Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS12027.roa
File:                     AS12027.roa (raw, json)
Hash identifier:          aqWpRD67GjH2zUNhJaLzrboBmlsBgRbaWUZ7cbbcUkY=
Subject key identifier:   E6:19:E6:4C:9A:E7:E1:EF:1B:EB:7D:7D:FB:FA:03:1A:4E:84:35:A7
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       0250A1AFAFA11769D928CF5879392AB0817A3060
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS12027.roa
Signing time:             Thu 06 Nov 2025 06:19:05 +0000
ROA not before:           Thu 06 Nov 2025 06:14:05 +0000
ROA not after:            Thu 05 Nov 2026 06:19:05 +0000
asID:                     12027
IP address blocks:        139.28.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 05:07:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:50:a1:af:af:a1:17:69:d9:28:cf:58:79:39:2a:b0:81:7a:30:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Nov  6 06:14:05 2025 GMT
            Not After : Nov  5 06:19:05 2026 GMT
        Subject: CN=E619E64C9AE7E1EF1BEB7D7DFBFA031A4E8435A7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8b:c3:a1:d1:56:75:3a:ab:20:c0:be:53:6d:
                    3d:f1:f0:6f:7f:13:7e:5d:87:9a:ec:11:99:48:50:
                    a0:c1:5e:5e:72:0a:37:5e:9c:40:b2:7e:1c:6e:ce:
                    9a:76:1c:4e:3d:54:8e:d7:60:e3:d5:6f:d9:43:70:
                    93:dc:46:25:48:6d:6a:92:ca:49:57:16:5c:78:21:
                    c2:72:3b:55:3d:6d:5f:97:1d:9c:7e:43:09:c3:23:
                    48:72:b1:1c:aa:ff:a3:c2:6b:9f:8a:75:fe:d9:33:
                    da:e0:a0:c8:00:12:7e:e5:71:df:ef:30:b5:87:e8:
                    d0:9f:27:c7:71:75:17:78:61:d0:34:ea:d2:6b:3f:
                    ac:af:bb:ad:b6:c5:14:92:fb:1d:51:74:bf:97:7a:
                    ba:52:02:08:f1:2c:9b:0b:d9:9c:e3:af:65:4d:60:
                    34:2f:43:56:e3:24:a0:8a:5d:5d:14:bd:8c:d2:ff:
                    e4:b7:de:b7:1a:75:93:99:64:f3:a1:ff:16:0e:c2:
                    f1:c2:c8:4e:01:81:7f:b8:8d:dd:cc:2b:34:e8:b8:
                    2a:10:b6:cd:ae:4b:8c:b7:19:84:c3:d7:4a:e4:42:
                    d9:9a:c6:8d:a3:46:6c:86:76:ea:a0:2f:12:ad:09:
                    75:a1:0e:4a:fe:80:e9:77:65:36:22:90:a5:55:5a:
                    25:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:19:E6:4C:9A:E7:E1:EF:1B:EB:7D:7D:FB:FA:03:1A:4E:84:35:A7
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS12027.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.28.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:58:51:7a:23:48:12:1f:7c:8d:09:20:2a:c8:f3:f8:f4:8b:
         e6:ab:12:23:9a:2c:a8:f1:ce:8a:9b:e6:df:09:9f:3d:3d:07:
         73:2d:64:13:07:60:ca:d2:20:18:c5:df:ee:7b:78:b8:1f:aa:
         01:ee:8e:67:9f:1d:8b:5c:b0:54:9d:4b:cd:2b:61:b7:f7:11:
         0d:84:d4:c9:40:a2:10:28:26:b1:b4:e1:06:41:4f:9f:51:30:
         21:80:a7:36:47:df:f2:be:03:94:36:4e:92:df:9f:28:c5:84:
         93:eb:e2:d5:70:75:83:8c:69:30:0e:e9:59:43:88:e5:70:f8:
         34:81:db:2d:2b:88:e0:1a:88:b6:ba:9e:c5:46:5b:ae:74:84:
         af:a3:af:f7:b2:fa:2e:5a:cb:82:d4:3b:70:80:b9:da:f2:76:
         7f:e6:35:bc:96:ae:bd:df:65:78:26:61:39:12:e0:22:00:d4:
         8d:77:25:9d:e5:4c:0f:37:65:c1:83:96:8b:13:4a:e0:59:81:
         f1:75:91:7f:66:30:c6:ee:51:50:87:25:c8:a7:6c:a6:3b:44:
         40:0b:25:b1:21:34:8f:b7:6e:a4:a4:f3:89:86:06:f1:7f:bf:
         5d:bc:bf:a3:38:5a:cb:be:f8:8b:2b:b5:18:e4:87:b6:ad:13:
         70:2d:e6:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAlChr6+hF2nZKM9YeTkqsIF6MGAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTExMDYwNjE0MDVaFw0yNjExMDUwNjE5MDVaMDMxMTAvBgNV
BAMTKEU2MTlFNjRDOUFFN0UxRUYxQkVCN0Q3REZCRkEwMzFBNEU4NDM1QTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHi8Oh0VZ1OqsgwL5TbT3x8G9/
E35dh5rsEZlIUKDBXl5yCjdenECyfhxuzpp2HE49VI7XYOPVb9lDcJPcRiVIbWqS
yklXFlx4IcJyO1U9bV+XHZx+QwnDI0hysRyq/6PCa5+Kdf7ZM9rgoMgAEn7lcd/v
MLWH6NCfJ8dxdRd4YdA06tJrP6yvu622xRSS+x1RdL+XerpSAgjxLJsL2Zzjr2VN
YDQvQ1bjJKCKXV0UvYzS/+S33rcadZOZZPOh/xYOwvHCyE4BgX+4jd3MKzTouCoQ
ts2uS4y3GYTD10rkQtmaxo2jRmyGduqgLxKtCXWhDkr+gOl3ZTYikKVVWiU3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU5hnmTJrn4e8b6319+/oDGk6ENacwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMTIwMjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACLHDIw
DQYJKoZIhvcNAQELBQADggEBAKRYUXojSBIffI0JICrI8/j0i+arEiOaLKjxzoqb
5t8Jnz09B3MtZBMHYMrSIBjF3+57eLgfqgHujmefHYtcsFSdS80rYbf3EQ2E1MlA
ohAoJrG04QZBT59RMCGApzZH3/K+A5Q2TpLfnyjFhJPr4tVwdYOMaTAO6VlDiOVw
+DSB2y0riOAaiLa6nsVGW650hK+jr/ey+i5ay4LUO3CAudrydn/mNbyWrr3fZXgm
YTkS4CIA1I13JZ3lTA83ZcGDlosTSuBZgfF1kX9mMMbuUVCHJcinbKY7REALJbEh
NI+3bqSk84mGBvF/v128v6M4Wsu++IsrtRjkh7atE3At5vk=
-----END CERTIFICATE-----