Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40170.roa
File:                     AS40170.roa (raw, json)
Hash identifier:          SDZUUyWpVQgy89/8BqR+6qWCw3scDsvcghihybUhHhU=
Subject key identifier:   47:C5:B4:1F:E9:C3:A6:5F:12:33:54:90:AE:92:6D:8A:6F:09:DB:D1
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3B6C194782D68BAC7BA17DCD6C4C25A831AFF6E4
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40170.roa
Signing time:             Tue 23 Jun 2026 16:41:56 +0000
ROA not before:           Tue 23 Jun 2026 16:36:56 +0000
ROA not after:            Tue 22 Jun 2027 16:41:56 +0000
asID:                     40170
IP address blocks:        46.202.75.0/24 maxlen: 24
                          92.113.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 24 Jun 2026 22:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:6c:19:47:82:d6:8b:ac:7b:a1:7d:cd:6c:4c:25:a8:31:af:f6:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 23 16:36:56 2026 GMT
            Not After : Jun 22 16:41:56 2027 GMT
        Subject: CN=47C5B41FE9C3A65F12335490AE926D8A6F09DBD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:26:b7:29:ed:33:bd:fd:64:e1:2d:c4:4f:4f:
                    42:89:77:8e:4c:79:ea:89:04:d6:1c:04:f6:d2:4c:
                    73:d0:59:ce:d4:c5:ea:49:5c:1a:b5:37:b8:97:63:
                    f0:ca:0a:39:5a:e7:6b:d5:1e:d4:8a:a5:fc:ad:9b:
                    34:69:03:c3:eb:f1:6c:7b:5e:72:eb:81:6a:8d:bc:
                    73:08:25:5b:e3:08:30:a2:e3:de:8d:8b:ae:eb:d7:
                    47:98:31:94:5f:a0:43:7e:f4:15:ac:43:be:6f:ef:
                    f8:52:d5:f5:e9:10:55:c7:8c:6d:5d:62:44:b7:39:
                    a7:7d:ba:30:39:21:60:fc:dc:a3:ce:f5:84:42:ec:
                    66:f0:f1:c0:2b:3a:1b:19:72:87:fe:66:d3:57:5a:
                    d0:53:a8:22:42:b0:3f:de:91:36:8a:bd:a7:7f:f6:
                    93:d2:c9:13:7a:ef:f9:24:82:1d:77:10:08:16:b6:
                    72:ce:46:66:31:26:82:47:43:a7:75:aa:f8:b1:97:
                    a4:26:41:e0:c2:80:2c:f2:e2:d8:b1:92:12:da:ed:
                    71:a8:40:78:4e:c3:48:91:f9:5c:15:b2:a1:47:59:
                    c0:ad:52:6f:2d:55:8e:58:80:74:52:f6:ad:be:a3:
                    dd:de:be:2c:f7:9d:2c:9d:43:c5:a4:6f:6d:e1:19:
                    da:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:C5:B4:1F:E9:C3:A6:5F:12:33:54:90:AE:92:6D:8A:6F:09:DB:D1
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS40170.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.75.0/24
                  92.113.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:17:22:58:5a:93:a8:44:5e:0b:a5:cc:da:28:90:d2:89:bb:
         5f:c6:2d:db:b6:5b:38:0e:62:03:0e:c8:ad:0b:c0:5d:2a:34:
         e6:4f:7b:73:be:d2:ea:a8:b5:07:dc:ce:c4:ad:e6:31:c9:25:
         c8:31:c6:b7:c2:43:b8:bb:b3:51:3e:f9:65:52:1d:57:1a:20:
         0b:2f:a6:46:9a:e3:0d:03:60:0a:ff:6c:e0:9c:52:7c:6b:ec:
         6e:02:88:b6:d1:71:18:94:5a:bf:37:8a:8a:ca:e5:ee:b8:8c:
         a1:66:1e:e1:57:f2:45:90:6d:39:ae:98:af:b7:72:7f:4f:d0:
         1e:21:0a:bc:04:08:2a:e4:10:fa:a4:1b:05:b0:86:be:a9:30:
         6e:a5:b0:6a:84:ae:2c:a8:03:79:bb:d7:68:21:0a:b7:ce:d3:
         39:f7:3f:7b:d2:40:58:b1:2a:43:89:c1:92:45:59:f4:c7:be:
         75:87:7b:0f:e1:03:0f:8b:96:ae:f0:28:ee:37:07:cd:b3:e0:
         d7:a1:49:57:b0:15:d8:9e:cc:80:a3:71:3f:83:e0:a2:01:04:
         79:3f:26:28:2a:b8:f4:7f:d3:ca:bb:05:b5:4a:1a:3c:c8:17:
         a2:aa:74:d8:b6:d8:57:bc:9c:65:2b:82:f2:a7:50:4b:3f:a1:
         71:68:9e:42
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUO2wZR4LWi6x7oX3NbEwlqDGv9uQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjMxNjM2NTZaFw0yNzA2MjIxNjQxNTZaMDMxMTAvBgNV
BAMTKDQ3QzVCNDFGRTlDM0E2NUYxMjMzNTQ5MEFFOTI2RDhBNkYwOURCRDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnJrcp7TO9/WThLcRPT0KJd45M
eeqJBNYcBPbSTHPQWc7UxepJXBq1N7iXY/DKCjla52vVHtSKpfytmzRpA8Pr8Wx7
XnLrgWqNvHMIJVvjCDCi496Ni67r10eYMZRfoEN+9BWsQ75v7/hS1fXpEFXHjG1d
YkS3Oad9ujA5IWD83KPO9YRC7Gbw8cArOhsZcof+ZtNXWtBTqCJCsD/ekTaKvad/
9pPSyRN67/kkgh13EAgWtnLORmYxJoJHQ6d1qvixl6QmQeDCgCzy4tixkhLa7XGo
QHhOw0iR+VwVsqFHWcCtUm8tVY5YgHRS9q2+o93eviz3nSydQ8Wkb23hGdrlAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUR8W0H+nDpl8SM1SQrpJtim8J29EwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAxNzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuyksD
BABccWkwDQYJKoZIhvcNAQELBQADggEBACkXIlhak6hEXgulzNookNKJu1/GLdu2
WzgOYgMOyK0LwF0qNOZPe3O+0uqotQfczsSt5jHJJcgxxrfCQ7i7s1E++WVSHVca
IAsvpkaa4w0DYAr/bOCcUnxr7G4CiLbRcRiUWr83iorK5e64jKFmHuFX8kWQbTmu
mK+3cn9P0B4hCrwECCrkEPqkGwWwhr6pMG6lsGqEriyoA3m712ghCrfO0zn3P3vS
QFixKkOJwZJFWfTHvnWHew/hAw+Llq7wKO43B82z4NehSVewFdiezICjcT+D4KIB
BHk/JigquPR/08q7BbVKGjzIF6KqdNi22Fe8nGUrgvKnUEs/oXFonkI=
-----END CERTIFICATE-----