Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa
File:                     AS142594.roa (raw, json)
Hash identifier:          BNO544Mq8nMFVDUnETVp4AadWZ/s3JgSvactvC8CM/A=
Subject key identifier:   76:44:AA:59:AA:A8:4A:F7:1B:85:FF:F5:BA:4A:4E:FD:F9:39:B4:B7
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5DD414623C7A6C749EE9BF9835D8191A534DF0C8
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa
Signing time:             Sun 08 Mar 2026 13:46:48 +0000
ROA not before:           Sun 08 Mar 2026 13:41:48 +0000
ROA not after:            Sun 07 Mar 2027 13:46:48 +0000
asID:                     142594
IP address blocks:        141.11.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Mar 2026 04:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:d4:14:62:3c:7a:6c:74:9e:e9:bf:98:35:d8:19:1a:53:4d:f0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar  8 13:41:48 2026 GMT
            Not After : Mar  7 13:46:48 2027 GMT
        Subject: CN=7644AA59AAA84AF71B85FFF5BA4A4EFDF939B4B7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:48:12:f5:45:62:f9:d1:e1:9e:13:d7:18:72:
                    ee:49:e5:4f:01:a0:8c:0b:cd:a6:2d:91:59:e2:cd:
                    4d:6a:50:9b:dd:50:24:4f:30:76:23:e3:6c:01:8a:
                    df:7c:7b:29:94:f9:60:24:15:60:82:ef:88:fd:28:
                    b7:58:09:e8:5d:2a:5d:91:6d:7e:a0:68:ee:95:51:
                    c6:3f:48:29:cc:a2:2c:82:2b:82:84:6e:45:a9:38:
                    5f:a4:86:09:5a:78:b7:c2:97:e1:13:f9:e8:d0:ec:
                    f0:2f:fc:a9:ae:1b:f6:bf:51:75:91:dc:aa:c8:f6:
                    07:b7:71:55:03:dd:a6:89:7f:85:ad:87:8a:8f:e9:
                    5b:e3:ee:64:a0:42:ff:f2:86:78:80:57:55:bb:22:
                    93:63:9b:a3:92:d2:25:fb:c7:5d:71:27:ce:87:7e:
                    ec:05:d6:62:c7:96:10:67:47:3a:1e:07:4c:29:85:
                    a5:2a:d8:51:5b:86:60:a9:c0:ce:22:68:ac:2d:ef:
                    d5:f2:b3:d1:da:3d:2f:e0:e2:4c:68:c5:38:3a:5a:
                    5d:5a:44:5f:31:a8:fa:0f:0b:e3:f1:57:b3:9b:2e:
                    13:d2:af:aa:b2:38:c6:6b:13:61:4c:13:7f:25:d0:
                    c4:4b:2e:f3:eb:61:04:37:9f:96:d1:20:3d:a7:4d:
                    97:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:44:AA:59:AA:A8:4A:F7:1B:85:FF:F5:BA:4A:4E:FD:F9:39:B4:B7
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS142594.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:91:86:7a:d3:36:49:c4:76:2d:65:f0:84:71:8d:14:be:ef:
         13:c0:3c:02:a1:0d:70:65:34:5b:e8:7b:09:05:5c:ef:cc:05:
         8b:bc:19:b9:7e:cd:c1:ef:95:77:b2:5c:98:12:aa:ae:a3:08:
         45:13:1e:94:8b:21:03:4e:b2:0c:c3:49:5d:bf:ca:19:4e:ba:
         d4:a7:60:aa:8f:16:2c:d6:32:9d:67:fc:ca:69:83:39:75:b7:
         59:70:34:94:5b:d8:51:22:3f:c6:be:44:f5:4c:c3:12:97:6e:
         2c:ca:7b:8f:a8:da:14:8f:47:3e:fe:c9:c9:f4:85:f6:5f:1e:
         c4:93:eb:99:07:76:8a:05:11:32:86:a2:03:55:f1:94:b1:e1:
         c0:e5:4d:5e:77:6f:d8:5e:15:b2:c2:c8:67:56:4a:bd:15:54:
         8b:2e:92:62:4b:2d:dd:85:5f:6c:1b:05:eb:08:5b:2b:37:1a:
         48:81:ae:24:0e:ed:26:2e:b7:03:b5:cf:da:39:0f:67:1d:ed:
         3e:e5:60:af:1f:55:31:b2:ad:ec:cc:f9:4b:f0:32:c9:ac:60:
         87:5f:28:57:97:94:7f:2b:8b:f2:60:06:02:af:cb:f3:e4:b0:
         ec:e0:da:1c:41:ba:79:09:0e:65:77:b7:e4:b3:81:be:e6:30:
         55:79:fe:a8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXdQUYjx6bHSe6b+YNdgZGlNN8MgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMDgxMzQxNDhaFw0yNzAzMDcxMzQ2NDhaMDMxMTAvBgNV
BAMTKDc2NDRBQTU5QUFBODRBRjcxQjg1RkZGNUJBNEE0RUZERjkzOUI0QjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8SBL1RWL50eGeE9cYcu5J5U8B
oIwLzaYtkVnizU1qUJvdUCRPMHYj42wBit98eymU+WAkFWCC74j9KLdYCehdKl2R
bX6gaO6VUcY/SCnMoiyCK4KEbkWpOF+khglaeLfCl+ET+ejQ7PAv/KmuG/a/UXWR
3KrI9ge3cVUD3aaJf4Wth4qP6Vvj7mSgQv/yhniAV1W7IpNjm6OS0iX7x11xJ86H
fuwF1mLHlhBnRzoeB0wphaUq2FFbhmCpwM4iaKwt79Xys9HaPS/g4kxoxTg6Wl1a
RF8xqPoPC+PxV7ObLhPSr6qyOMZrE2FME38l0MRLLvPrYQQ3n5bRID2nTZcFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdkSqWaqoSvcbhf/1ukpO/fk5tLcwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMTQyNTk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsu
MA0GCSqGSIb3DQEBCwUAA4IBAQBakYZ60zZJxHYtZfCEcY0Uvu8TwDwCoQ1wZTRb
6HsJBVzvzAWLvBm5fs3B75V3slyYEqquowhFEx6UiyEDTrIMw0ldv8oZTrrUp2Cq
jxYs1jKdZ/zKaYM5dbdZcDSUW9hRIj/GvkT1TMMSl24synuPqNoUj0c+/snJ9IX2
Xx7Ek+uZB3aKBREyhqIDVfGUseHA5U1ed2/YXhWywshnVkq9FVSLLpJiSy3dhV9s
GwXrCFsrNxpIga4kDu0mLrcDtc/aOQ9nHe0+5WCvH1Uxsq3szPlL8DLJrGCHXyhX
l5R/K4vyYAYCr8vz5LDs4NocQbp5CQ5ld7fks4G+5jBVef6o
-----END CERTIFICATE-----