Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          uLrPQhu4wkE5Dn5VahiXaV9wU1bolDVCgEtT+oO7kMQ=
Subject key identifier:   9C:FA:6C:20:9F:09:8D:50:E1:E4:68:6C:96:5D:09:D2:C7:07:B1:06
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2B758BF0F329EFF6E3D5F8E16D77A709F6B4ABA1
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa
Signing time:             Wed 22 Oct 2025 12:38:21 +0000
ROA not before:           Wed 22 Oct 2025 12:33:21 +0000
ROA not after:            Wed 21 Oct 2026 12:38:21 +0000
asID:                     57043
IP address blocks:        178.92.143.0/24 maxlen: 24
                          178.93.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 30 Oct 2025 08:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:75:8b:f0:f3:29:ef:f6:e3:d5:f8:e1:6d:77:a7:09:f6:b4:ab:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Oct 22 12:33:21 2025 GMT
            Not After : Oct 21 12:38:21 2026 GMT
        Subject: CN=9CFA6C209F098D50E1E4686C965D09D2C707B106
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:2b:21:d6:48:a6:42:61:38:1c:ab:c3:00:88:
                    fe:83:49:70:3f:2a:d2:72:be:db:43:af:94:95:f4:
                    8d:f4:7c:00:8b:78:21:e9:06:0f:ee:e1:9e:9f:74:
                    59:ba:d4:f2:18:43:76:3c:b8:13:a3:0c:9e:a4:95:
                    96:7b:04:81:cc:1b:cf:9b:6d:4b:ec:b3:62:ae:c5:
                    bd:fb:80:b2:3a:c8:84:4e:d2:5a:b4:da:9d:76:88:
                    b2:97:67:1d:c7:57:00:75:5e:6a:f2:02:08:1e:f9:
                    46:c2:11:93:e2:27:e0:6f:01:9a:d9:f0:8d:01:40:
                    10:d6:6e:ee:96:a1:a9:29:4f:07:da:ba:81:b2:73:
                    e7:31:80:51:7d:bb:5b:93:fe:bc:51:38:bf:5e:c1:
                    e3:45:01:93:dd:4d:45:06:9f:f7:fa:0a:17:cf:43:
                    f2:6c:f0:9f:44:5d:98:cf:18:25:98:1d:df:f2:aa:
                    13:75:37:f1:fd:00:ba:58:37:2d:5e:88:2d:93:f7:
                    72:ae:db:43:24:b8:d7:60:b5:e7:a0:d3:b2:f1:01:
                    19:6f:6a:2a:18:e1:71:59:4f:58:52:79:c9:48:5e:
                    08:e6:59:8b:86:bb:a5:a5:c4:a2:ef:a8:3c:06:b2:
                    32:4a:45:92:df:50:6e:b0:6b:11:eb:fc:36:21:b5:
                    0b:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:FA:6C:20:9F:09:8D:50:E1:E4:68:6C:96:5D:09:D2:C7:07:B1:06
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.143.0/24
                  178.93.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:27:ef:67:43:27:62:d4:ef:48:a7:91:df:df:a8:c9:3a:6a:
         56:55:e2:17:9b:6c:41:80:da:cf:c0:9d:d9:46:65:51:39:28:
         22:cc:c9:e8:4a:15:5c:17:a9:f7:18:42:a9:6d:3f:2e:a3:67:
         a5:b5:43:d0:78:6d:d7:ac:fa:6c:28:48:af:3e:8d:90:e9:fe:
         44:ea:ba:64:70:20:75:f4:42:20:63:b0:df:3b:e1:b5:39:ba:
         65:12:34:1c:34:19:ef:a5:23:4c:70:a9:4d:9c:4f:c8:2b:80:
         c3:13:10:02:4e:a4:36:91:8c:fb:d5:ca:4e:c9:66:29:b4:a9:
         f3:2b:40:f6:e8:0b:10:21:69:64:e5:74:47:4f:1d:9a:fb:30:
         cc:7a:46:50:a8:cf:52:db:98:40:8a:a2:f8:21:c5:75:08:c5:
         dd:5c:f2:00:6f:1e:a7:7b:dd:c4:59:b9:43:2c:5e:d8:18:df:
         e2:4c:cb:4d:bc:75:42:79:cd:78:72:a5:77:3f:d9:5e:8b:7c:
         b2:d9:f8:06:5e:7c:ce:72:6d:6a:a9:ba:8c:32:56:dd:d5:c0:
         d3:63:19:31:a8:91:08:ee:c3:ad:e7:40:f4:6d:84:a7:21:52:
         e4:04:8f:63:69:c0:09:ca:85:64:60:3d:c1:76:3c:be:0e:7a:
         70:50:82:7b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUK3WL8PMp7/bj1fjhbXenCfa0q6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTEwMjIxMjMzMjFaFw0yNjEwMjExMjM4MjFaMDMxMTAvBgNV
BAMTKDlDRkE2QzIwOUYwOThENTBFMUU0Njg2Qzk2NUQwOUQyQzcwN0IxMDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCHKyHWSKZCYTgcq8MAiP6DSXA/
KtJyvttDr5SV9I30fACLeCHpBg/u4Z6fdFm61PIYQ3Y8uBOjDJ6klZZ7BIHMG8+b
bUvss2Kuxb37gLI6yIRO0lq02p12iLKXZx3HVwB1XmryAgge+UbCEZPiJ+BvAZrZ
8I0BQBDWbu6WoakpTwfauoGyc+cxgFF9u1uT/rxROL9eweNFAZPdTUUGn/f6ChfP
Q/Js8J9EXZjPGCWYHd/yqhN1N/H9ALpYNy1eiC2T93Ku20MkuNdgteeg07LxARlv
aioY4XFZT1hSeclIXgjmWYuGu6WlxKLvqDwGsjJKRZLfUG6waxHr/DYhtQvdAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUnPpsIJ8JjVDh5Ghsll0J0scHsQYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACyXI8D
BACyXcQwDQYJKoZIhvcNAQELBQADggEBAAUn72dDJ2LU70inkd/fqMk6alZV4heb
bEGA2s/AndlGZVE5KCLMyehKFVwXqfcYQqltPy6jZ6W1Q9B4bdes+mwoSK8+jZDp
/kTqumRwIHX0QiBjsN874bU5umUSNBw0Ge+lI0xwqU2cT8grgMMTEAJOpDaRjPvV
yk7JZim0qfMrQPboCxAhaWTldEdPHZr7MMx6RlCoz1LbmECKovghxXUIxd1c8gBv
Hqd73cRZuUMsXtgY3+JMy028dUJ5zXhypXc/2V6LfLLZ+AZefM5ybWqpuowyVt3V
wNNjGTGokQjuw63nQPRthKchUuQEj2NpwAnKhWRgPcF2PL4OenBQgns=
-----END CERTIFICATE-----