Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
File:                     AS0.roa (raw, json)
Hash identifier:          zwt2nSh3aAvT7D1+GvjJEgQvjOFtV+0o/7FmX9kE3e4=
Subject key identifier:   4A:B2:58:B8:C6:BE:D9:5F:27:30:10:DA:CF:75:0D:44:C6:AB:D7:D0
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       71B88E7909529767D87355A391FE22020A90832E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa
Signing time:             Sun 05 Jul 2026 07:00:12 +0000
ROA not before:           Sun 05 Jul 2026 06:55:12 +0000
ROA not after:            Sun 04 Jul 2027 07:00:12 +0000
asID:                     0
IP address blocks:        193.150.40.0/24 maxlen: 24
                          2a14:7580:50::/44 maxlen: 44
                          2a14:7580:600::/40 maxlen: 48
                          2a14:7580:ff60::/44 maxlen: 48
                          2a14:7580:ffef::/48 maxlen: 48
                          2a14:7580:fff3::/48 maxlen: 48
                          2a14:7580:fff4::/48 maxlen: 48
                          2a14:7580:fff5::/48 maxlen: 48
                          2a14:7581:f00::/44 maxlen: 48
                          2a14:7581:fe6::/48 maxlen: 48
                          2a14:7581:fea::/48 maxlen: 48
                          2a14:7581:fec::/48 maxlen: 48
                          2a14:7581:fed::/48 maxlen: 48
                          2a14:7581:fef::/48 maxlen: 48
                          2a14:7581:ff2::/48 maxlen: 48
                          2a14:7581:ff6::/48 maxlen: 48
                          2a14:7581:ff7::/48 maxlen: 48
                          2a14:7581:ffa::/48 maxlen: 48
                          2a14:7581:ffc::/48 maxlen: 48
                          2a14:7581:ffe::/48 maxlen: 48
                          2a14:7581:3700::/40 maxlen: 48
                          2a14:7581:5000::/36 maxlen: 48
                          2a14:7581:9000::/40 maxlen: 48
                          2a14:7581:9100::/40 maxlen: 48
                          2a14:7581:9200::/40 maxlen: 48
                          2a14:7581:9300::/40 maxlen: 48
                          2a14:7581:9ff0::/44 maxlen: 48
                          2a14:7582::/32 maxlen: 48
                          2a14:7583:4000::/36 maxlen: 48
                          2a14:7584:1000::/36 maxlen: 48
                          2a14:7585::/32 maxlen: 48
                          2a14:7586:a000::/36 maxlen: 48
                          2a14:7587::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Jul 2026 07:31:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:b8:8e:79:09:52:97:67:d8:73:55:a3:91:fe:22:02:0a:90:83:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jul  5 06:55:12 2026 GMT
            Not After : Jul  4 07:00:12 2027 GMT
        Subject: CN=4AB258B8C6BED95F273010DACF750D44C6ABD7D0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2d:e2:1f:2c:9e:94:75:20:22:40:44:59:be:
                    7d:c8:44:79:43:f5:5d:99:2e:41:04:53:a7:16:46:
                    da:d9:0a:9f:a8:e5:99:d0:98:50:6a:7c:76:11:6a:
                    87:c7:40:81:5e:f2:0f:74:db:87:06:07:05:43:a9:
                    aa:53:bd:47:6e:56:14:b1:31:be:ff:40:b4:de:a0:
                    46:bc:55:cf:d5:a4:ad:71:ba:69:e3:5b:9c:eb:4f:
                    4a:26:b6:8a:c2:51:5f:c0:40:43:90:f8:22:28:44:
                    98:14:a0:12:eb:c2:22:bb:b6:a8:3b:d3:1a:d6:39:
                    0c:5e:d7:25:52:b8:c3:cb:5f:8a:39:8e:9c:e1:f6:
                    b3:6b:f5:32:96:a7:42:ca:e7:f7:84:58:fd:4a:bd:
                    f3:2c:da:64:87:38:88:bd:e9:36:81:dd:6f:4e:4d:
                    0d:74:e4:78:5b:fb:5a:ac:24:e3:c9:a0:4e:76:d4:
                    ec:b8:33:9d:18:46:d3:3c:69:a6:86:c8:db:21:b3:
                    e3:7e:dd:f7:cc:05:91:d5:65:04:39:c6:1b:17:99:
                    3e:d6:8c:f8:c9:cf:85:f3:b8:82:bc:cd:0c:2e:fa:
                    ec:e3:4b:bd:7e:61:84:87:7e:d2:32:c7:dc:f0:fb:
                    48:9c:fc:4e:0d:60:10:fd:b0:a3:28:1f:af:d0:32:
