Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201667.roa
File:                     AS201667.roa (raw, json)
Hash identifier:          tB4otOLWLg7NMIKoEmTK8pUNfzmcSdH+LJa3hGX+VI4=
Subject key identifier:   31:D3:2A:1F:FC:F3:AF:02:34:F1:F3:78:98:32:9D:42:B7:A0:DF:8C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2C493E93E2B94E5F4DE982A8BE97F153D61F70CF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201667.roa
Signing time:             Sat 04 Apr 2026 12:57:21 +0000
ROA not before:           Sat 04 Apr 2026 12:52:21 +0000
ROA not after:            Sat 03 Apr 2027 12:57:21 +0000
asID:                     201667
IP address blocks:        92.113.162.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Apr 2026 13:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:49:3e:93:e2:b9:4e:5f:4d:e9:82:a8:be:97:f1:53:d6:1f:70:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  4 12:52:21 2026 GMT
            Not After : Apr  3 12:57:21 2027 GMT
        Subject: CN=31D32A1FFCF3AF0234F1F37898329D42B7A0DF8C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:06:4c:4d:0f:90:2a:e0:96:6b:ca:1a:9f:a7:
                    6b:27:75:d8:11:37:fb:cf:5e:5c:cc:54:31:15:43:
                    07:87:a4:9f:66:2e:e3:36:4b:43:9b:ec:9d:bf:bf:
                    be:ef:e1:8a:5d:95:53:26:ab:5d:e7:8b:3a:5b:60:
                    21:66:bd:32:e1:c3:d6:9b:85:ba:05:8e:61:d5:20:
                    32:76:7f:de:03:1e:28:e5:d1:39:06:d6:07:ca:22:
                    fe:80:28:46:8f:f7:65:53:04:a9:c9:f9:67:a4:2b:
                    a1:c3:9a:2d:f1:fe:bb:3b:d1:b5:1a:4a:7b:b8:4e:
                    f0:84:f4:b5:15:87:bd:95:cc:90:ac:cb:94:b9:a4:
                    5b:f0:85:39:06:d9:e7:7d:55:c8:4a:df:4d:36:d6:
                    fb:8d:f4:c0:c4:41:85:8c:45:f1:3c:52:7c:c4:c8:
                    f7:5f:cd:2e:47:50:59:f2:92:94:66:c3:4e:2d:f2:
                    b7:d7:88:b7:65:fd:d1:2b:69:58:4a:f0:20:24:18:
                    92:99:54:7f:5a:7c:0e:de:69:d9:d2:47:d2:ce:8c:
                    01:96:79:c6:13:1b:a4:2b:e2:78:9c:af:35:b8:05:
                    68:b0:cc:64:58:69:06:6b:05:b2:8a:16:89:02:76:
                    c9:8f:e0:e6:64:f4:e5:d7:81:b6:22:c7:e0:42:c2:
                    64:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:D3:2A:1F:FC:F3:AF:02:34:F1:F3:78:98:32:9D:42:B7:A0:DF:8C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS201667.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c4:53:3e:2b:cc:d8:d4:a3:3a:a3:3d:af:e7:dd:03:08:09:
         35:4b:15:2e:cb:bf:0c:49:5f:6c:a1:a1:03:71:ec:70:80:de:
         35:01:50:59:76:c1:fa:d8:f9:34:f7:85:92:88:00:5c:27:d9:
         47:04:15:b7:6f:d9:63:7d:83:f6:9d:a6:6e:5d:fc:8e:2a:60:
         88:25:67:6c:e5:7f:e7:36:3c:42:98:11:9a:94:b9:91:e0:ca:
         7a:45:04:83:a6:bb:ab:a5:21:8f:43:9c:ba:e3:48:b9:af:02:
         06:09:69:10:ce:7f:d2:37:ca:5a:91:f4:d9:38:67:33:23:d9:
         b0:57:7f:f0:90:39:42:c1:17:c9:ab:8d:ac:98:f1:bc:fd:a5:
         22:1f:1b:0b:ba:a6:e4:10:90:d7:11:bb:ec:c8:5e:74:24:67:
         4e:0d:c7:5e:29:56:36:31:85:da:18:85:91:36:54:2a:f3:60:
         fc:ac:4e:ed:13:38:25:29:ae:32:a8:39:77:04:72:60:77:4c:
         02:39:62:9a:d8:df:7b:18:de:3c:ac:dd:c1:90:0a:4d:21:a8:
         c5:36:cb:17:b6:d4:1d:17:3e:93:d5:e9:c5:c2:5e:69:51:e9:
         58:e2:ce:2e:12:73:ca:9f:d4:27:cd:08:9c:db:44:7a:81:e4:
         2e:69:6e:b2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULEk+k+K5Tl9N6YKovpfxU9YfcM8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MDQxMjUyMjFaFw0yNzA0MDMxMjU3MjFaMDMxMTAvBgNV
BAMTKDMxRDMyQTFGRkNGM0FGMDIzNEYxRjM3ODk4MzI5RDQyQjdBMERGOEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD6BkxND5Aq4JZryhqfp2snddgR
N/vPXlzMVDEVQweHpJ9mLuM2S0Ob7J2/v77v4YpdlVMmq13nizpbYCFmvTLhw9ab
hboFjmHVIDJ2f94DHijl0TkG1gfKIv6AKEaP92VTBKnJ+WekK6HDmi3x/rs70bUa
Snu4TvCE9LUVh72VzJCsy5S5pFvwhTkG2ed9VchK30021vuN9MDEQYWMRfE8UnzE
yPdfzS5HUFnykpRmw04t8rfXiLdl/dEraVhK8CAkGJKZVH9afA7eadnSR9LOjAGW
ecYTG6Qr4nicrzW4BWiwzGRYaQZrBbKKFokCdsmP4OZk9OXXgbYix+BCwmR/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMdMqH/zzrwI08fN4mDKdQreg34wwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjAxNjY3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHGi
MA0GCSqGSIb3DQEBCwUAA4IBAQANxFM+K8zY1KM6oz2v590DCAk1SxUuy78MSV9s
oaEDcexwgN41AVBZdsH62Pk094WSiABcJ9lHBBW3b9ljfYP2naZuXfyOKmCIJWds
5X/nNjxCmBGalLmR4Mp6RQSDprurpSGPQ5y640i5rwIGCWkQzn/SN8pakfTZOGcz
I9mwV3/wkDlCwRfJq42smPG8/aUiHxsLuqbkEJDXEbvsyF50JGdODcdeKVY2MYXa
GIWRNlQq82D8rE7tEzglKa4yqDl3BHJgd0wCOWKa2N97GN48rN3BkApNIajFNssX
ttQdFz6T1enFwl5pUelY4s4uEnPKn9QnzQic20R6geQuaW6y
-----END CERTIFICATE-----