Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa
File:                     AS142561.roa (raw, json)
Hash identifier:          dkay3ofhhXVtGL99GDn7ZW1kksZ0RYg5vcl+uO/s2vY=
Subject key identifier:   5D:4A:45:D4:93:2E:E8:1C:A2:A5:44:BB:88:54:64:AA:7F:8D:65:B6
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5B887CC2588370CB59380411A0EAE33189463DC0
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa
Signing time:             Thu 11 Jun 2026 15:30:59 +0000
ROA not before:           Thu 11 Jun 2026 15:25:59 +0000
ROA not after:            Thu 10 Jun 2027 15:30:59 +0000
asID:                     142561
IP address blocks:        91.124.55.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 13:27:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:88:7c:c2:58:83:70:cb:59:38:04:11:a0:ea:e3:31:89:46:3d:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 11 15:25:59 2026 GMT
            Not After : Jun 10 15:30:59 2027 GMT
        Subject: CN=5D4A45D4932EE81CA2A544BB885464AA7F8D65B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:d9:b4:88:67:e5:4d:ff:c6:f4:8d:22:40:2e:
                    39:bd:3c:3f:f6:66:7b:98:ee:e0:00:5b:8f:3d:9a:
                    12:97:52:37:91:b3:b9:6c:93:94:b4:6d:71:0c:41:
                    5b:ad:c7:9f:77:4c:23:7b:50:5e:2b:55:7e:9d:08:
                    e8:0e:28:4b:b7:98:64:83:c7:34:6f:a4:bb:c8:e2:
                    bb:50:de:0e:1f:a4:24:42:b6:ff:ba:3f:53:13:84:
                    72:57:5e:bd:e3:78:27:e2:e8:9d:0d:85:f6:97:98:
                    02:a6:bc:1b:56:06:47:5f:8d:3f:85:26:f2:81:e4:
                    2c:f3:e3:da:38:fb:d6:6e:dd:1d:d0:de:44:05:d8:
                    22:a7:a3:c6:f0:fb:96:9a:0f:e1:f3:08:87:ac:17:
                    e7:88:2d:9a:cc:b9:7d:01:fd:7b:c3:a1:88:d7:91:
                    2d:86:c8:fc:0b:58:df:50:48:a2:e7:b0:4d:87:e3:
                    af:22:9c:cf:7a:cb:94:c1:6d:fa:9a:af:06:3a:90:
                    4b:2f:4e:5e:08:7e:33:0c:ca:7e:70:65:75:74:46:
                    43:ba:21:06:18:e9:b3:84:cb:9e:bc:b9:6c:b7:21:
                    ef:22:52:b7:e2:98:76:6d:b4:3a:0a:c4:bf:e6:07:
                    cc:2d:ed:a1:4f:3b:71:48:54:aa:16:f2:b2:a7:42:
                    03:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:4A:45:D4:93:2E:E8:1C:A2:A5:44:BB:88:54:64:AA:7F:8D:65:B6
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS142561.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:61:25:46:af:60:f9:06:af:fe:8f:fb:bf:f8:08:0b:a5:af:
         f9:64:e5:db:6b:85:89:fa:65:7c:c9:a1:c9:9d:35:f2:b9:e5:
         ad:d5:2f:e4:48:a7:7c:65:73:c0:2c:82:d6:70:bd:eb:3e:db:
         96:b5:cc:64:31:1b:cd:05:ef:d7:45:9d:58:fe:22:99:02:35:
         c3:6c:39:b3:85:cf:38:64:41:eb:3c:c5:5b:16:3f:27:b7:43:
         ba:ae:40:bb:e2:4d:29:ce:61:f9:5f:0c:d3:b4:48:c2:a2:4d:
         ad:db:44:60:fe:10:41:4d:69:db:a6:26:fa:c5:bc:d2:26:54:
         cc:7c:b2:5c:0b:a1:f2:d1:ea:d7:26:98:e7:e2:d3:76:4d:a8:
         bc:1b:e8:f5:ba:e1:31:ae:24:8d:9a:8d:49:b4:b6:f9:bf:93:
         60:fd:ad:85:5f:35:0d:d1:b3:97:76:f8:c1:80:4b:8d:c8:c2:
         15:d0:85:98:42:bc:ad:2b:ae:c1:b5:fd:c4:07:20:db:75:e0:
         e7:44:53:90:ce:95:ed:e1:b6:a6:a4:55:7d:d7:a5:4a:a6:cb:
         85:c3:39:06:01:32:53:70:42:6f:5c:15:79:f0:84:58:5c:33:
         92:73:9b:dd:73:4e:9a:1f:fa:6a:64:51:52:c2:80:72:1c:68:
         ff:08:97:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUW4h8wliDcMtZOAQRoOrjMYlGPcAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MTExNTI1NTlaFw0yNzA2MTAxNTMwNTlaMDMxMTAvBgNV
BAMTKDVENEE0NUQ0OTMyRUU4MUNBMkE1NDRCQjg4NTQ2NEFBN0Y4RDY1QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCR2bSIZ+VN/8b0jSJALjm9PD/2
ZnuY7uAAW489mhKXUjeRs7lsk5S0bXEMQVutx593TCN7UF4rVX6dCOgOKEu3mGSD
xzRvpLvI4rtQ3g4fpCRCtv+6P1MThHJXXr3jeCfi6J0NhfaXmAKmvBtWBkdfjT+F
JvKB5Czz49o4+9Zu3R3Q3kQF2CKno8bw+5aaD+HzCIesF+eILZrMuX0B/XvDoYjX
kS2GyPwLWN9QSKLnsE2H468inM96y5TBbfqarwY6kEsvTl4IfjMMyn5wZXV0RkO6
IQYY6bOEy568uWy3Ie8iUrfimHZttDoKxL/mB8wt7aFPO3FIVKoW8rKnQgMdAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXUpF1JMu6ByipUS7iFRkqn+NZbYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTQyNTYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW3w3
MA0GCSqGSIb3DQEBCwUAA4IBAQCBYSVGr2D5Bq/+j/u/+AgLpa/5ZOXba4WJ+mV8
yaHJnTXyueWt1S/kSKd8ZXPALILWcL3rPtuWtcxkMRvNBe/XRZ1Y/iKZAjXDbDmz
hc84ZEHrPMVbFj8nt0O6rkC74k0pzmH5XwzTtEjCok2t20Rg/hBBTWnbpib6xbzS
JlTMfLJcC6Hy0erXJpjn4tN2Tai8G+j1uuExriSNmo1JtLb5v5Ng/a2FXzUN0bOX
dvjBgEuNyMIV0IWYQrytK67Btf3EByDbdeDnRFOQzpXt4bampFV916VKpsuFwzkG
ATJTcEJvXBV58IRYXDOSc5vdc06aH/pqZFFSwoByHGj/CJcS
-----END CERTIFICATE-----