Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS43641.roa
File:                     AS43641.roa (raw, json)
Hash identifier:          JUhkeDoyDkxyCfZL6F9MHbG+yAFHOxa2ve9dBISkzEw=
Subject key identifier:   42:8C:6A:91:B1:57:4D:DD:9E:A9:FB:12:DC:7A:34:68:6A:84:79:CE
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4F006F0C3915B89C7CA134A186431C3670E34FAB
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS43641.roa
Signing time:             Tue 02 Jun 2026 20:54:56 +0000
ROA not before:           Tue 02 Jun 2026 20:49:56 +0000
ROA not after:            Tue 01 Jun 2027 20:54:56 +0000
asID:                     43641
IP address blocks:        2a14:7586:7000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:00:6f:0c:39:15:b8:9c:7c:a1:34:a1:86:43:1c:36:70:e3:4f:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun  2 20:49:56 2026 GMT
            Not After : Jun  1 20:54:56 2027 GMT
        Subject: CN=428C6A91B1574DDD9EA9FB12DC7A34686A8479CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7d:e9:e1:ce:6b:f6:45:36:06:c2:6e:d0:81:
                    04:44:2d:c2:78:25:b4:8f:0d:2f:2e:8e:6c:4d:13:
                    15:df:39:63:a1:df:af:c0:93:45:20:e9:48:97:c2:
                    8c:30:74:17:9a:24:08:79:75:aa:d8:65:d7:0c:9f:
                    d4:9a:09:08:a4:04:ce:66:1c:79:cc:a8:f7:28:fe:
                    f3:2b:5f:dd:e7:63:20:2a:ce:25:eb:68:6c:d6:cc:
                    6b:c8:4a:0c:d4:8c:a6:40:f7:05:a3:15:98:54:65:
                    70:d5:0b:f6:1c:37:39:ad:5a:b5:63:26:b7:8f:49:
                    a6:b8:33:ed:ff:43:4d:cc:25:83:85:17:0b:23:05:
                    5e:b0:52:a0:78:d3:32:ee:66:9c:e8:85:1a:9d:a3:
                    51:17:28:d2:7d:9d:c6:62:57:ff:31:95:46:3c:91:
                    0d:12:06:dd:6c:91:2f:fa:c0:ab:95:48:b5:5f:9f:
                    9e:59:9e:b3:ca:10:23:cb:42:88:9a:e8:da:14:9b:
                    f0:84:6d:72:97:2f:ab:c8:87:ad:70:77:e8:68:32:
                    cf:b7:3e:d5:97:9d:ef:8e:30:71:63:fd:d4:23:dc:
                    fd:44:31:ce:7b:e1:42:5c:0a:51:ef:f5:93:16:05:
                    e8:37:14:8b:be:80:b4:c5:9f:1c:88:77:5d:cf:08:
                    1e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8C:6A:91:B1:57:4D:DD:9E:A9:FB:12:DC:7A:34:68:6A:84:79:CE
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS43641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7586:7000::/36

    Signature Algorithm: sha256WithRSAEncryption
         51:3b:51:c8:ea:62:38:94:3d:36:89:2a:d0:5d:85:bb:63:c4:
         69:a1:cb:a2:da:c3:3c:34:f9:c2:38:00:a2:23:49:ed:25:37:
         cc:55:14:c0:3f:91:05:0f:7f:2a:18:b9:26:45:c4:24:d2:38:
         ea:78:6a:b4:63:f9:94:15:7b:6a:9c:e7:b9:84:11:74:33:3a:
         49:88:c7:f0:80:57:44:03:62:59:21:a3:cc:a1:5f:46:cf:fe:
         b3:4d:4a:38:17:44:93:25:6a:03:cd:10:c3:1c:12:4e:5c:a9:
         1a:0e:fb:2c:4e:8a:8f:9d:d8:a1:7a:61:66:9c:0a:4e:9b:f2:
         24:08:33:01:2a:80:0e:57:6c:70:9a:6a:92:5a:f7:53:d2:c9:
         f0:22:af:e2:90:38:29:1e:9e:af:d2:b0:3d:07:bc:eb:b2:51:
         49:f8:28:21:42:d6:96:21:1f:0c:34:e5:3b:db:e2:bc:9b:b3:
         ec:5c:14:71:bc:0f:f5:22:dd:2d:a8:82:7c:1b:27:5e:2b:8c:
         47:ae:63:98:ca:e0:41:81:18:d4:0a:cf:4b:84:34:d4:4b:59:
         2d:61:b6:3e:1a:e7:fd:7e:5d:45:53:05:3e:d9:85:7a:49:ec:
         36:87:3b:7c:79:82:55:8c:7d:38:f2:b1:b4:d9:d8:ac:e6:7c:
         a1:7f:20:10
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUTwBvDDkVuJx8oTShhkMcNnDjT6swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA2MDIyMDQ5NTZaFw0yNzA2MDEyMDU0NTZaMDMxMTAvBgNV
BAMTKDQyOEM2QTkxQjE1NzREREQ5RUE5RkIxMkRDN0EzNDY4NkE4NDc5Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChfenhzmv2RTYGwm7QgQRELcJ4
JbSPDS8ujmxNExXfOWOh36/Ak0Ug6UiXwowwdBeaJAh5darYZdcMn9SaCQikBM5m
HHnMqPco/vMrX93nYyAqziXraGzWzGvISgzUjKZA9wWjFZhUZXDVC/YcNzmtWrVj
JrePSaa4M+3/Q03MJYOFFwsjBV6wUqB40zLuZpzohRqdo1EXKNJ9ncZiV/8xlUY8
kQ0SBt1skS/6wKuVSLVfn55ZnrPKECPLQoia6NoUm/CEbXKXL6vIh61wd+hoMs+3
PtWXne+OMHFj/dQj3P1EMc574UJcClHv9ZMWBeg3FIu+gLTFnxyId13PCB5PAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQUQoxqkbFXTd2eqfsS3Ho0aGqEec4wHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNDM2NDEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgQqFHWG
cDANBgkqhkiG9w0BAQsFAAOCAQEAUTtRyOpiOJQ9Nokq0F2Fu2PEaaHLotrDPDT5
wjgAoiNJ7SU3zFUUwD+RBQ9/Khi5JkXEJNI46nhqtGP5lBV7apznuYQRdDM6SYjH
8IBXRANiWSGjzKFfRs/+s01KOBdEkyVqA80QwxwSTlypGg77LE6Kj53YoXphZpwK
TpvyJAgzASqADldscJpqklr3U9LJ8CKv4pA4KR6er9KwPQe867JRSfgoIULWliEf
DDTlO9vivJuz7FwUcbwP9SLdLaiCfBsnXiuMR65jmMrgQYEY1ArPS4Q01EtZLWG2
Phrn/X5dRVMFPtmFeknsNoc7fHmCVYx9OPKxtNnYrOZ8oX8gEA==
-----END CERTIFICATE-----