63:db:2c:b4:df:
         a0:4c:9e:b7:b4:0e:10:e1:e5:02:9c:8a:ee:0d:f2:8d:68:d5:
         54:04:90:d2:57:a7:2d:4f:fd:9d:54:7a:e6:25:6f:b6:11:0b:
         63:31:1f:4f:f3:51:aa:59:7a:cd:22:03:15:ce:fd:60:bd:84:
         9e:ad:c9:a2:6d:5c:26:b5:78:44:0b:65:42:54:9c:52:92:85:
         88:5a:d3:1a:74:7e:4a:b1:25:b4:29:b7:05:86:d8:b5:b1:ef:
         74:3f:b7:33:ce:73:de:9a:41:8d:40:d5:a9:e8:60:af:bb:eb:
         b2:33:85:b5:fb:d2:0a:38:db:00:f8:07:26:48:c9:89:e6:b6:
         36:c6:03:f1
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUQTTeV9dHOAVzMb6GolyhW/7Lfr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MjUwNjIyNDJaFw0yNzA2MjQwNjI3NDJaMDMxMTAvBgNV
BAMTKENGNEU3Qzk1MzFGMTVEQTQyMDE2M0Q1NEJBRjE3QURGMTBERDFBOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDFNEXfDxFP7uXz9+dgx0JH1bx
UfiC2PsiEfpbDTKpZ1xVriISNFBkeNGt0BJv+15YKVUE6KUyTcud9hamh+gKs9Hq
uatlRI/S7XadVECtzkP+pH6vXh6p/WJ1lL91Kfe71d4mLDALKcQaFsZNYVG8RYjY
Qvxp9MhVDy+KR944UUKgvRWszyCPhCQqkYxUD/QZV2msrB/UK6P+J73xXvHWB0jW
BV/0bYdbHb6B3q9Qm25hvYSQmv6rEDpAbBsuKqoPkDTf83aYAgJi06bJg+fcNWhq
aeRG7w1S7B8GkKcMRZbN9RrIURM5nmWdwx6FkTxmTwADEUC7Xk4JVFsemg25AgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUz058lTHxXaQgFj1UuvF63xDdGpswHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqE5UA
AZYwDQYJKoZIhvcNAQELBQADggEBAEv7Wq4duBG9TaTMvLNGjHyewbEE8i/SnbgX
TP1BnXjVukQfCkHwTwpMiahoqq4rbO2cKtg0IWe8UgGMJshM17N/etucDlY5zaX0
fwYAJxt42M65ieRpV0/xKFmK6h3OP3lyzWDUUwGUpy9s6yL327g+L/a7b2RcDwlj
2yy036BMnre0DhDh5QKciu4N8o1o1VQEkNJXpy1P/Z1UeuYlb7YRC2MxH0/zUapZ
es0iAxXO/WC9hJ6tyaJtXCa1eEQLZUJUnFKShYha0xp0fkqxJbQptwWG2LWx73Q/
tzPOc96aQY1A1anoYK+767IzhbX70go42wD4ByZIyYnmtjbGA/E=
-----END CERTIFICATE-----
Generated at Fri Jul 17 23:06:31 2026 by rpki-client