Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          XKeUAndCwQ7hnKHbkWK+IQGHDlgXwX4oorbyCd36ICA=
Subject key identifier:   9C:41:CC:1D:09:50:05:6C:B6:25:04:47:EF:33:D2:3D:99:E8:84:43
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3E4FB6D5D5A1AC5C43DC10289763466B3870343E
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa
Signing time:             Tue 19 May 2026 06:17:52 +0000
ROA not before:           Tue 19 May 2026 06:12:52 +0000
ROA not after:            Tue 18 May 2027 06:17:52 +0000
asID:                     17497
IP address blocks:        95.134.30.0/24 maxlen: 24
                          178.92.41.0/24 maxlen: 24
                          178.95.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 11 Jun 2026 23:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:4f:b6:d5:d5:a1:ac:5c:43:dc:10:28:97:63:46:6b:38:70:34:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 19 06:12:52 2026 GMT
            Not After : May 18 06:17:52 2027 GMT
        Subject: CN=9C41CC1D0950056CB6250447EF33D23D99E88443
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:94:92:18:c0:5b:e3:63:2e:c9:37:24:a8:15:
                    f8:d0:c1:20:05:c3:97:83:69:dd:92:f7:10:73:3b:
                    36:1b:9a:da:8d:1d:d9:46:d5:0b:bd:1f:21:42:53:
                    37:40:42:86:ca:91:f0:19:de:b0:76:5e:9a:6a:d0:
                    49:2d:25:f4:de:78:98:e9:3a:64:16:af:b5:ba:01:
                    d1:5a:b6:76:ff:21:57:e9:ab:f5:52:38:73:a4:fb:
                    9e:4b:d8:16:8f:8c:6a:20:bf:c9:3b:97:c2:de:1b:
                    43:94:87:a2:a1:96:97:cd:75:bc:95:c0:ed:00:8a:
                    9b:bb:28:e4:0b:18:c5:4d:ff:d8:6e:3a:eb:66:01:
                    d9:81:9d:aa:ff:a2:61:80:11:e6:e7:ee:c8:b1:c6:
                    f8:50:9a:42:87:17:77:c7:4b:8f:b5:ba:aa:df:3c:
                    82:34:af:d1:eb:34:3d:3c:02:0f:48:fb:f9:4d:b2:
                    a2:86:53:76:55:95:9e:24:97:3b:7b:ae:97:d4:4a:
                    8a:3a:af:7c:4b:68:04:58:16:57:f9:d0:40:67:41:
                    03:8d:a3:f1:e3:4d:5e:27:e6:38:54:42:2c:ea:e1:
                    3b:40:46:29:1a:2c:60:a9:7a:79:f4:f0:37:fe:58:
                    80:17:c3:a7:a8:61:46:bf:85:05:62:04:eb:cd:4f:
                    41:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:41:CC:1D:09:50:05:6C:B6:25:04:47:EF:33:D2:3D:99:E8:84:43
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.30.0/24
                  178.92.41.0/24
                  178.95.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:00:b8:86:40:37:03:b2:cb:b9:f9:2d:2f:2d:7f:14:fa:d9:
         fa:be:e8:40:8f:68:d2:7e:9b:a6:91:82:3b:7e:e9:b9:89:2f:
         ce:78:ff:22:3c:b0:ec:79:86:ec:9a:0e:8c:e9:85:f4:19:cc:
         b8:e2:90:7f:fd:c1:35:c9:59:1e:b6:cd:8e:4b:a1:b8:a9:57:
         c9:29:45:e0:2a:19:45:26:05:1a:02:a4:1f:2f:b6:8a:38:06:
         d3:4d:de:5e:14:4d:49:a1:bb:73:85:49:81:6e:36:07:6d:40:
         8e:4e:85:b2:e0:b7:e0:4a:4f:75:b4:b1:c7:36:e4:f6:67:0c:
         7b:26:d0:84:a0:55:fd:b2:c8:4c:5d:22:c8:e2:f7:58:d9:5b:
         a6:ef:fe:d4:5a:3c:95:b1:4d:01:ce:70:db:77:e1:4d:4f:96:
         f7:dc:8c:7f:1d:55:cc:e7:d9:d6:07:b2:9d:06:ad:6c:16:0e:
         d1:03:ac:6d:18:9c:cf:a8:3c:8f:dd:7d:0b:82:ec:f1:3e:fa:
         3e:d7:fa:c2:97:b9:c7:5b:e2:57:97:f3:0c:c5:d0:99:80:44:
         2f:cc:09:07:b8:08:77:79:0e:93:18:b5:45:13:50:27:e3:20:
         b7:54:bf:76:c7:fe:d2:e9:ef:cc:2b:80:d5:6b:c7:8e:72:2a:
         ff:47:35:f3
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUPk+21dWhrFxD3BAol2NGazhwND4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTkwNjEyNTJaFw0yNzA1MTgwNjE3NTJaMDMxMTAvBgNV
BAMTKDlDNDFDQzFEMDk1MDA1NkNCNjI1MDQ0N0VGMzNEMjNEOTlFODg0NDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYlJIYwFvjYy7JNySoFfjQwSAF
w5eDad2S9xBzOzYbmtqNHdlG1Qu9HyFCUzdAQobKkfAZ3rB2Xppq0EktJfTeeJjp
OmQWr7W6AdFatnb/IVfpq/VSOHOk+55L2BaPjGogv8k7l8LeG0OUh6KhlpfNdbyV
wO0Aipu7KOQLGMVN/9huOutmAdmBnar/omGAEebn7sixxvhQmkKHF3fHS4+1uqrf
PII0r9HrND08Ag9I+/lNsqKGU3ZVlZ4klzt7rpfUSoo6r3xLaARYFlf50EBnQQON
o/HjTV4n5jhUQizq4TtARikaLGCpenn08Df+WIAXw6eoYUa/hQViBOvNT0GZAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUnEHMHQlQBWy2JQRH7zPSPZnohEMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABfhh4D
BACyXCkDBACyX/AwDQYJKoZIhvcNAQELBQADggEBAHEAuIZANwOyy7n5LS8tfxT6
2fq+6ECPaNJ+m6aRgjt+6bmJL854/yI8sOx5huyaDozphfQZzLjikH/9wTXJWR62
zY5LobipV8kpReAqGUUmBRoCpB8vtoo4BtNN3l4UTUmhu3OFSYFuNgdtQI5OhbLg
t+BKT3W0scc25PZnDHsm0ISgVf2yyExdIsji91jZW6bv/tRaPJWxTQHOcNt34U1P
lvfcjH8dVczn2dYHsp0GrWwWDtEDrG0YnM+oPI/dfQuC7PE++j7X+sKXucdb4leX
8wzF0JmARC/MCQe4CHd5DpMYtUUTUCfjILdUv3bH/tLp78wrgNVrx45yKv9HNfM=
-----END CERTIFICATE-----