                    04:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B2:58:B8:C6:BE:D9:5F:27:30:10:DA:CF:75:0D:44:C6:AB:D7:D0
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS0.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.150.40.0/24
                IPv6:
                  2a14:7580:50::/44
                  2a14:7580:600::/40
                  2a14:7580:ff60::/44
                  2a14:7580:ffef::/48
                  2a14:7580:fff3::-2a14:7580:fff5:ffff:ffff:ffff:ffff:ffff
                  2a14:7581:f00::/44
                  2a14:7581:fe6::/48
                  2a14:7581:fea::/48
                  2a14:7581:fec::/47
                  2a14:7581:fef::/48
                  2a14:7581:ff2::/48
                  2a14:7581:ff6::/47
                  2a14:7581:ffa::/48
                  2a14:7581:ffc::/48
                  2a14:7581:ffe::/48
                  2a14:7581:3700::/40
                  2a14:7581:5000::/36
                  2a14:7581:9000::/38
                  2a14:7581:9ff0::/44
                  2a14:7582::/32
                  2a14:7583:4000::/36
                  2a14:7584:1000::/36
                  2a14:7585::/32
                  2a14:7586:a000::/36
                  2a14:7587::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:bd:21:75:9f:f2:37:7e:37:b3:1a:87:79:16:34:73:8f:21:
         26:f6:86:72:46:1b:28:36:69:39:fe:29:da:d7:93:75:bc:1c:
         c2:90:b2:9f:62:46:b7:06:9e:b8:02:70:7c:51:2d:86:17:0c:
         c0:b0:c8:c2:77:3b:fd:ac:fe:89:4a:aa:8a:5f:81:49:5c:40:
         6d:19:6f:79:a6:19:99:a3:02:fe:b3:6c:00:c8:75:11:37:c5:
         d0:1d:0d:92:cb:f2:c5:4e:d8:b7:d1:cf:4d:27:4e:d5:e6:9a:
         3a:99:0f:0b:88:13:f3:ad:00:79:67:7e:59:22:6d:25:51:1e:
         63:06:ca:5a:8a:27:24:16:80:86:57:33:0b:d8:2f:f3:f7:cd:
         c2:37:0c:61:b3:ac:8d:90:21:50:0d:4d:a2:89:48:a2:8e:b4:
         ff:98:f5:5f:35:29:49:d0:10:85:43:36:b7:dd:62:e8:01:d2:
         dd:0b:74:fc:ba:fb:12:2c:ae:f3:a8:77:85:1d:73:73:77:07:
         19:7d:2d:9a:42:be:9a:e8:76:a0:1a:ba:f6:0e:3d:b8:55:00:
         32:ec:67:06:26:ea:37:db:c7:0e:f4:42:65:b0:db:70:63:8b:
         06:23:ca:4e:81:97:c1:3a:45:9f:6b:b2:3f:5d:c7:c2:73:9a:
         06:d4:f0:6d
-----BEGIN CERTIFICATE-----
MIIF6DCCBNCgAwIBAgIUcbiOeQlSl2fYc1Wjkf4iAgqQgy4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA3MDUwNjU1MTJaFw0yNzA3MDQwNzAwMTJaMDMxMTAvBgNV
BAMTKDRBQjI1OEI4QzZCRUQ5NUYyNzMwMTBEQUNGNzUwRDQ0QzZBQkQ3RDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6LeIfLJ6UdSAiQERZvn3IRHlD
9V2ZLkEEU6cWRtrZCp+o5ZnQmFBqfHYRaofHQIFe8g9024cGBwVDqapTvUduVhSx
Mb7/QLTeoEa8Vc/VpK1xumnjW5zrT0omtorCUV/AQEOQ+CIoRJgUoBLrwiK7tqg7
0xrWOQxe1yVSuMPLX4o5jpzh9rNr9TKWp0LK5/eEWP1KvfMs2mSHOIi96TaB3W9O
TQ105Hhb+1qsJOPJoE521Oy4M50YRtM8aaaGyNshs+N+3ffMBZHVZQQ5xhsXmT7W
jPjJz4XzuIK8zQwu+uzjS71+YYSHftIyx9zw+0ic/E4NYBD9sKMoH6/QMgQ/AgMB
AAGjggLyMIIC7jAdBgNVHQ4EFgQUSrJYuMa+2V8nMBDaz3UNRMar19AwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwdgYIKwYBBQUHAQsEajBoMGYGCCsGAQUFBzALhlpyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMC5yb2EwGAYDVR0gAQH/BA4wDDAK
BggrBgEFBQcOAjCCAQoGCCsGAQUFBwEHAQH/BIH6MIH3MAwEAgABMAYDBADBligw
geYEAgACMIHfAwcEKhR1gABQAwYAKhR1gAYDBwQqFHWA/2ADBwAqFHWA/+8wEgMH
ACoUdYD/8wMHASoUdYD/9AMHBCoUdYEPAAMHACoUdYEP5gMHACoUdYEP6gMHASoU
dYEP7AMHACoUdYEP7wMHACoUdYEP8gMHASoUdYEP9gMHACoUdYEP+gMHACoUdYEP
/AMHACoUdYEP/gMGACoUdYE3AwYEKhR1gVADBgIqFHWBkAMHBCoUdYGf8AMFACoU
dYIDBgQqFHWDQAMGBCoUdYQQAwUAKhR1hQMGBCoUdYagAwUAKhR1hzANBgkqhkiG
9w0BAQsFAAOCAQEAZr0hdZ/yN343sxqHeRY0c48hJvaGckYbKDZpOf4p2teTdbwc
wpCyn2JGtwaeuAJwfFEthhcMwLDIwnc7/az+iUqqil+BSVxAbRlveaYZmaMC/rNs
AMh1ETfF0B0NksvyxU7Yt9HPTSdO1eaaOpkPC4gT860AeWd+WSJtJVEeYwbKWoon
JBaAhlczC9gv8/fNwjcMYbOsjZAhUA1NoolIoo60/5j1XzUpSdAQhUM2t91i6AHS
3Qt0/Lr7Eiyu86h3hR1zc3cHGX0tmkK+muh2oBq69g49uFUAMuxnBibqN9vHDvRC
ZbDbcGOLBiPKToGXwTpFn2uyP13HwnOaBtTwbQ==
-----END CERTIFICATE-----
Generated at Tue Jul 7 09:44:16 2026 by rpki-client