Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS41171.roa
File:                     AS41171.roa (raw, json)
Hash identifier:          SU/5FkY/VhCiBVSHpmTcog4B7HGseFhxWn3doT5Kgmw=
Subject key identifier:   CC:B5:6E:EF:F8:96:0A:BC:8D:40:6B:42:85:EB:3A:33:46:EE:69:71
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       3A2B71C09F67D50F05445075B66F512F3BB41D31
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS41171.roa
Signing time:             Mon 08 Jun 2026 12:25:19 +0000
ROA not before:           Mon 08 Jun 2026 12:20:19 +0000
ROA not after:            Mon 07 Jun 2027 12:25:19 +0000
asID:                     41171
IP address blocks:        92.112.42.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 14:52:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:2b:71:c0:9f:67:d5:0f:05:44:50:75:b6:6f:51:2f:3b:b4:1d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  8 12:20:19 2026 GMT
            Not After : Jun  7 12:25:19 2027 GMT
        Subject: CN=CCB56EEFF8960ABC8D406B4285EB3A3346EE6971
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e0:f7:41:bc:dd:3c:6c:98:63:bd:30:be:34:
                    c1:77:f6:c6:76:f7:a0:b6:35:46:2e:af:08:2d:ee:
                    2e:5d:5c:05:b7:9f:88:ec:3f:72:55:4b:36:f1:53:
                    9e:8f:15:73:7b:87:ab:02:b5:f0:a9:70:e3:16:52:
                    2d:6c:ab:2f:aa:87:de:6e:e2:9e:1f:e1:85:6c:41:
                    ea:b0:75:15:8d:b3:56:0c:b1:22:db:93:1e:a6:52:
                    26:8f:d8:10:5a:d7:c6:30:03:60:39:fb:d8:81:4b:
                    1b:cf:29:5e:8a:ea:2a:19:05:a7:92:71:f6:09:bf:
                    75:66:71:48:fd:0e:d8:59:48:64:ad:5e:bf:35:b2:
                    9c:a2:f2:97:02:c1:b8:d1:1b:23:94:7b:e0:05:a3:
                    92:a5:bd:40:39:72:97:69:49:bc:1d:c3:5e:0a:70:
                    78:f2:b9:f0:03:26:4c:6e:cf:f8:29:87:73:89:cb:
                    63:d0:04:da:7c:5f:aa:b8:17:b0:b2:54:c0:e5:3a:
                    27:fa:ec:ed:30:3e:7b:3b:d6:a9:9e:02:c0:a8:07:
                    b7:a6:a9:93:74:1f:17:15:ed:b5:02:92:c6:70:51:
                    94:ea:16:1d:7f:7f:5a:7d:5f:92:9f:d5:3c:e9:76:
                    97:77:b3:9a:7f:bc:1c:64:09:b7:e0:8b:f0:de:67:
                    6c:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:B5:6E:EF:F8:96:0A:BC:8D:40:6B:42:85:EB:3A:33:46:EE:69:71
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS41171.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.112.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:f5:ce:36:5f:bf:c3:f0:3f:15:ab:5d:4d:b0:d0:a8:7d:5e:
         94:ae:cc:8d:56:2f:0e:56:b9:2f:d6:59:73:1c:de:01:d4:85:
         56:c0:0a:ce:95:c6:fb:3e:3e:85:63:8f:5d:8f:63:00:d6:48:
         9c:65:18:5d:28:88:f4:8c:b7:42:e1:93:c0:2a:ca:17:87:1e:
         ed:75:d7:26:d5:46:da:6f:a4:ff:0f:c9:9e:af:d3:26:f5:96:
         51:ae:ad:64:3e:12:56:8b:63:3d:31:07:f7:ac:de:1c:22:7e:
         e5:bb:98:8f:1a:f9:dd:a2:f3:0c:8f:31:11:81:cf:85:cd:ac:
         0e:b9:86:dd:00:14:a4:96:81:96:56:c5:22:f8:20:34:7c:64:
         84:ec:73:d8:b2:44:bf:1f:39:12:d2:8b:64:18:81:30:d1:f8:
         6a:a7:a7:a0:e5:11:eb:be:fb:92:9d:79:30:12:98:a3:7e:b6:
         00:03:88:cd:55:e3:20:74:18:52:f4:63:c5:1d:42:2e:42:94:
         46:75:26:da:da:ab:b6:9f:aa:e4:d7:63:29:68:35:a3:d6:5e:
         a2:76:e8:09:c5:85:2c:e3:1c:39:b2:0a:59:30:26:8b:7f:25:
         c2:f3:5c:4a:5d:f1:10:a2:e0:17:ca:e9:b6:98:ab:24:a2:7a:
         a1:23:e1:36
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOitxwJ9n1Q8FRFB1tm9RLzu0HTEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDgxMjIwMTlaFw0yNzA2MDcxMjI1MTlaMDMxMTAvBgNV
BAMTKENDQjU2RUVGRjg5NjBBQkM4RDQwNkI0Mjg1RUIzQTMzNDZFRTY5NzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs4PdBvN08bJhjvTC+NMF39sZ2
96C2NUYurwgt7i5dXAW3n4jsP3JVSzbxU56PFXN7h6sCtfCpcOMWUi1sqy+qh95u
4p4f4YVsQeqwdRWNs1YMsSLbkx6mUiaP2BBa18YwA2A5+9iBSxvPKV6K6ioZBaeS
cfYJv3VmcUj9DthZSGStXr81spyi8pcCwbjRGyOUe+AFo5KlvUA5cpdpSbwdw14K
cHjyufADJkxuz/gph3OJy2PQBNp8X6q4F7CyVMDlOif67O0wPns71qmeAsCoB7em
qZN0HxcV7bUCksZwUZTqFh1/f1p9X5Kf1Tzpdpd3s5p/vBxkCbfgi/DeZ2xvAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUzLVu7/iWCryNQGtChes6M0buaXEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDExNzEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABccCow
DQYJKoZIhvcNAQELBQADggEBAJb1zjZfv8PwPxWrXU2w0Kh9XpSuzI1WLw5WuS/W
WXMc3gHUhVbACs6Vxvs+PoVjj12PYwDWSJxlGF0oiPSMt0Lhk8AqyheHHu111ybV
RtpvpP8PyZ6v0yb1llGurWQ+ElaLYz0xB/es3hwifuW7mI8a+d2i8wyPMRGBz4XN
rA65ht0AFKSWgZZWxSL4IDR8ZITsc9iyRL8fORLSi2QYgTDR+Gqnp6DlEeu++5Kd
eTASmKN+tgADiM1V4yB0GFL0Y8UdQi5ClEZ1Jtraq7afquTXYyloNaPWXqJ26AnF
hSzjHDmyClkwJot/JcLzXEpd8RCi4BfK6baYqySieqEj4TY=
-----END CERTIFICATE-----