Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS812.roa
File:                     AS812.roa (raw, json)
Hash identifier:          zA57qcCPz1Pt09TdlnMO+GKenNotdwFnSlnVFuU1Vz8=
Subject key identifier:   B4:5A:34:AC:CC:F5:53:61:BA:3E:69:03:A3:59:3F:19:EC:01:77:37
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       6C95D2D1027CA0A5C729F0B0EC81F997E5273BF1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS812.roa
Signing time:             Thu 02 Apr 2026 07:03:32 +0000
ROA not before:           Thu 02 Apr 2026 06:58:32 +0000
ROA not after:            Thu 01 Apr 2027 07:03:32 +0000
asID:                     812
IP address blocks:        51.194.8.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 17:59:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:95:d2:d1:02:7c:a0:a5:c7:29:f0:b0:ec:81:f9:97:e5:27:3b:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Apr  2 06:58:32 2026 GMT
            Not After : Apr  1 07:03:32 2027 GMT
        Subject: CN=B45A34ACCCF55361BA3E6903A3593F19EC017737
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:74:69:92:d6:bb:ca:73:bb:31:ba:6f:32:49:
                    ba:1e:28:10:d7:76:1c:28:73:57:d2:d3:a5:2c:3b:
                    30:2e:13:f0:82:ef:6f:eb:a6:aa:0c:12:35:cd:b5:
                    2e:f0:8d:f5:ae:2f:01:7c:25:01:aa:9e:e0:db:47:
                    25:80:98:47:65:95:65:a3:93:fe:e1:b6:e3:57:ac:
                    a9:04:cc:fe:18:a5:2f:b1:5a:01:a9:e5:56:f8:f4:
                    c7:dd:f1:cb:2a:bb:d7:22:8b:8a:65:19:9a:ca:33:
                    64:38:f1:2a:eb:57:d3:1d:b3:38:45:e3:4a:26:8d:
                    a4:bb:6a:f8:96:d0:44:7f:b7:7e:18:b9:2e:2e:c8:
                    5b:51:3c:2c:73:af:b6:57:0a:42:82:26:89:bd:29:
                    b8:02:f3:26:29:b5:c5:9e:2e:9c:16:03:0a:7d:f3:
                    43:89:43:77:3b:ec:b4:c4:c1:02:e4:3c:40:ca:e9:
                    7c:49:9d:61:8f:08:c1:1a:0f:20:c0:27:4c:9a:62:
                    af:fb:ab:9c:b3:d2:41:3e:01:ed:25:ae:89:ab:d4:
                    be:2f:74:c0:31:a4:b3:c9:11:71:75:e5:ef:b5:ce:
                    e0:2e:0c:c5:62:6d:fe:ae:67:3c:5d:25:bd:0e:5c:
                    19:01:ec:80:4b:ff:14:5d:3a:12:57:5f:86:ee:2b:
                    15:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5A:34:AC:CC:F5:53:61:BA:3E:69:03:A3:59:3F:19:EC:01:77:37
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS812.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.194.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:78:ae:b8:78:22:c0:bc:df:d9:4f:4d:6d:a6:95:d2:f9:69:
         8d:95:a3:68:95:08:cf:5c:7c:7a:1f:43:46:8c:2f:17:2b:35:
         22:6d:85:84:4d:ac:1a:40:dc:5a:ef:bd:44:d4:cd:03:1f:59:
         64:01:29:ef:cf:99:e0:44:2a:94:9d:0a:fb:4e:af:91:21:9e:
         4c:f0:99:ae:ac:27:0a:37:8e:48:61:3b:6c:97:c2:cb:4a:13:
         49:8f:1b:eb:f6:e6:81:cc:41:8c:3e:7f:aa:5f:9b:76:15:fb:
         00:38:dd:b4:78:d5:7a:93:fe:7f:fd:7c:ec:ca:a8:2b:ee:c6:
         06:d3:e0:78:7d:9e:c0:cb:75:56:a1:92:f3:e9:08:ee:e6:5a:
         71:ea:06:ef:65:88:ea:25:0f:1e:cc:0d:23:54:f7:eb:87:17:
         7f:cc:da:ae:58:93:3d:9d:96:e0:11:5b:71:10:26:bb:b1:2e:
         5b:16:06:40:3d:96:8e:9b:79:5d:90:56:99:13:a1:e9:b2:06:
         6d:c4:62:ed:0a:bc:c3:91:b8:85:ce:e5:e1:91:b2:58:64:fc:
         9a:a4:03:32:2b:05:37:e5:e0:42:60:fb:dd:a4:70:d4:ce:7a:
         3d:ae:3f:b6:39:f1:2a:83:e4:c0:f7:ba:46:49:4d:7f:13:89:
         3d:67:48:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUbJXS0QJ8oKXHKfCw7IH5l+UnO/EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA0MDIwNjU4MzJaFw0yNzA0MDEwNzAzMzJaMDMxMTAvBgNV
BAMTKEI0NUEzNEFDQ0NGNTUzNjFCQTNFNjkwM0EzNTkzRjE5RUMwMTc3MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDddGmS1rvKc7sxum8ySboeKBDX
dhwoc1fS06UsOzAuE/CC72/rpqoMEjXNtS7wjfWuLwF8JQGqnuDbRyWAmEdllWWj
k/7htuNXrKkEzP4YpS+xWgGp5Vb49Mfd8csqu9cii4plGZrKM2Q48SrrV9MdszhF
40omjaS7aviW0ER/t34YuS4uyFtRPCxzr7ZXCkKCJom9KbgC8yYptcWeLpwWAwp9
80OJQ3c77LTEwQLkPEDK6XxJnWGPCMEaDyDAJ0yaYq/7q5yz0kE+Ae0lromr1L4v
dMAxpLPJEXF15e+1zuAuDMVibf6uZzxdJb0OXBkB7IBL/xRdOhJXX4buKxXxAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUtFo0rMz1U2G6PmkDo1k/GewBdzcwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTODEyLnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDM8IIMA0G
CSqGSIb3DQEBCwUAA4IBAQCSeK64eCLAvN/ZT01tppXS+WmNlaNolQjPXHx6H0NG
jC8XKzUibYWETawaQNxa771E1M0DH1lkASnvz5ngRCqUnQr7Tq+RIZ5M8JmurCcK
N45IYTtsl8LLShNJjxvr9uaBzEGMPn+qX5t2FfsAON20eNV6k/5//Xzsyqgr7sYG
0+B4fZ7Ay3VWoZLz6Qju5lpx6gbvZYjqJQ8ezA0jVPfrhxd/zNquWJM9nZbgEVtx
ECa7sS5bFgZAPZaOm3ldkFaZE6HpsgZtxGLtCrzDkbiFzuXhkbJYZPyapAMyKwU3
5eBCYPvdpHDUzno9rj+2OfEqg+TA97pGSU1/E4k9Z0jH
-----END CERTIFICATE-----