Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
File:                     AS56655.roa (raw, json)
Hash identifier:          OLrRPsxdHFeRav4e3R2hQ3ig9XVKn27oJ6zhZgG/HKg=
Subject key identifier:   B6:A6:10:AE:C9:03:6D:46:20:CE:08:98:7C:BB:94:97:DC:35:60:43
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6F989BBFE4044D42EE88B019E85D8DBDD605B59E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa
Signing time:             Sun 19 Apr 2026 09:00:48 +0000
ROA not before:           Sun 19 Apr 2026 08:55:48 +0000
ROA not after:            Sun 18 Apr 2027 09:00:48 +0000
asID:                     56655
IP address blocks:        143.14.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6f:98:9b:bf:e4:04:4d:42:ee:88:b0:19:e8:5d:8d:bd:d6:05:b5:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 19 08:55:48 2026 GMT
            Not After : Apr 18 09:00:48 2027 GMT
        Subject: CN=B6A610AEC9036D4620CE08987CBB9497DC356043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:67:50:f6:05:4a:30:bf:58:d6:c7:cc:18:33:
                    a8:4c:62:be:25:e2:aa:8b:75:0b:59:18:e9:23:64:
                    04:69:85:d7:a3:89:6b:8c:c8:fd:73:aa:fb:f0:01:
                    3b:a8:6f:83:f3:58:ab:49:c4:95:bf:2f:e5:9a:58:
                    5f:54:40:de:ec:7f:0b:d2:90:ea:47:2c:30:8d:ac:
                    2f:fd:cb:d4:d5:f9:8a:b2:ea:02:3e:a2:a5:4c:54:
                    a0:2e:f6:19:85:3a:11:b2:df:62:3a:31:59:25:80:
                    04:81:db:20:46:65:88:e5:5f:ab:c1:b3:ec:26:26:
                    98:dc:f7:fa:f3:26:94:fd:ad:34:28:84:f6:64:23:
                    09:c2:b2:48:15:99:12:01:c4:d1:99:1a:93:37:b8:
                    9a:91:3f:0e:35:b6:a7:f5:d2:03:9a:c0:b2:e7:c4:
                    66:7b:68:33:e8:bb:df:cf:05:0b:2d:2b:ba:ee:82:
                    f6:12:9d:28:7d:a8:c7:57:92:1e:74:41:98:00:78:
                    51:fa:ed:69:2a:72:70:cc:99:7f:59:b2:e9:98:50:
                    c4:cc:8d:4a:e5:b7:ff:cb:c9:85:39:6a:95:a3:47:
                    7c:1f:fd:98:cb:61:e5:b6:84:2f:f1:a2:ff:96:dd:
                    6f:e5:00:a9:08:ae:5e:74:70:44:66:53:34:5f:87:
                    36:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A6:10:AE:C9:03:6D:46:20:CE:08:98:7C:BB:94:97:DC:35:60:43
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS56655.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:03:0c:af:a4:94:9b:ed:92:22:9f:5d:80:07:93:ec:02:ba:
         67:5d:46:6c:73:70:c9:da:a5:ca:83:8d:51:96:40:7f:f3:ff:
         4d:f7:a7:d6:fb:58:fb:f3:3a:6b:fa:8c:ff:fa:af:aa:16:9b:
         8d:91:73:1a:51:31:36:f8:36:7e:ba:1f:c2:a4:ff:bf:13:e4:
         53:9d:23:52:df:6b:22:92:d7:d0:67:e8:e7:93:a7:ac:80:32:
         6f:f9:ef:d1:04:bc:fb:a4:4e:33:58:19:72:ea:ef:7f:87:a6:
         9f:6b:cd:b6:c9:0f:ed:29:40:9c:96:57:8f:c5:d4:30:57:a3:
         95:e5:62:26:a2:f5:2e:5a:5c:f9:44:f7:f7:91:74:5d:2a:fb:
         d1:7a:c0:75:fd:19:85:06:d5:31:87:38:ae:77:40:67:de:15:
         69:74:4e:92:b5:fa:ca:d4:fc:d7:94:76:bc:70:f3:a5:33:ef:
         3b:08:97:7d:a7:ff:41:cf:66:71:99:d3:a0:75:e5:89:10:d0:
         8f:4f:04:c1:17:26:a0:63:45:4f:7d:37:84:00:b5:f8:6d:42:
         92:56:cd:4f:de:d6:c5:42:62:cd:81:99:25:02:ff:16:9a:53:
         65:3b:a2:6d:2d:37:8b:bf:ff:b6:8d:fd:83:ec:10:f8:b5:96:
         ea:a7:a5:78
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUb5ibv+QETULuiLAZ6F2NvdYFtZ4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTkwODU1NDhaFw0yNzA0MTgwOTAwNDhaMDMxMTAvBgNV
BAMTKEI2QTYxMEFFQzkwMzZENDYyMENFMDg5ODdDQkI5NDk3REMzNTYwNDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3Z1D2BUowv1jWx8wYM6hMYr4l
4qqLdQtZGOkjZARphdejiWuMyP1zqvvwATuob4PzWKtJxJW/L+WaWF9UQN7sfwvS
kOpHLDCNrC/9y9TV+Yqy6gI+oqVMVKAu9hmFOhGy32I6MVklgASB2yBGZYjlX6vB
s+wmJpjc9/rzJpT9rTQohPZkIwnCskgVmRIBxNGZGpM3uJqRPw41tqf10gOawLLn
xGZ7aDPou9/PBQstK7rugvYSnSh9qMdXkh50QZgAeFH67WkqcnDMmX9ZsumYUMTM
jUrlt//LyYU5apWjR3wf/ZjLYeW2hC/xov+W3W/lAKkIrl50cERmUzRfhza1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUtqYQrskDbUYgzgiYfLuUl9w1YEMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY2NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKPDigw
DQYJKoZIhvcNAQELBQADggEBAG4DDK+klJvtkiKfXYAHk+wCumddRmxzcMnapcqD
jVGWQH/z/033p9b7WPvzOmv6jP/6r6oWm42RcxpRMTb4Nn66H8Kk/78T5FOdI1Lf
ayKS19Bn6OeTp6yAMm/579EEvPukTjNYGXLq73+Hpp9rzbbJD+0pQJyWV4/F1DBX
o5XlYiai9S5aXPlE9/eRdF0q+9F6wHX9GYUG1TGHOK53QGfeFWl0TpK1+srU/NeU
drxw86Uz7zsIl32n/0HPZnGZ06B15YkQ0I9PBMEXJqBjRU99N4QAtfhtQpJWzU/e
1sVCYs2BmSUC/xaaU2U7om0tN4u//7aN/YPsEPi1luqnpXg=
-----END CERTIFICATE-----