Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201136.roa
File:                     AS201136.roa (raw, json)
Hash identifier:          KxQxvYUX/oWfhotC+TWdUfW1W2z+cloXs52C4BRnBrw=
Subject key identifier:   D1:C3:95:2E:75:F8:04:17:44:6F:74:98:32:2A:FC:1C:12:76:02:B5
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       73CF2B959FD67A90F14C0F8CDFFEC5578BBE347D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201136.roa
Signing time:             Fri 01 May 2026 16:23:02 +0000
ROA not before:           Fri 01 May 2026 16:18:02 +0000
ROA not after:            Fri 30 Apr 2027 16:23:02 +0000
asID:                     201136
IP address blocks:        92.112.218.0/24 maxlen: 24
                          92.112.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 02 May 2026 16:33:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:cf:2b:95:9f:d6:7a:90:f1:4c:0f:8c:df:fe:c5:57:8b:be:34:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  1 16:18:02 2026 GMT
            Not After : Apr 30 16:23:02 2027 GMT
        Subject: CN=D1C3952E75F80417446F7498322AFC1C127602B5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:2d:9b:37:f7:69:b0:25:b4:56:e6:28:58:bb:
                    ca:dd:71:b7:a4:76:21:39:94:df:2e:67:d2:34:91:
                    96:36:b0:e2:4f:f6:20:e8:42:dd:52:c4:59:bb:26:
                    d8:2b:11:48:64:f1:d0:86:06:c0:5d:18:d2:4a:10:
                    bf:e6:bc:fc:75:c8:e1:bd:15:fb:13:1d:6f:4f:86:
                    5f:a0:30:47:a6:85:d6:6d:3c:f8:f7:01:f8:2d:87:
                    20:61:3f:80:0b:d8:c8:dc:f0:9a:c0:3b:43:d5:e2:
                    68:12:40:59:27:6b:38:49:52:19:54:17:18:87:ec:
                    31:1b:e9:0b:bd:7e:81:e1:f9:5d:ff:a2:3f:4b:c2:
                    c4:8d:f5:52:41:6a:1e:dc:ca:00:38:19:16:2a:52:
                    aa:32:ac:0e:36:08:e7:41:6b:53:ff:02:29:ea:97:
                    16:51:ab:73:88:0c:c5:a9:d2:d4:b9:44:01:4a:7e:
                    ba:db:4d:e7:d5:76:1d:fa:6b:42:2a:f1:29:cf:3f:
                    f7:98:8b:51:ee:8e:c4:b4:f8:4b:e5:35:14:e7:67:
                    7c:0e:87:99:5c:da:b8:f1:d9:bc:ef:cb:d0:3e:ed:
                    d7:33:06:57:1c:df:9e:32:1c:58:3e:38:ee:16:3e:
                    de:0a:92:6f:4d:67:96:8e:d5:ea:7e:c5:83:71:21:
                    35:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C3:95:2E:75:F8:04:17:44:6F:74:98:32:2A:FC:1C:12:76:02:B5
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201136.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.218.0/24
                  92.112.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:c4:e9:28:03:bd:9f:ab:30:52:98:90:a3:1b:dd:f3:c8:9d:
         9c:75:ad:db:01:68:f7:ab:87:5c:c1:bd:7d:24:32:ff:98:5f:
         1d:cc:f6:3d:e1:7d:af:53:b8:86:f5:74:f2:35:b9:d7:5d:65:
         20:5e:aa:9c:34:14:6c:95:ca:0e:3a:71:00:a5:5f:ac:58:7b:
         1f:64:9e:11:bd:37:97:f6:0c:9f:96:86:10:c7:f4:52:19:ec:
         b0:54:3d:41:28:dc:07:23:b5:15:14:c8:fd:fe:86:e3:1b:c8:
         1f:6d:8b:ae:74:90:64:64:d5:3a:6e:ea:df:73:c0:9b:f0:1f:
         23:f0:aa:90:b4:98:f1:31:21:b7:90:66:12:ad:70:53:4b:13:
         78:f6:04:0d:13:78:83:38:9e:4f:0d:e8:3b:b1:ac:5e:b7:67:
         44:ac:f5:d5:12:ff:f6:26:d0:32:cf:b1:eb:fd:67:eb:d5:7f:
         63:7d:d6:ab:ab:30:f4:b3:8c:fe:68:58:6e:7d:5f:7a:16:4f:
         77:af:86:48:dd:89:7a:cf:59:5a:bc:f7:71:66:b7:ec:ec:4e:
         69:bd:a7:c3:c1:d1:1c:57:30:db:4d:6d:8a:35:29:ee:a8:68:
         e0:2d:d8:71:9d:1f:e9:73:0a:f0:f9:ca:f3:20:d4:a2:62:d9:
         32:ba:6e:55
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUc88rlZ/WepDxTA+M3/7FV4u+NH0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDExNjE4MDJaFw0yNzA0MzAxNjIzMDJaMDMxMTAvBgNV
BAMTKEQxQzM5NTJFNzVGODA0MTc0NDZGNzQ5ODMyMkFGQzFDMTI3NjAyQjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiLZs392mwJbRW5ihYu8rdcbek
diE5lN8uZ9I0kZY2sOJP9iDoQt1SxFm7JtgrEUhk8dCGBsBdGNJKEL/mvPx1yOG9
FfsTHW9Phl+gMEemhdZtPPj3AfgthyBhP4AL2Mjc8JrAO0PV4mgSQFknazhJUhlU
FxiH7DEb6Qu9foHh+V3/oj9LwsSN9VJBah7cygA4GRYqUqoyrA42COdBa1P/Ainq
lxZRq3OIDMWp0tS5RAFKfrrbTefVdh36a0Iq8SnPP/eYi1HujsS0+EvlNRTnZ3wO
h5lc2rjx2bzvy9A+7dczBlcc354yHFg+OO4WPt4Kkm9NZ5aO1ep+xYNxITUPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU0cOVLnX4BBdEb3SYMir8HBJ2ArUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAxMTM2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHDa
AwQAXHDlMA0GCSqGSIb3DQEBCwUAA4IBAQAixOkoA72fqzBSmJCjG93zyJ2cda3b
AWj3q4dcwb19JDL/mF8dzPY94X2vU7iG9XTyNbnXXWUgXqqcNBRslcoOOnEApV+s
WHsfZJ4RvTeX9gyfloYQx/RSGeywVD1BKNwHI7UVFMj9/objG8gfbYuudJBkZNU6
burfc8Cb8B8j8KqQtJjxMSG3kGYSrXBTSxN49gQNE3iDOJ5PDeg7saxet2dErPXV
Ev/2JtAyz7Hr/Wfr1X9jfdarqzD0s4z+aFhufV96Fk93r4ZI3Yl6z1lavPdxZrfs
7E5pvafDwdEcVzDbTW2KNSnuqGjgLdhxnR/pcwrw+crzINSiYtkyum5V
-----END CERTIFICATE-----