Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa
File:                     AS142561.roa (raw, json)
Hash identifier:          gp6UFPifEStQz2qrzSnh+FIhHQO0QDWxTTeuO1G7pv4=
Subject key identifier:   D9:A4:1D:74:5D:F4:34:12:9C:0E:8B:75:2E:16:0A:57:19:05:F2:6F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6B521FDFCE661ECDA78D69A61ED195151C5CB6E8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa
Signing time:             Fri 31 Oct 2025 06:45:12 +0000
ROA not before:           Fri 31 Oct 2025 06:40:12 +0000
ROA not after:            Fri 30 Oct 2026 06:45:12 +0000
asID:                     142561
IP address blocks:        91.124.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Nov 2025 09:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:52:1f:df:ce:66:1e:cd:a7:8d:69:a6:1e:d1:95:15:1c:5c:b6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 31 06:40:12 2025 GMT
            Not After : Oct 30 06:45:12 2026 GMT
        Subject: CN=D9A41D745DF434129C0E8B752E160A571905F26F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bd:be:91:3e:6e:7d:4d:dd:3a:cb:b2:39:80:
                    d4:34:5f:32:33:f1:6e:00:b8:3a:6f:32:90:4f:60:
                    96:b7:e1:c7:d6:08:02:23:2b:d1:fa:5d:d8:2f:8f:
                    ef:6b:0a:9d:c1:81:37:e2:03:47:56:1a:6d:f6:b1:
                    82:ee:5b:1b:71:17:e6:4d:06:f5:c1:20:4a:c6:24:
                    64:8d:d9:cc:df:f5:f8:c5:3b:f4:b8:f7:7f:26:ec:
                    8e:b8:43:ff:d3:a8:38:76:57:57:fa:d4:bb:76:ca:
                    60:22:9a:23:20:d8:0a:5d:2b:54:a4:33:8f:99:2c:
                    2f:ab:e0:36:bd:6c:a2:f5:e0:66:d6:29:fb:31:e6:
                    0f:bb:0c:c0:62:0e:cb:47:05:88:7c:70:21:67:35:
                    03:54:47:fa:81:7c:c3:d3:fb:90:4d:79:ac:46:e1:
                    81:8e:1e:4e:29:2f:80:6a:29:70:c4:20:29:8f:1c:
                    95:0f:e9:b3:ab:94:b5:0b:be:18:9d:18:99:cd:84:
                    7f:bb:69:19:f9:98:58:70:b7:8f:1c:e6:52:f6:aa:
                    7d:8d:66:42:0f:c1:41:2f:33:e5:06:d8:5f:6e:67:
                    d3:d0:66:0b:a5:da:c6:b2:c0:d8:62:7e:99:9a:af:
                    25:9e:19:cf:e0:1c:55:29:71:03:87:0c:21:a9:50:
                    4c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:A4:1D:74:5D:F4:34:12:9C:0E:8B:75:2E:16:0A:57:19:05:F2:6F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:bc:5d:0d:22:c3:e2:ef:1b:c0:b1:86:8f:9a:1c:a4:7a:39:
         e0:12:b6:de:9a:82:87:33:be:a0:95:41:7f:c4:e9:cf:3e:39:
         bc:6f:06:88:1f:1a:e4:b4:ae:c4:6a:cc:ec:42:7c:90:cd:75:
         dd:af:a5:5c:bc:2d:ad:8c:40:f7:01:b7:f7:3b:85:09:af:61:
         5a:c9:e9:29:e6:a5:40:dc:20:b0:0f:51:8f:eb:c7:f5:4d:db:
         bd:1e:66:44:b0:54:f8:c7:fc:01:46:e9:10:66:bf:68:0e:39:
         3c:dd:7e:8a:ff:e1:06:ce:29:97:3d:d3:a5:d2:2d:69:98:c0:
         5f:08:01:a4:c0:5c:c1:01:38:be:66:29:03:a6:82:4e:8d:3a:
         b9:4b:df:e4:01:8a:c1:90:df:11:cf:bb:f5:cd:c9:12:5b:74:
         20:c4:96:2b:3f:fc:ed:23:b4:ff:cd:6b:ab:3d:51:a3:cd:c7:
         e9:47:1c:d3:fd:8c:8b:ef:55:37:24:be:8a:2a:e3:0d:df:d6:
         dd:61:9d:9c:e3:b3:e9:31:42:ca:c9:18:10:9b:3a:7a:68:69:
         c1:5b:95:6b:44:50:30:02:a2:0e:94:4c:8b:3d:ac:b5:5d:1f:
         b1:ba:e5:16:1d:d2:59:c0:ad:fa:88:d3:b6:b8:f6:1d:34:9c:
         4c:6b:27:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa1If385mHs2njWmmHtGVFRxctugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMzEwNjQwMTJaFw0yNjEwMzAwNjQ1MTJaMDMxMTAvBgNV
BAMTKEQ5QTQxRDc0NURGNDM0MTI5QzBFOEI3NTJFMTYwQTU3MTkwNUYyNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCuvb6RPm59Td06y7I5gNQ0XzIz
8W4AuDpvMpBPYJa34cfWCAIjK9H6Xdgvj+9rCp3BgTfiA0dWGm32sYLuWxtxF+ZN
BvXBIErGJGSN2czf9fjFO/S4938m7I64Q//TqDh2V1f61Lt2ymAimiMg2ApdK1Sk
M4+ZLC+r4Da9bKL14GbWKfsx5g+7DMBiDstHBYh8cCFnNQNUR/qBfMPT+5BNeaxG
4YGOHk4pL4BqKXDEICmPHJUP6bOrlLULvhidGJnNhH+7aRn5mFhwt48c5lL2qn2N
ZkIPwUEvM+UG2F9uZ9PQZgul2saywNhifpmaryWeGc/gHFUpcQOHDCGpUEwvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU2aQddF30NBKcDot1LhYKVxkF8m8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTQyNTYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3ys
MA0GCSqGSIb3DQEBCwUAA4IBAQCVvF0NIsPi7xvAsYaPmhykejngErbemoKHM76g
lUF/xOnPPjm8bwaIHxrktK7EaszsQnyQzXXdr6VcvC2tjED3Abf3O4UJr2Fayekp
5qVA3CCwD1GP68f1Tdu9HmZEsFT4x/wBRukQZr9oDjk83X6K/+EGzimXPdOl0i1p
mMBfCAGkwFzBATi+ZikDpoJOjTq5S9/kAYrBkN8Rz7v1zckSW3QgxJYrP/ztI7T/
zWurPVGjzcfpRxzT/YyL71U3JL6KKuMN39bdYZ2c47PpMULKyRgQmzp6aGnBW5Vr
RFAwAqIOlEyLPay1XR+xuuUWHdJZwK36iNO2uPYdNJxMayeL
-----END CERTIFICATE-----