Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219476.roa
File:                     AS219476.roa (raw, json)
Hash identifier:          inBsfc2IZLZ+3xSTxL1zq1oQa8KEvurBgzqE5tvvNVU=
Subject key identifier:   4C:EE:14:35:8E:FE:6F:F2:A6:96:2A:73:EF:46:DC:B5:46:96:6E:BA
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6A0E080D44308E42932D09D405640B3D8170CDFA
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219476.roa
Signing time:             Sat 27 Jun 2026 06:21:13 +0000
ROA not before:           Sat 27 Jun 2026 06:16:13 +0000
ROA not after:            Sat 26 Jun 2027 06:21:13 +0000
asID:                     219476
IP address blocks:        188.220.56.0/24 maxlen: 24
                          188.220.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:0e:08:0d:44:30:8e:42:93:2d:09:d4:05:64:0b:3d:81:70:cd:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 27 06:16:13 2026 GMT
            Not After : Jun 26 06:21:13 2027 GMT
        Subject: CN=4CEE14358EFE6FF2A6962A73EF46DCB546966EBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ee:5a:9b:66:1c:f3:fc:66:49:96:fd:35:fb:
                    10:c0:9e:d4:6b:e0:f1:0e:ff:f2:fd:2f:66:c8:3c:
                    09:79:25:53:90:a9:0c:47:d7:5a:5b:4b:6d:53:88:
                    25:ae:4d:fa:b4:40:39:41:5e:38:7f:1d:97:08:91:
                    6a:9d:aa:c0:b3:1e:6b:a9:64:bf:c4:5f:6c:7d:35:
                    90:b1:d3:98:ab:6c:0a:10:0a:2f:6c:9c:d3:39:a0:
                    09:21:d7:21:48:55:46:98:bc:59:d5:7a:15:33:00:
                    57:3f:e0:c1:20:1a:b3:0a:c4:32:28:94:95:c7:d3:
                    1d:7f:a0:25:ad:b1:75:78:00:48:eb:18:5e:d1:9a:
                    f0:25:37:c3:90:d3:2d:cc:04:5a:15:9c:c1:23:c0:
                    4b:ea:df:10:9c:d8:a1:22:75:0a:66:be:8f:0a:27:
                    81:59:88:a7:b0:9d:27:9b:dc:ca:a6:8e:37:52:08:
                    4d:e4:3f:b7:4f:26:72:ec:a2:f9:ab:e0:a4:0e:2c:
                    b6:8e:51:f6:fa:80:eb:12:ad:ef:2b:ba:0e:0d:ad:
                    ad:4f:51:c6:ef:ec:01:79:e0:37:82:4d:ca:2e:90:
                    dd:61:de:46:5b:96:48:d0:09:3c:bb:db:ed:45:db:
                    4a:1e:44:c0:77:cf:27:e6:81:23:cf:31:eb:af:69:
                    cd:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:EE:14:35:8E:FE:6F:F2:A6:96:2A:73:EF:46:DC:B5:46:96:6E:BA
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS219476.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.56.0/24
                  188.220.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:b4:12:2e:89:ca:25:16:f9:b9:2d:b8:0c:6b:40:7d:bd:1f:
         b6:2b:84:9a:fb:50:b4:ae:b9:60:58:57:86:14:57:6b:3c:f9:
         8b:c3:22:0d:81:d5:b6:e9:96:82:61:6d:3b:76:74:24:92:66:
         d6:af:1a:b5:1a:55:a4:d4:58:37:b1:e9:98:e5:ae:46:e3:4e:
         96:d7:58:f1:de:3b:70:57:1f:c4:c7:da:3d:a5:d5:6c:9a:58:
         53:1b:2a:1d:46:7c:1d:b4:da:5e:a9:67:00:38:d3:8a:4b:b0:
         ee:17:9a:65:bf:bb:d8:6f:03:e5:75:bc:25:69:ab:f1:aa:73:
         25:4f:c7:0a:b3:3b:fb:28:bd:a9:ff:62:7c:a9:b3:a8:16:07:
         70:b8:15:76:08:be:01:7a:ba:a7:ac:3b:b0:6f:ec:75:e2:c7:
         a2:c0:e1:15:7f:d2:25:a0:af:0e:7a:ef:d1:68:28:2a:19:0e:
         c5:b0:6a:3a:c5:16:50:49:87:90:33:84:d8:e8:d7:22:a0:d5:
         45:aa:a8:ba:c9:db:fa:73:04:0c:af:c6:74:bc:15:35:31:b6:
         8e:d7:f8:37:66:73:ea:33:5a:f0:42:47:9c:96:2e:37:c2:fe:
         0d:dc:25:9e:67:af:4c:3b:f9:6b:de:6b:b9:71:84:28:7a:6b:
         b6:12:da:a1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUag4IDUQwjkKTLQnUBWQLPYFwzfowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MjcwNjE2MTNaFw0yNzA2MjYwNjIxMTNaMDMxMTAvBgNV
BAMTKDRDRUUxNDM1OEVGRTZGRjJBNjk2MkE3M0VGNDZEQ0I1NDY5NjZFQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDE7lqbZhzz/GZJlv01+xDAntRr
4PEO//L9L2bIPAl5JVOQqQxH11pbS21TiCWuTfq0QDlBXjh/HZcIkWqdqsCzHmup
ZL/EX2x9NZCx05irbAoQCi9snNM5oAkh1yFIVUaYvFnVehUzAFc/4MEgGrMKxDIo
lJXH0x1/oCWtsXV4AEjrGF7RmvAlN8OQ0y3MBFoVnMEjwEvq3xCc2KEidQpmvo8K
J4FZiKewnSeb3MqmjjdSCE3kP7dPJnLsovmr4KQOLLaOUfb6gOsSre8rug4Nra1P
Ucbv7AF54DeCTcoukN1h3kZblkjQCTy72+1F20oeRMB3zyfmgSPPMeuvac2ZAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUTO4UNY7+b/Kmlipz70bctUaWbrowHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMjE5NDc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAvNw4
AwQAvNxuMA0GCSqGSIb3DQEBCwUAA4IBAQAxtBIuicolFvm5LbgMa0B9vR+2K4Sa
+1C0rrlgWFeGFFdrPPmLwyINgdW26ZaCYW07dnQkkmbWrxq1GlWk1Fg3semY5a5G
406W11jx3jtwVx/Ex9o9pdVsmlhTGyodRnwdtNpeqWcAONOKS7DuF5plv7vYbwPl
dbwlaavxqnMlT8cKszv7KL2p/2J8qbOoFgdwuBV2CL4BerqnrDuwb+x14seiwOEV
f9IloK8Oeu/RaCgqGQ7FsGo6xRZQSYeQM4TY6NcioNVFqqi6ydv6cwQMr8Z0vBU1
MbaO1/g3ZnPqM1rwQkecli43wv4N3CWeZ69MO/lr3mu5cYQoemu2Etqh
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:55:16 2026 by rpki-client