Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          JR8r7Zn7uQlAE0vuoCo1cOhM4QxOYAq4VJhX3DTGvPA=
Subject key identifier:   64:02:3E:B5:8A:CA:00:A3:E0:16:6E:16:D8:B2:BB:03:80:D6:6A:9B
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6C2DE0D1C8A860E45EBE1AF5266961BD1C6149C5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa
Signing time:             Tue 14 Apr 2026 20:18:29 +0000
ROA not before:           Tue 14 Apr 2026 20:13:29 +0000
ROA not after:            Tue 13 Apr 2027 20:18:29 +0000
asID:                     57043
IP address blocks:        178.93.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 Apr 2026 22:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:2d:e0:d1:c8:a8:60:e4:5e:be:1a:f5:26:69:61:bd:1c:61:49:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 14 20:13:29 2026 GMT
            Not After : Apr 13 20:18:29 2027 GMT
        Subject: CN=64023EB58ACA00A3E0166E16D8B2BB0380D66A9B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e1:b9:67:e6:35:22:a6:94:de:bb:21:a6:47:
                    ca:1a:f6:cd:c8:b8:79:af:95:37:bb:51:1e:4b:44:
                    de:bb:f1:26:c5:e2:27:b6:9a:7f:00:de:d6:5a:65:
                    6a:68:23:26:2b:e0:6f:51:ae:33:07:b3:9b:8e:88:
                    e2:d6:cb:7c:1d:4e:d9:a9:e9:df:33:e7:bb:82:65:
                    a6:75:d2:66:33:65:37:8e:bc:fc:86:bf:24:b7:a0:
                    ec:d8:6d:59:10:8b:cd:84:6f:1d:7c:8d:92:e0:9b:
                    66:aa:8f:a5:f2:19:79:03:0d:98:fb:62:66:67:bf:
                    f1:bf:91:6c:bd:e0:a0:4a:55:a7:1e:96:26:6c:a0:
                    b2:06:f2:01:2a:99:50:df:45:bb:07:f9:a4:c7:fa:
                    d5:64:13:01:9f:a4:7a:85:c4:75:4f:f2:79:2a:c8:
                    56:42:f7:17:ab:d8:d2:a4:5e:79:07:d8:8a:72:85:
                    7c:c3:0e:86:55:fe:b6:02:db:46:42:2e:8e:c8:39:
                    b6:45:40:aa:2b:f2:ec:f9:84:4f:ec:ef:f5:09:15:
                    5e:3a:59:41:24:2c:75:11:db:55:2f:0c:24:71:70:
                    0a:b8:9e:62:b4:45:4b:c2:36:85:02:55:8d:44:b0:
                    93:21:2e:c0:29:8a:2f:e7:f0:4a:28:10:a9:73:10:
                    0f:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:02:3E:B5:8A:CA:00:A3:E0:16:6E:16:D8:B2:BB:03:80:D6:6A:9B
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:cb:45:54:c1:92:ad:78:61:4c:96:59:4b:6e:6d:f0:20:37:
         ff:b2:5a:7d:eb:03:48:ef:d1:d2:d3:68:59:ac:ff:d0:ff:b9:
         e0:39:a1:fc:84:af:d3:86:d3:a7:93:bc:a5:02:df:56:b4:b5:
         9c:1c:74:61:77:d0:de:36:71:a2:0d:32:2e:23:cb:43:ef:66:
         54:4b:ff:ef:de:34:cf:02:6e:b1:4f:f9:57:70:81:39:cc:19:
         ed:c1:c6:1a:9e:24:2c:73:c6:9a:1c:8a:a6:b7:63:23:dc:52:
         c1:c6:5b:c1:7c:d4:11:0d:e3:db:63:f4:bf:da:52:f6:88:cd:
         e9:44:29:f0:9a:f7:77:87:b9:59:e5:9b:18:79:67:5e:e8:6e:
         a4:09:db:87:04:14:1c:6a:03:8a:22:13:01:0f:d3:9f:e9:06:
         05:51:77:0e:85:8d:90:de:ce:06:8d:e7:7d:4f:0d:bc:13:bf:
         d0:77:3b:79:b3:87:20:70:0d:c4:75:5b:b1:f1:e7:45:ea:7d:
         d3:bc:16:2c:9d:71:6a:95:e9:4e:d9:93:59:d9:e1:ed:1b:a5:
         0e:d5:4a:4f:0d:ea:22:b3:ba:0d:07:1b:59:66:3b:1c:c4:09:
         ec:6b:55:03:bb:8d:68:dd:3f:12:bc:4e:21:22:e1:1e:78:7e:
         87:b1:19:9d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUbC3g0cioYORevhr1JmlhvRxhScUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MTQyMDEzMjlaFw0yNzA0MTMyMDE4MjlaMDMxMTAvBgNV
BAMTKDY0MDIzRUI1OEFDQTAwQTNFMDE2NkUxNkQ4QjJCQjAzODBENjZBOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ4bln5jUippTeuyGmR8oa9s3I
uHmvlTe7UR5LRN678SbF4ie2mn8A3tZaZWpoIyYr4G9RrjMHs5uOiOLWy3wdTtmp
6d8z57uCZaZ10mYzZTeOvPyGvyS3oOzYbVkQi82Ebx18jZLgm2aqj6XyGXkDDZj7
YmZnv/G/kWy94KBKVaceliZsoLIG8gEqmVDfRbsH+aTH+tVkEwGfpHqFxHVP8nkq
yFZC9xer2NKkXnkH2IpyhXzDDoZV/rYC20ZCLo7IObZFQKor8uz5hE/s7/UJFV46
WUEkLHUR21UvDCRxcAq4nmK0RUvCNoUCVY1EsJMhLsApii/n8EooEKlzEA+JAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUZAI+tYrKAKPgFm4W2LK7A4DWapswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyXdgw
DQYJKoZIhvcNAQELBQADggEBAJDLRVTBkq14YUyWWUtubfAgN/+yWn3rA0jv0dLT
aFms/9D/ueA5ofyEr9OG06eTvKUC31a0tZwcdGF30N42caINMi4jy0PvZlRL/+/e
NM8CbrFP+VdwgTnMGe3BxhqeJCxzxpociqa3YyPcUsHGW8F81BEN49tj9L/aUvaI
zelEKfCa93eHuVnlmxh5Z17obqQJ24cEFBxqA4oiEwEP05/pBgVRdw6FjZDezgaN
531PDbwTv9B3O3mzhyBwDcR1W7Hx50XqfdO8FiydcWqV6U7Zk1nZ4e0bpQ7VSk8N
6iKzug0HG1lmOxzECexrVQO7jWjdPxK8TiEi4R54foexGZ0=
-----END CERTIFICATE-----