Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa
File:                     AS47690.roa (raw, json)
Hash identifier:          JX7G+mBe037OStFqpA0McZ7JKC6vPuvjH2Y/7AsUGXU=
Subject key identifier:   5B:6D:1B:0A:88:47:A1:54:AA:29:67:02:76:A1:D7:5B:35:C1:1A:C3
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       48C0EC974E99F31561445D7D9ABD4C0FB5120AE3
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa
Signing time:             Mon 16 Mar 2026 00:04:59 +0000
ROA not before:           Sun 15 Mar 2026 23:59:59 +0000
ROA not after:            Mon 15 Mar 2027 00:04:59 +0000
asID:                     47690
IP address blocks:        212.60.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:20:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            48:c0:ec:97:4e:99:f3:15:61:44:5d:7d:9a:bd:4c:0f:b5:12:0a:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Mar 15 23:59:59 2026 GMT
            Not After : Mar 15 00:04:59 2027 GMT
        Subject: CN=5B6D1B0A8847A154AA29670276A1D75B35C11AC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:32:01:a2:1f:56:2f:c1:f6:3c:b5:15:bb:36:
                    97:7e:70:72:cd:63:ee:65:c0:a0:bb:03:12:15:ef:
                    dd:bc:70:0e:31:82:6e:a0:b9:60:29:7e:94:aa:8e:
                    89:11:af:44:dc:6d:60:1d:a3:5c:8c:4e:7d:31:42:
                    f0:5d:54:ec:80:46:b8:d6:42:4a:3a:01:9b:4f:51:
                    bc:7d:22:86:cf:92:99:58:c4:79:93:14:9f:64:6e:
                    a0:5b:a9:e9:59:1d:27:65:94:5d:1e:1a:35:45:13:
                    4f:73:c5:11:49:e1:ff:34:e0:98:cd:50:dd:04:03:
                    94:8f:a1:d7:06:9b:eb:5a:bd:e8:1b:87:1d:c1:e6:
                    0f:03:c1:ec:b6:5f:4d:d7:fb:fd:f5:3a:1e:82:0f:
                    91:dc:30:9c:9b:f1:89:16:74:a9:06:7c:74:66:32:
                    0e:e5:21:17:ae:dc:a2:44:cd:88:15:41:b0:2a:be:
                    95:5a:76:76:1d:6c:16:12:e8:f5:05:da:7d:ec:02:
                    7d:2c:d9:c7:57:ca:68:77:73:07:eb:a6:b4:cd:16:
                    40:f3:18:ab:9c:86:8e:50:5f:b6:73:be:05:8f:ca:
                    fa:b1:9b:25:02:3e:f7:01:86:34:1d:6a:0b:07:de:
                    d0:d8:0b:5b:c3:4b:28:1b:1c:f9:28:fa:1d:55:03:
                    32:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6D:1B:0A:88:47:A1:54:AA:29:67:02:76:A1:D7:5B:35:C1:1A:C3
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:22:e5:4e:a0:3a:7f:3f:59:c9:5a:e6:b7:13:ed:b1:f7:ec:
         68:e7:f4:af:bf:53:2b:90:97:a6:1f:9a:18:69:be:26:65:34:
         0d:23:b5:4c:dd:30:45:b0:bb:c6:9c:cc:06:ce:54:c3:cc:a0:
         2e:bd:58:db:b6:ae:8f:5d:e5:be:81:60:32:05:dd:2c:66:bd:
         28:e4:1e:91:ff:d3:7b:3e:5f:1f:c8:04:6e:35:c6:f4:ab:40:
         35:5b:eb:01:f0:00:24:59:08:be:cc:12:28:85:15:64:25:d5:
         ad:30:91:96:d4:a4:d9:4b:7c:84:d2:4a:ab:74:69:bb:41:98:
         2a:51:e8:db:8c:33:69:5f:0d:10:ad:30:81:e8:f2:89:92:35:
         1a:f8:48:4f:71:22:2c:19:0d:d2:43:a7:ae:d6:23:86:c2:29:
         cf:4d:f9:bd:e6:7a:8b:21:12:d1:fe:4d:53:8e:7b:a8:b8:a5:
         11:83:52:b9:6f:47:52:1f:62:7b:7d:54:71:9b:79:45:4f:3c:
         f0:8a:7c:26:28:5b:18:c3:80:94:02:9f:e6:eb:0c:5d:ba:cd:
         39:8b:ad:6d:5b:2d:a7:e1:dc:a8:15:94:2c:62:3a:1f:c4:eb:
         14:0c:5a:61:30:be:19:bf:d7:da:fe:49:a1:f3:0c:5a:8e:c5:
         2b:00:df:be
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSMDsl06Z8xVhRF19mr1MD7USCuMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAzMTUyMzU5NTlaFw0yNzAzMTUwMDA0NTlaMDMxMTAvBgNV
BAMTKDVCNkQxQjBBODg0N0ExNTRBQTI5NjcwMjc2QTFENzVCMzVDMTFBQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlMgGiH1YvwfY8tRW7Npd+cHLN
Y+5lwKC7AxIV7928cA4xgm6guWApfpSqjokRr0TcbWAdo1yMTn0xQvBdVOyARrjW
Qko6AZtPUbx9IobPkplYxHmTFJ9kbqBbqelZHSdllF0eGjVFE09zxRFJ4f804JjN
UN0EA5SPodcGm+tavegbhx3B5g8Dwey2X03X+/31Oh6CD5HcMJyb8YkWdKkGfHRm
Mg7lIReu3KJEzYgVQbAqvpVadnYdbBYS6PUF2n3sAn0s2cdXymh3cwfrprTNFkDz
GKucho5QX7ZzvgWPyvqxmyUCPvcBhjQdagsH3tDYC1vDSygbHPko+h1VAzIzAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUW20bCohHoVSqKWcCdqHXWzXBGsMwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDc2OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUPJ4w
DQYJKoZIhvcNAQELBQADggEBAHIi5U6gOn8/Wcla5rcT7bH37Gjn9K+/UyuQl6Yf
mhhpviZlNA0jtUzdMEWwu8aczAbOVMPMoC69WNu2ro9d5b6BYDIF3SxmvSjkHpH/
03s+Xx/IBG41xvSrQDVb6wHwACRZCL7MEiiFFWQl1a0wkZbUpNlLfITSSqt0abtB
mCpR6NuMM2lfDRCtMIHo8omSNRr4SE9xIiwZDdJDp67WI4bCKc9N+b3meoshEtH+
TVOOe6i4pRGDUrlvR1IfYnt9VHGbeUVPPPCKfCYoWxjDgJQCn+brDF26zTmLrW1b
Lafh3KgVlCxiOh/E6xQMWmEwvhm/19r+SaHzDFqOxSsA374=
-----END CERTIFICATE-----