Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS44092.roa
File:                     AS44092.roa (raw, json)
Hash identifier:          w5j4KOUxDzt3rIoSKsqPOvqkpLHWSXKRdKTeQilAFoM=
Subject key identifier:   34:B3:E3:08:04:67:33:00:40:8A:77:FD:E7:F1:91:92:AA:64:A2:30
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       678213D53549F4CAB937ECB24AE63AFFDEF505A8
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS44092.roa
Signing time:             Mon 25 May 2026 12:47:17 +0000
ROA not before:           Mon 25 May 2026 12:42:17 +0000
ROA not after:            Mon 24 May 2027 12:47:17 +0000
asID:                     44092
IP address blocks:        143.20.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 17:15:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:82:13:d5:35:49:f4:ca:b9:37:ec:b2:4a:e6:3a:ff:de:f5:05:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May 25 12:42:17 2026 GMT
            Not After : May 24 12:47:17 2027 GMT
        Subject: CN=34B3E30804673300408A77FDE7F19192AA64A230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:57:b1:72:a8:9f:e6:b9:9c:0a:e7:04:95:50:
                    4f:24:3c:1b:aa:bf:59:d0:9b:f4:89:12:00:98:0b:
                    7d:d1:7d:65:61:c6:e6:21:6e:9f:ea:34:10:0e:e4:
                    fb:41:17:51:16:b4:7a:31:a4:d6:69:ad:4a:ed:51:
                    88:ed:98:78:fb:60:da:8f:ef:0a:87:f6:7b:df:d6:
                    c9:8f:d2:3c:1c:5f:97:fc:56:d0:f3:46:ba:c5:0a:
                    3f:20:e3:70:70:5f:79:2e:e7:3f:56:b9:e1:0d:93:
                    2e:0a:0b:43:15:b7:12:e4:ea:ba:7a:65:32:ea:0b:
                    33:c6:51:31:bc:6d:b4:fa:44:3e:61:c6:dd:77:7d:
                    30:77:1b:19:1f:57:20:1b:65:39:9e:7d:e4:1d:ff:
                    44:3f:ab:98:14:6a:4b:3e:be:85:a1:8a:44:65:46:
                    45:7e:aa:78:e2:4f:1f:0a:e8:c4:a7:c3:55:6a:18:
                    b2:ec:62:df:97:36:e8:f9:8e:e6:ac:95:71:ba:83:
                    cb:88:fc:96:58:89:16:9d:00:69:78:9a:75:d5:00:
                    d2:e5:88:0e:0f:e8:ea:07:07:f5:99:46:8d:03:84:
                    9b:4d:ce:f5:20:12:9e:45:0c:0d:59:a0:ca:c0:e1:
                    f0:89:16:a0:01:9c:c1:0a:b5:6f:ac:35:37:22:9f:
                    5d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:B3:E3:08:04:67:33:00:40:8A:77:FD:E7:F1:91:92:AA:64:A2:30
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS44092.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:ce:fa:1a:02:73:b9:d4:54:27:0a:c5:cc:58:50:ff:45:8e:
         32:b9:5c:78:9e:97:32:59:da:88:c8:61:54:4a:b9:e9:87:dc:
         02:55:cb:59:6c:83:11:09:8a:e5:c5:b6:2c:c6:d7:eb:0a:9b:
         6e:b5:1a:f0:73:44:40:f0:41:86:e7:8b:45:6f:15:7c:af:ad:
         6c:43:98:3e:4a:58:0e:cc:d0:aa:f7:e8:52:72:b0:5f:43:a6:
         3c:56:ce:00:e8:1d:82:73:35:8d:1b:28:2b:57:cd:2e:0f:e8:
         23:33:be:2d:76:80:c0:73:29:96:46:8e:3a:2d:96:b3:3b:ab:
         d8:69:87:3d:e8:ad:d9:0c:a7:52:93:8e:0e:01:56:4b:27:05:
         1a:e2:bb:d4:49:96:e6:21:ab:3a:8c:e5:a5:8d:1e:e4:de:30:
         d8:49:d4:fb:6c:b1:a2:26:49:f6:e8:df:a5:83:90:d0:ad:6b:
         15:89:52:73:22:f8:7b:31:45:44:eb:6d:d2:d6:a7:fb:d8:04:
         e8:3a:3b:0b:84:7e:d8:9f:54:0e:b8:93:01:aa:67:cf:86:d8:
         c6:e3:49:a3:5c:6a:5b:7e:50:28:dc:9c:32:38:29:da:42:16:
         87:2a:d6:06:f3:b8:fe:8c:43:35:95:3c:e2:b5:04:44:16:47:
         49:a1:d7:58
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZ4IT1TVJ9Mq5N+yySuY6/971BagwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MjUxMjQyMTdaFw0yNzA1MjQxMjQ3MTdaMDMxMTAvBgNV
BAMTKDM0QjNFMzA4MDQ2NzMzMDA0MDhBNzdGREU3RjE5MTkyQUE2NEEyMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDV7FyqJ/muZwK5wSVUE8kPBuq
v1nQm/SJEgCYC33RfWVhxuYhbp/qNBAO5PtBF1EWtHoxpNZprUrtUYjtmHj7YNqP
7wqH9nvf1smP0jwcX5f8VtDzRrrFCj8g43BwX3ku5z9WueENky4KC0MVtxLk6rp6
ZTLqCzPGUTG8bbT6RD5hxt13fTB3GxkfVyAbZTmefeQd/0Q/q5gUaks+voWhikRl
RkV+qnjiTx8K6MSnw1VqGLLsYt+XNuj5juaslXG6g8uI/JZYiRadAGl4mnXVANLl
iA4P6OoHB/WZRo0DhJtNzvUgEp5FDA1ZoMrA4fCJFqABnMEKtW+sNTcin11BAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNLPjCARnMwBAinf95/GRkqpkojAwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDQwOTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPFAUw
DQYJKoZIhvcNAQELBQADggEBAALO+hoCc7nUVCcKxcxYUP9FjjK5XHielzJZ2ojI
YVRKuemH3AJVy1lsgxEJiuXFtizG1+sKm261GvBzREDwQYbni0VvFXyvrWxDmD5K
WA7M0Kr36FJysF9DpjxWzgDoHYJzNY0bKCtXzS4P6CMzvi12gMBzKZZGjjotlrM7
q9hphz3ordkMp1KTjg4BVksnBRriu9RJluYhqzqM5aWNHuTeMNhJ1PtssaImSfbo
36WDkNCtaxWJUnMi+HsxRUTrbdLWp/vYBOg6OwuEftifVA64kwGqZ8+G2MbjSaNc
alt+UCjcnDI4KdpCFocq1gbzuP6MQzWVPOK1BEQWR0mh11g=
-----END CERTIFICATE-----