Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          NxgcFSdoF0jwREkCwd+KrLDhtdcE4QfD3kkGfp2IXrE=
Subject key identifier:   E3:70:8C:24:22:20:3F:8A:F0:A8:8F:8B:34:37:87:B7:F5:B1:AB:07
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       59F5BCED488BB19C52E9F25FDC312BA046732288
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa
Signing time:             Wed 24 Jun 2026 08:30:05 +0000
ROA not before:           Wed 24 Jun 2026 08:25:05 +0000
ROA not after:            Wed 23 Jun 2027 08:30:05 +0000
asID:                     22427
IP address blocks:        91.124.128.0/24 maxlen: 24
                          95.134.153.0/24 maxlen: 24
                          178.94.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:f5:bc:ed:48:8b:b1:9c:52:e9:f2:5f:dc:31:2b:a0:46:73:22:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 24 08:25:05 2026 GMT
            Not After : Jun 23 08:30:05 2027 GMT
        Subject: CN=E3708C2422203F8AF0A88F8B343787B7F5B1AB07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:47:58:1b:aa:fd:5f:c8:e1:d1:33:b3:be:3b:
                    c6:db:c5:c7:87:61:78:5f:a0:ae:73:8a:29:16:61:
                    0a:5e:6a:9f:f1:16:05:04:b5:06:76:3c:5b:e7:6f:
                    be:5e:a3:0e:f0:d3:e6:9e:e1:36:ca:13:79:07:b6:
                    a3:9e:50:4f:72:ec:a0:ed:eb:08:1f:58:2e:6e:b3:
                    d2:d2:9e:8b:c7:6d:1e:31:68:40:c9:4d:46:a3:31:
                    56:f9:1f:ae:9f:60:67:ad:b6:dc:2d:ca:de:dc:44:
                    8d:48:37:99:76:64:4e:67:3f:0f:b3:4f:fe:6b:7e:
                    95:26:ff:40:83:86:e0:8b:a9:08:7f:2a:d2:d6:58:
                    78:52:8d:0d:db:33:25:09:e6:a3:96:23:6c:e8:5a:
                    59:ee:41:5a:02:c5:08:49:79:15:7c:c0:0b:5a:65:
                    6a:01:3a:66:bd:24:1e:10:b2:02:2f:80:a1:28:e9:
                    a5:ff:c9:1f:b5:90:e8:76:05:44:f4:61:60:d8:41:
                    49:95:44:8b:02:5e:92:b8:9e:8c:88:c6:ca:80:24:
                    66:81:de:60:7a:c5:d9:e6:5a:27:90:eb:45:d1:07:
                    54:75:26:a5:01:d8:56:72:9d:4a:de:b2:25:53:a4:
                    c7:f0:47:cf:f0:b3:d5:c2:4a:bd:67:c2:a0:46:d8:
                    5e:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:70:8C:24:22:20:3F:8A:F0:A8:8F:8B:34:37:87:B7:F5:B1:AB:07
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.124.128.0/24
                  95.134.153.0/24
                  178.94.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:3b:59:56:4d:28:3f:d5:6e:83:2e:1f:72:ec:02:bd:f6:e0:
         74:4f:b2:ca:5e:29:16:49:d3:3f:56:59:eb:5a:34:1f:39:8e:
         4b:c5:27:5d:1f:27:90:54:3b:ce:5c:6b:75:cf:47:6a:77:83:
         64:af:e0:59:59:55:5b:d9:ac:ba:db:b9:f2:3b:de:b2:51:f5:
         72:6f:8f:6a:58:c6:8a:99:17:dc:f0:e3:e0:c2:5c:81:a7:73:
         54:e3:2d:54:17:7e:cc:96:6a:86:b3:12:df:c2:7e:1c:f7:52:
         17:06:da:4c:1f:5a:37:ff:36:63:27:50:4c:e6:93:48:a7:77:
         60:84:b0:e0:03:04:92:78:67:c8:c2:ad:5c:3f:1e:28:78:b6:
         12:9a:db:87:62:26:0b:b9:e1:de:47:59:0b:80:e6:4e:fa:fe:
         f8:74:41:e1:88:62:7e:65:05:6f:26:5e:4b:b6:32:f9:ca:27:
         0d:9a:80:88:78:e3:a9:38:eb:c4:cc:5d:62:37:8f:8e:fd:37:
         27:20:c9:f7:c6:7c:26:08:61:82:9a:54:f6:a6:f3:fc:91:1e:
         dd:06:64:ac:bc:0d:7b:45:02:da:88:99:18:ad:c7:65:6c:d1:
         0f:0e:e8:eb:1f:00:20:47:b1:35:dc:e5:86:bc:a0:67:c1:a7:
         06:81:c5:b2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUWfW87UiLsZxS6fJf3DEroEZzIogwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjQwODI1MDVaFw0yNzA2MjMwODMwMDVaMDMxMTAvBgNV
BAMTKEUzNzA4QzI0MjIyMDNGOEFGMEE4OEY4QjM0Mzc4N0I3RjVCMUFCMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUR1gbqv1fyOHRM7O+O8bbxceH
YXhfoK5ziikWYQpeap/xFgUEtQZ2PFvnb75eow7w0+ae4TbKE3kHtqOeUE9y7KDt
6wgfWC5us9LSnovHbR4xaEDJTUajMVb5H66fYGetttwtyt7cRI1IN5l2ZE5nPw+z
T/5rfpUm/0CDhuCLqQh/KtLWWHhSjQ3bMyUJ5qOWI2zoWlnuQVoCxQhJeRV8wAta
ZWoBOma9JB4QsgIvgKEo6aX/yR+1kOh2BUT0YWDYQUmVRIsCXpK4noyIxsqAJGaB
3mB6xdnmWieQ60XRB1R1JqUB2FZynUresiVTpMfwR8/ws9XCSr1nwqBG2F5lAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU43CMJCIgP4rwqI+LNDeHt/WxqwcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABbfIAD
BABfhpkDBACyXugwDQYJKoZIhvcNAQELBQADggEBACM7WVZNKD/VboMuH3LsAr32
4HRPsspeKRZJ0z9WWetaNB85jkvFJ10fJ5BUO85ca3XPR2p3g2Sv4FlZVVvZrLrb
ufI73rJR9XJvj2pYxoqZF9zw4+DCXIGnc1TjLVQXfsyWaoazEt/Cfhz3UhcG2kwf
Wjf/NmMnUEzmk0ind2CEsOADBJJ4Z8jCrVw/Hih4thKa24diJgu54d5HWQuA5k76
/vh0QeGIYn5lBW8mXku2MvnKJw2agIh446k468TMXWI3j479NycgyffGfCYIYYKa
VPam8/yRHt0GZKy8DXtFAtqImRitx2Vs0Q8O6OsfACBHsTXc5Ya8oGfBpwaBxbI=
-----END CERTIFICATE-----
Generated at Fri Jul 17 06:46:03 2026 by rpki-client