Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          KSp+pJzoiVcm6MS5zN/1shcIHefC+RVvGMpAWgacvY0=
Subject key identifier:   58:E8:AF:6A:B2:61:23:68:D1:E5:B3:4C:15:A8:44:EB:76:EE:5D:08
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1344ED1CC73320E308A7C8D2F0A89D1014220AA3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
Signing time:             Thu 14 Aug 2025 00:01:55 +0000
ROA not before:           Wed 13 Aug 2025 23:56:55 +0000
ROA not after:            Thu 13 Aug 2026 00:01:55 +0000
asID:                     22427
IP address blocks:        155.117.247.0/24 maxlen: 24
                          167.148.179.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            13:44:ed:1c:c7:33:20:e3:08:a7:c8:d2:f0:a8:9d:10:14:22:0a:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 13 23:56:55 2025 GMT
            Not After : Aug 13 00:01:55 2026 GMT
        Subject: CN=58E8AF6AB2612368D1E5B34C15A844EB76EE5D08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:51:9b:61:95:14:67:7d:9e:bc:99:38:b9:ec:
                    e3:aa:23:fd:3a:56:ae:29:36:16:11:db:c2:dd:d1:
                    01:eb:d3:be:56:bc:3c:a4:76:42:28:f2:11:8b:48:
                    13:d9:02:f0:69:d1:a0:94:71:1a:45:7c:3b:e5:2b:
                    84:62:bc:f6:7e:b1:d5:39:a9:ae:9d:35:bb:c3:72:
                    7e:8c:5b:f2:61:1a:81:2e:9a:d6:59:c8:fe:b7:03:
                    93:45:6c:80:df:f5:9f:b0:42:e0:76:35:2b:59:a8:
                    e1:69:61:8f:ff:8a:9e:1f:57:72:9c:5a:ea:9c:29:
                    c6:bc:01:32:1a:6a:0b:90:eb:20:ac:99:d5:79:a8:
                    51:40:39:d9:d1:56:b5:ff:25:00:1b:56:f8:56:b4:
                    ef:b1:8b:b9:d7:f0:b2:25:17:d8:3a:43:8a:08:7f:
                    bd:3e:d1:26:86:08:de:f9:56:30:03:a3:56:31:19:
                    5c:f5:34:73:55:ae:26:9a:7c:87:7c:1c:31:b8:96:
                    a7:24:34:e0:af:28:b3:83:eb:65:c7:a2:76:b9:7d:
                    cc:75:29:d9:b7:78:8b:79:c2:e8:48:d2:f7:60:e5:
                    99:9c:2c:0b:43:ea:89:58:2c:d2:b3:2f:08:5f:c6:
                    5c:d2:ac:12:04:72:df:0b:db:fc:c0:f5:39:2f:c9:
                    76:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:E8:AF:6A:B2:61:23:68:D1:E5:B3:4C:15:A8:44:EB:76:EE:5D:08
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.247.0/24
                  167.148.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:46:7c:35:63:ca:31:74:c8:cd:d1:6b:14:9a:bf:6e:36:f5:
         1a:c7:b8:c1:4e:cd:5f:e7:53:58:4f:dd:56:f5:3e:c2:bd:0d:
         a4:bf:05:d1:61:7d:d7:f4:c7:f3:48:94:0d:a4:18:66:e7:ef:
         46:36:8e:68:3f:e7:36:e5:10:91:77:a1:62:04:ff:43:a2:16:
         77:c3:f2:84:bc:39:d0:07:79:f0:23:eb:d5:a2:35:78:c8:65:
         08:5c:4d:a4:1b:70:cb:0f:00:c3:1d:c8:f4:8d:7c:02:bf:21:
         75:0a:1a:59:ad:7b:17:b7:9b:0d:4d:1e:d5:ab:cc:75:9a:ae:
         92:89:46:99:4f:8a:69:6e:7b:b4:82:94:75:12:c1:3f:8f:46:
         3a:b1:27:da:a3:10:bf:c5:5a:6f:b5:ca:9f:42:9e:ea:2b:ee:
         03:e8:ca:33:38:dc:c3:68:79:d9:25:fa:ef:27:75:55:0b:92:
         c0:97:e6:dd:26:ef:c2:25:ac:db:49:ba:da:f3:e5:54:bb:6c:
         cc:fe:75:25:b9:1b:a7:78:66:df:c1:a2:00:ff:6d:24:40:99:
         2a:a4:77:4e:71:bf:4a:9e:5c:1a:07:3a:89:e7:2b:eb:5c:b6:
         28:7a:22:e0:33:c8:e0:86:e5:3e:8d:9c:14:a6:8c:58:0f:36:
         8f:30:11:98
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUE0TtHMczIOMIp8jS8KidEBQiCqMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MTMyMzU2NTVaFw0yNjA4MTMwMDAxNTVaMDMxMTAvBgNV
BAMTKDU4RThBRjZBQjI2MTIzNjhEMUU1QjM0QzE1QTg0NEVCNzZFRTVEMDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoUZthlRRnfZ68mTi57OOqI/06
Vq4pNhYR28Ld0QHr075WvDykdkIo8hGLSBPZAvBp0aCUcRpFfDvlK4RivPZ+sdU5
qa6dNbvDcn6MW/JhGoEumtZZyP63A5NFbIDf9Z+wQuB2NStZqOFpYY//ip4fV3Kc
WuqcKca8ATIaaguQ6yCsmdV5qFFAOdnRVrX/JQAbVvhWtO+xi7nX8LIlF9g6Q4oI
f70+0SaGCN75VjADo1YxGVz1NHNVriaafId8HDG4lqckNOCvKLOD62XHona5fcx1
Kdm3eIt5wuhI0vdg5ZmcLAtD6olYLNKzLwhfxlzSrBIEct8L2/zA9TkvyXZxAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWOivarJhI2jR5bNMFahE63buXQgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACbdfcD
BACnlLMwDQYJKoZIhvcNAQELBQADggEBAGlGfDVjyjF0yM3RaxSav2429RrHuMFO
zV/nU1hP3Vb1PsK9DaS/BdFhfdf0x/NIlA2kGGbn70Y2jmg/5zblEJF3oWIE/0Oi
FnfD8oS8OdAHefAj69WiNXjIZQhcTaQbcMsPAMMdyPSNfAK/IXUKGlmtexe3mw1N
HtWrzHWarpKJRplPimlue7SClHUSwT+PRjqxJ9qjEL/FWm+1yp9Cnuor7gPoyjM4
3MNoedkl+u8ndVULksCX5t0m78IlrNtJutrz5VS7bMz+dSW5G6d4Zt/BogD/bSRA
mSqkd05xv0qeXBoHOonnK+tctih6IuAzyOCG5T6NnBSmjFgPNo8wEZg=
-----END CERTIFICATE-----