Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56087.roa
File:                     AS56087.roa (raw, json)
Hash identifier:          eCodWsqXGhLLqa54O3+aM90ohqeJWvv8fPVHtjlaZ6I=
Subject key identifier:   35:2C:A2:91:CF:FB:62:89:3C:CD:D2:16:CA:C8:70:15:B5:0B:F1:C2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       55664B78422384AB9F7AC8C5D96DAA5BF43C0275
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56087.roa
Signing time:             Fri 08 May 2026 06:57:02 +0000
ROA not before:           Fri 08 May 2026 06:52:02 +0000
ROA not after:            Fri 07 May 2027 06:57:02 +0000
asID:                     56087
IP address blocks:        150.241.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:66:4b:78:42:23:84:ab:9f:7a:c8:c5:d9:6d:aa:5b:f4:3c:02:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  8 06:52:02 2026 GMT
            Not After : May  7 06:57:02 2027 GMT
        Subject: CN=352CA291CFFB62893CCDD216CAC87015B50BF1C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:ac:12:fc:f1:b0:3c:81:b7:ca:6a:a2:d6:49:
                    bd:a1:d5:5a:d2:7e:af:97:d6:ba:5b:a3:6a:d9:ed:
                    70:5d:ca:a2:96:6b:34:92:24:c0:d4:a1:f8:ca:f6:
                    bf:23:17:0c:0e:38:d0:b1:2d:e3:0c:41:8a:d9:37:
                    89:02:cf:5f:5b:92:68:54:11:98:0c:0c:73:0e:4c:
                    ea:d5:c0:89:eb:f4:10:de:52:a1:8f:6c:6b:0e:c2:
                    e6:a9:a3:61:0a:57:5b:97:06:f9:22:aa:8c:e3:16:
                    00:2d:60:c4:0b:20:a0:81:bb:c6:38:1d:31:9f:da:
                    0e:1b:fd:40:26:ba:10:ae:53:04:16:f3:ad:89:7b:
                    0e:c3:a2:1d:6e:9f:5c:be:c0:3e:24:45:ba:7a:f5:
                    03:63:b6:8d:83:e7:b7:f5:86:9c:9b:0c:34:d6:ec:
                    f6:b7:16:3f:09:99:5b:07:e9:a0:58:d8:7c:ac:4c:
                    ce:36:c3:69:57:45:9c:48:bd:c9:b6:b4:6b:4c:68:
                    bf:64:bf:0e:8f:50:c7:c9:3f:e9:c5:c6:f7:02:cc:
                    eb:86:22:19:63:89:c5:65:b4:96:68:34:dd:f3:19:
                    2d:92:82:7a:1e:c2:7b:64:7e:c9:67:69:23:26:24:
                    b3:04:1c:45:ad:85:9a:b2:b3:af:5e:58:5d:da:2c:
                    17:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2C:A2:91:CF:FB:62:89:3C:CD:D2:16:CA:C8:70:15:B5:0B:F1:C2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56087.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:08:01:db:d4:18:4a:41:d9:9e:9c:91:67:70:d8:41:f1:49:
         7f:54:3e:f5:86:eb:86:07:a4:8c:f0:5c:d7:7c:ac:99:90:07:
         59:76:33:99:75:15:b2:c1:84:0f:58:f1:9b:0a:41:44:93:48:
         18:96:00:e3:00:dc:ad:71:85:b7:fd:2f:a6:d9:f5:e2:14:a4:
         2e:23:97:f2:23:56:af:c9:de:4e:48:5f:45:43:fa:b8:0f:65:
         42:58:46:94:97:9b:6e:9d:da:9d:dd:81:25:1f:c0:38:b6:d8:
         68:e3:dc:f9:a2:83:af:2f:f3:11:86:f8:ef:7c:33:f8:a5:0d:
         fb:89:6f:36:de:07:e4:39:12:89:35:de:5d:39:ee:c7:39:d6:
         1f:97:34:e2:07:90:12:b2:d0:ad:4d:cc:1a:52:ee:68:f3:e6:
         5f:08:b2:10:85:e1:15:36:97:48:ac:e6:ee:87:b2:36:9b:83:
         6d:64:3b:d0:b1:8f:b9:b5:91:4b:28:1d:1b:0e:21:e5:5d:50:
         e9:dd:19:04:94:98:41:bf:12:c5:11:7c:97:fd:9a:f5:db:cc:
         f4:58:a5:68:a7:d1:38:5f:ab:40:37:79:9c:03:62:ec:49:22:
         b6:5f:6e:b2:d8:f2:05:10:28:38:d5:4b:c9:98:8e:e3:3b:d5:
         ed:39:40:17
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUVWZLeEIjhKufesjF2W2qW/Q8AnUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDgwNjUyMDJaFw0yNzA1MDcwNjU3MDJaMDMxMTAvBgNV
BAMTKDM1MkNBMjkxQ0ZGQjYyODkzQ0NERDIxNkNBQzg3MDE1QjUwQkYxQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDerBL88bA8gbfKaqLWSb2h1VrS
fq+X1rpbo2rZ7XBdyqKWazSSJMDUofjK9r8jFwwOONCxLeMMQYrZN4kCz19bkmhU
EZgMDHMOTOrVwInr9BDeUqGPbGsOwuapo2EKV1uXBvkiqozjFgAtYMQLIKCBu8Y4
HTGf2g4b/UAmuhCuUwQW862Jew7Doh1un1y+wD4kRbp69QNjto2D57f1hpybDDTW
7Pa3Fj8JmVsH6aBY2HysTM42w2lXRZxIvcm2tGtMaL9kvw6PUMfJP+nFxvcCzOuG
IhljicVltJZoNN3zGS2SgnoewntkfslnaSMmJLMEHEWthZqys69eWF3aLBcLAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUNSyikc/7Yok8zdIWyshwFbUL8cIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTYwODcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACW8Y0w
DQYJKoZIhvcNAQELBQADggEBAHsIAdvUGEpB2Z6ckWdw2EHxSX9UPvWG64YHpIzw
XNd8rJmQB1l2M5l1FbLBhA9Y8ZsKQUSTSBiWAOMA3K1xhbf9L6bZ9eIUpC4jl/Ij
Vq/J3k5IX0VD+rgPZUJYRpSXm26d2p3dgSUfwDi22Gjj3Pmig68v8xGG+O98M/il
DfuJbzbeB+Q5Eok13l057sc51h+XNOIHkBKy0K1NzBpS7mjz5l8IshCF4RU2l0is
5u6Hsjabg21kO9Cxj7m1kUsoHRsOIeVdUOndGQSUmEG/EsURfJf9mvXbzPRYpWin
0Thfq0A3eZwDYuxJIrZfbrLY8gUQKDjVS8mYjuM71e05QBc=
-----END CERTIFICATE-----