Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS11426.roa
File:                     AS11426.roa (raw, json)
Hash identifier:          cohdvaesy+0DujTiLy3HFr8MWjS09YkzN6THoHO8ntU=
Subject key identifier:   E8:59:25:F6:93:CC:61:AF:21:B5:D4:63:3D:36:28:73:DE:A3:1E:AC
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       011E51378DE64DC9D36338D8C662F8F8076DD32B
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS11426.roa
Signing time:             Wed 06 May 2026 00:47:11 +0000
ROA not before:           Wed 06 May 2026 00:42:11 +0000
ROA not after:            Wed 05 May 2027 00:47:11 +0000
asID:                     11426
IP address blocks:        181.214.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:1e:51:37:8d:e6:4d:c9:d3:63:38:d8:c6:62:f8:f8:07:6d:d3:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  6 00:42:11 2026 GMT
            Not After : May  5 00:47:11 2027 GMT
        Subject: CN=E85925F693CC61AF21B5D4633D362873DEA31EAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f6:df:c4:f8:8a:b3:75:d1:f3:85:1e:a1:87:
                    ab:98:0f:54:1a:de:9e:5d:71:ee:aa:3c:89:f1:90:
                    92:ed:e7:18:1a:8a:93:d8:ed:de:61:cd:ca:61:a0:
                    57:33:cd:89:0a:7a:8b:7d:42:61:0c:b6:85:ca:38:
                    12:47:db:ad:84:36:f3:12:25:a6:34:b7:5c:94:22:
                    d9:af:eb:ba:83:19:fd:6c:e9:dc:a1:e4:73:12:bc:
                    31:6f:fa:4a:ef:c2:07:34:b1:8d:eb:16:2c:d9:2f:
                    67:d5:81:bb:a2:5b:4e:b4:89:51:a0:d4:87:33:fe:
                    41:aa:9b:b1:ff:ba:6e:b0:15:f0:9f:e8:6c:28:f5:
                    dc:50:14:37:83:cb:0d:fd:1e:dc:d3:7c:d6:05:ed:
                    cb:da:ec:5d:38:a6:10:e7:33:70:23:fb:cc:7a:d2:
                    bd:c3:de:09:c8:9a:a1:7d:95:2a:2c:fe:b4:74:b3:
                    18:fe:81:f4:f6:bd:e7:c3:ce:4a:90:74:43:34:f6:
                    5b:47:54:a1:c3:1b:a6:02:79:85:49:5d:dc:2d:f3:
                    f7:d5:2a:6e:61:77:09:27:d1:96:b2:8d:e4:60:9f:
                    4b:c9:b1:76:53:91:03:1c:d8:13:4a:f2:62:50:d1:
                    4b:1a:64:84:7b:4d:33:2d:4e:7c:eb:6c:3c:d0:2d:
                    a4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:59:25:F6:93:CC:61:AF:21:B5:D4:63:3D:36:28:73:DE:A3:1E:AC
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS11426.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:c5:f8:4a:2d:0e:c6:3a:5c:e4:39:24:13:3c:1d:74:c6:c4:
         fd:2c:f2:67:39:1a:71:46:63:f5:a1:34:20:d3:ba:e6:2f:23:
         39:5a:68:55:22:45:85:2d:2b:54:b7:76:c3:b8:86:9f:94:f6:
         cd:ab:c5:2e:c3:b1:65:d2:c9:f7:07:b4:1f:ba:3e:59:c6:fc:
         87:23:93:21:21:b9:fa:25:73:45:77:cc:5e:34:55:f2:01:07:
         58:ab:4a:8f:08:7a:9e:4d:67:eb:14:a9:9b:b0:66:77:8c:7e:
         5a:5e:cc:1d:e5:48:8d:36:0b:87:68:f0:94:e1:b0:35:09:c3:
         d8:00:f8:4a:bc:9a:0b:c1:7a:73:ad:9a:7a:45:c0:31:5c:33:
         a3:8f:5f:b8:9d:df:67:43:ff:5e:0c:a0:e8:98:56:f9:39:a5:
         e1:51:0f:ca:73:64:ce:2a:cf:f4:1d:76:19:d2:59:dc:e7:87:
         8f:02:8d:ee:19:d9:6a:d7:05:a6:e5:48:df:8f:3a:7d:54:05:
         17:fd:01:58:e4:50:94:d2:dc:52:c0:16:93:85:9e:7d:71:03:
         11:3d:9f:22:f8:0e:33:6c:18:33:9a:88:ec:89:f0:c8:ec:1d:
         d0:47:e2:9b:40:8a:cf:17:76:bd:14:33:27:1d:af:5d:5c:23:
         53:95:12:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUAR5RN43mTcnTYzjYxmL4+Adt0yswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDYwMDQyMTFaFw0yNzA1MDUwMDQ3MTFaMDMxMTAvBgNV
BAMTKEU4NTkyNUY2OTNDQzYxQUYyMUI1RDQ2MzNEMzYyODczREVBMzFFQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC09t/E+IqzddHzhR6hh6uYD1Qa
3p5dce6qPInxkJLt5xgaipPY7d5hzcphoFczzYkKeot9QmEMtoXKOBJH262ENvMS
JaY0t1yUItmv67qDGf1s6dyh5HMSvDFv+krvwgc0sY3rFizZL2fVgbuiW060iVGg
1Icz/kGqm7H/um6wFfCf6Gwo9dxQFDeDyw39HtzTfNYF7cva7F04phDnM3Aj+8x6
0r3D3gnImqF9lSos/rR0sxj+gfT2vefDzkqQdEM09ltHVKHDG6YCeYVJXdwt8/fV
Km5hdwkn0ZayjeRgn0vJsXZTkQMc2BNK8mJQ0UsaZIR7TTMtTnzrbDzQLaQVAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU6Fkl9pPMYa8htdRjPTYoc96jHqwwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMTE0MjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC11g0w
DQYJKoZIhvcNAQELBQADggEBAA3F+EotDsY6XOQ5JBM8HXTGxP0s8mc5GnFGY/Wh
NCDTuuYvIzlaaFUiRYUtK1S3dsO4hp+U9s2rxS7DsWXSyfcHtB+6PlnG/IcjkyEh
ufolc0V3zF40VfIBB1irSo8Iep5NZ+sUqZuwZneMflpezB3lSI02C4do8JThsDUJ
w9gA+Eq8mgvBenOtmnpFwDFcM6OPX7id32dD/14MoOiYVvk5peFRD8pzZM4qz/Qd
dhnSWdznh48Cje4Z2WrXBablSN+POn1UBRf9AVjkUJTS3FLAFpOFnn1xAxE9nyL4
DjNsGDOaiOyJ8MjsHdBH4ptAis8Xdr0UMycdr11cI1OVEqY=
-----END CERTIFICATE-----