Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          l6i4wPwBtJhlOHMPkJVSC90Zfop5S+k88VKfQ2xLrbE=
Subject key identifier:   DD:32:16:52:F8:D3:BC:4E:C0:38:21:03:E0:0E:8F:9A:87:1C:37:EB
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1B7478E2496EB1F597B651DA3E9B896BADDBE156
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa
Signing time:             Sun 19 Apr 2026 11:57:07 +0000
ROA not before:           Sun 19 Apr 2026 11:52:07 +0000
ROA not after:            Sun 18 Apr 2027 11:57:07 +0000
asID:                     17497
IP address blocks:        95.134.30.0/24 maxlen: 24
                          178.95.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 12:42:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:74:78:e2:49:6e:b1:f5:97:b6:51:da:3e:9b:89:6b:ad:db:e1:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 19 11:52:07 2026 GMT
            Not After : Apr 18 11:57:07 2027 GMT
        Subject: CN=DD321652F8D3BC4EC0382103E00E8F9A871C37EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7e:dc:eb:b3:84:5a:74:c6:f5:a3:3f:12:de:
                    99:57:7c:28:5d:92:56:d9:4f:fc:c1:11:34:87:35:
                    ed:b8:cb:63:77:6c:2e:a8:cb:a2:29:fc:4c:23:59:
                    fd:83:b5:03:f6:39:ce:5d:d1:75:fb:d8:73:a1:ac:
                    3d:e3:54:8b:df:b1:39:d5:20:42:53:63:a2:5a:fd:
                    bc:09:9d:da:fe:25:bf:e1:ec:3a:c4:b0:71:9f:2e:
                    2b:2d:cf:ff:fc:44:c5:58:70:71:83:5d:96:6a:dc:
                    17:4e:72:26:39:ca:f4:5f:aa:4d:fa:85:82:6e:b8:
                    9f:32:73:33:68:19:2c:d7:f0:70:55:af:db:45:4d:
                    6f:01:80:58:cf:be:15:94:62:16:20:b8:52:6b:2e:
                    38:2c:05:2d:ea:68:66:28:1a:0d:7a:f9:30:a5:51:
                    5b:7e:b2:12:63:68:e8:a7:37:c6:fb:00:54:55:51:
                    17:09:ac:e2:85:8a:19:43:c1:a9:17:cd:98:70:21:
                    17:59:51:e6:45:33:5f:d3:fb:b0:20:99:e4:9f:8e:
                    a0:b6:6a:e3:23:ca:84:37:c2:02:e0:12:46:5b:e5:
                    ab:d1:07:ab:f5:a6:11:21:7f:28:8a:3e:33:6b:22:
                    9b:4c:cc:4d:1b:eb:b1:69:86:d5:0f:48:19:65:9b:
                    fd:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:32:16:52:F8:D3:BC:4E:C0:38:21:03:E0:0E:8F:9A:87:1C:37:EB
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.30.0/24
                  178.95.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:db:29:36:43:86:37:98:52:1a:a0:d3:be:42:c8:31:69:31:
         23:f2:5a:9e:21:60:3b:13:5b:50:22:e2:d8:f9:0c:46:d1:31:
         a4:e3:5a:fe:3f:44:0e:91:bb:8b:60:b6:b3:63:d6:ff:7c:2e:
         52:02:f1:a3:01:30:01:5f:9c:c6:a8:c2:f6:a4:8e:7f:46:86:
         6a:cb:eb:12:90:6c:60:0a:53:2b:72:c5:87:38:40:39:fe:3b:
         b5:0a:a6:75:fd:89:38:78:0d:81:c5:4f:e9:57:25:6a:48:ef:
         df:6b:b9:47:8a:50:79:95:bc:ff:10:b7:8f:a7:98:4a:a1:3f:
         b4:e4:88:c5:d1:23:0f:a0:fc:0f:e5:8e:9a:bb:4b:a8:14:22:
         5f:ed:34:02:be:d7:f5:73:d7:c0:40:9a:a6:11:3f:b3:c6:b3:
         d7:29:aa:40:36:f4:66:b7:07:fa:a4:f6:5e:f0:c3:f2:7c:4f:
         41:11:80:28:8d:ba:24:ec:2c:ab:e6:b0:2a:67:7f:de:65:5c:
         90:54:d4:bd:9a:06:cd:2e:db:7a:f0:9c:42:b8:cc:88:21:8d:
         00:eb:08:97:5f:9a:31:82:f2:d7:f3:c6:19:56:23:9f:f1:a1:
         f0:d9:18:f9:7a:0a:c1:8b:b8:82:5b:90:c7:ed:bc:c4:18:3e:
         61:c4:16:00
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUG3R44klusfWXtlHaPpuJa63b4VYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MTkxMTUyMDdaFw0yNzA0MTgxMTU3MDdaMDMxMTAvBgNV
BAMTKEREMzIxNjUyRjhEM0JDNEVDMDM4MjEwM0UwMEU4RjlBODcxQzM3RUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRftzrs4RadMb1oz8S3plXfChd
klbZT/zBETSHNe24y2N3bC6oy6Ip/EwjWf2DtQP2Oc5d0XX72HOhrD3jVIvfsTnV
IEJTY6Ja/bwJndr+Jb/h7DrEsHGfListz//8RMVYcHGDXZZq3BdOciY5yvRfqk36
hYJuuJ8yczNoGSzX8HBVr9tFTW8BgFjPvhWUYhYguFJrLjgsBS3qaGYoGg16+TCl
UVt+shJjaOinN8b7AFRVURcJrOKFihlDwakXzZhwIRdZUeZFM1/T+7AgmeSfjqC2
auMjyoQ3wgLgEkZb5avRB6v1phEhfyiKPjNrIptMzE0b67FphtUPSBllm/07AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU3TIWUvjTvE7AOCED4A6PmoccN+swHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBABfhh4D
BACyX/AwDQYJKoZIhvcNAQELBQADggEBAAzbKTZDhjeYUhqg075CyDFpMSPyWp4h
YDsTW1Ai4tj5DEbRMaTjWv4/RA6Ru4tgtrNj1v98LlIC8aMBMAFfnMaowvakjn9G
hmrL6xKQbGAKUytyxYc4QDn+O7UKpnX9iTh4DYHFT+lXJWpI799ruUeKUHmVvP8Q
t4+nmEqhP7TkiMXRIw+g/A/ljpq7S6gUIl/tNAK+1/Vz18BAmqYRP7PGs9cpqkA2
9Ga3B/qk9l7ww/J8T0ERgCiNuiTsLKvmsCpnf95lXJBU1L2aBs0u23rwnEK4zIgh
jQDrCJdfmjGC8tfzxhlWI5/xofDZGPl6CsGLuIJbkMftvMQYPmHEFgA=
-----END CERTIFICATE-----