Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa
File:                     AS55720.roa (raw, json)
Hash identifier:          6+ahDmUgw/CVi5BGwYEtuwghkwBEzPGkiP9A58s93WI=
Subject key identifier:   1C:6F:D2:67:78:C7:B0:D7:89:EB:3D:43:E6:67:41:61:23:D7:71:86
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       03C5692B847F80B585BFD4996B673ED102A6A68A
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa
Signing time:             Thu 14 May 2026 07:47:13 +0000
ROA not before:           Thu 14 May 2026 07:42:13 +0000
ROA not after:            Thu 13 May 2027 07:47:13 +0000
asID:                     55720
IP address blocks:        141.11.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            03:c5:69:2b:84:7f:80:b5:85:bf:d4:99:6b:67:3e:d1:02:a6:a6:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 14 07:42:13 2026 GMT
            Not After : May 13 07:47:13 2027 GMT
        Subject: CN=1C6FD26778C7B0D789EB3D43E667416123D77186
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:67:68:68:a2:d0:ae:a7:27:3e:38:23:2d:f1:
                    99:fa:07:65:a1:8e:7b:1f:ec:34:e2:09:c5:f9:67:
                    e0:54:c9:8b:3c:f6:f8:b2:44:6e:59:b0:4f:05:d7:
                    ad:9f:c0:e2:9f:2d:68:ae:fb:e3:8e:7e:e1:dd:fe:
                    b0:10:90:25:14:32:a6:d4:f8:10:9d:de:38:76:db:
                    a5:24:10:3b:a8:89:8b:9e:96:12:f5:31:f5:a0:cc:
                    a2:e3:1a:b7:b7:43:95:0f:3c:e3:d6:13:0b:21:76:
                    a8:a5:d1:19:d4:49:cc:5e:fc:6e:44:95:03:44:34:
                    55:69:51:6e:1b:1a:d7:77:94:84:2e:e6:04:7d:c4:
                    57:69:ae:9e:a0:71:af:42:2c:6d:b1:1c:79:5f:db:
                    b6:64:a2:01:d9:ee:8f:4e:99:4b:df:df:a5:62:a8:
                    f9:60:36:81:48:24:72:6f:f8:90:e1:59:5a:7d:44:
                    96:81:22:71:01:ac:c3:d0:42:13:13:83:ba:2a:85:
                    73:61:a1:ee:79:08:20:51:a8:f4:5f:8d:5a:dc:36:
                    f1:86:f0:8b:21:6e:b5:04:8d:04:cf:f0:c7:29:44:
                    92:bd:f8:6a:dc:0e:5d:50:3d:d2:4a:6d:ac:fc:62:
                    36:e9:73:50:27:49:25:2f:c5:d3:b9:89:a9:13:e3:
                    de:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:6F:D2:67:78:C7:B0:D7:89:EB:3D:43:E6:67:41:61:23:D7:71:86
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS55720.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:91:f6:72:7b:17:44:c5:20:ca:36:a1:c3:fa:a4:fc:d7:57:
         23:60:26:00:c6:d9:dc:44:37:5d:57:3b:c1:66:2c:f4:64:f4:
         20:e6:30:42:39:12:f1:b3:69:ba:72:11:2f:33:39:e5:b7:fc:
         17:93:53:6f:9e:0f:79:51:b0:c6:ca:6e:40:9d:ce:13:67:ea:
         0c:f7:8d:89:a7:33:e8:c4:c8:f7:ce:6c:0d:5e:0f:56:5f:47:
         5d:e4:3b:00:b2:f6:49:46:95:ed:f6:08:3c:cf:ed:4d:fa:1a:
         96:2e:3a:70:42:38:27:1e:66:b0:f5:2f:8b:8c:60:3f:77:28:
         aa:a9:80:2e:02:25:e9:d9:f6:c0:f3:f7:de:b1:5a:e6:66:e3:
         6a:c6:94:0f:00:bb:de:1c:c4:5b:53:01:d1:a4:d6:ae:e7:eb:
         f1:a6:a1:61:3b:22:2c:42:c8:44:cb:ba:40:b4:15:98:78:d8:
         f0:b4:d9:f7:7a:35:e4:d2:bc:a7:98:bc:3c:d1:20:28:d4:af:
         39:0b:ad:0a:d3:91:c2:3f:54:d9:d0:d5:f3:a4:f7:95:ae:72:
         50:4d:60:6e:31:e1:0b:bd:8d:3b:66:67:cb:5c:10:1d:40:40:
         8f:b8:65:d1:24:1f:3c:ba:25:d7:36:00:d7:45:ac:ff:ca:33:
         a8:b8:0b:1a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUA8VpK4R/gLWFv9SZa2c+0QKmpoowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MTQwNzQyMTNaFw0yNzA1MTMwNzQ3MTNaMDMxMTAvBgNV
BAMTKDFDNkZEMjY3NzhDN0IwRDc4OUVCM0Q0M0U2Njc0MTYxMjNENzcxODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChZ2hootCupyc+OCMt8Zn6B2Wh
jnsf7DTiCcX5Z+BUyYs89viyRG5ZsE8F162fwOKfLWiu++OOfuHd/rAQkCUUMqbU
+BCd3jh226UkEDuoiYuelhL1MfWgzKLjGre3Q5UPPOPWEwshdqil0RnUScxe/G5E
lQNENFVpUW4bGtd3lIQu5gR9xFdprp6gca9CLG2xHHlf27ZkogHZ7o9OmUvf36Vi
qPlgNoFIJHJv+JDhWVp9RJaBInEBrMPQQhMTg7oqhXNhoe55CCBRqPRfjVrcNvGG
8IshbrUEjQTP8McpRJK9+GrcDl1QPdJKbaz8Yjbpc1AnSSUvxdO5iakT4963AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUHG/SZ3jHsNeJ6z1D5mdBYSPXcYYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNTU3MjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACNCxEw
DQYJKoZIhvcNAQELBQADggEBAA2R9nJ7F0TFIMo2ocP6pPzXVyNgJgDG2dxEN11X
O8FmLPRk9CDmMEI5EvGzabpyES8zOeW3/BeTU2+eD3lRsMbKbkCdzhNn6gz3jYmn
M+jEyPfObA1eD1ZfR13kOwCy9klGle32CDzP7U36GpYuOnBCOCceZrD1L4uMYD93
KKqpgC4CJenZ9sDz996xWuZm42rGlA8Au94cxFtTAdGk1q7n6/GmoWE7IixCyETL
ukC0FZh42PC02fd6NeTSvKeYvDzRICjUrzkLrQrTkcI/VNnQ1fOk95WuclBNYG4x
4Qu9jTtmZ8tcEB1AQI+4ZdEkHzy6Jdc2ANdFrP/KM6i4Cxo=
-----END CERTIFICATE-----