Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          gdhglxIsR3plposM+XQt83N8jvfuloUvbMuFdt4YtPc=
Subject key identifier:   F9:28:A8:DA:55:63:EA:81:E7:1E:D1:35:39:BE:1F:D4:12:AB:81:10
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       490D9B22ECAD6DDFEEC774700E2F08400BA32D01
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS17497.roa
Signing time:             Tue 17 Mar 2026 09:01:11 +0000
ROA not before:           Tue 17 Mar 2026 08:56:11 +0000
ROA not after:            Tue 16 Mar 2027 09:01:11 +0000
asID:                     17497
IP address blocks:        185.155.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:43:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            49:0d:9b:22:ec:ad:6d:df:ee:c7:74:70:0e:2f:08:40:0b:a3:2d:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 17 08:56:11 2026 GMT
            Not After : Mar 16 09:01:11 2027 GMT
        Subject: CN=F928A8DA5563EA81E71ED13539BE1FD412AB8110
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f7:ed:7a:b2:a8:10:92:82:2b:40:66:7a:a4:
                    73:02:6c:89:3d:ca:2b:fa:41:7e:3b:79:79:82:44:
                    a6:7b:c6:9a:5c:9f:d1:8b:45:b7:c6:ba:e3:bb:e0:
                    27:37:09:a9:88:6d:f2:bb:e9:11:08:4b:38:fa:c5:
                    fe:12:c7:63:c3:be:35:61:24:e0:bb:7d:b9:9d:f1:
                    12:24:c9:a5:d9:3b:3b:8c:b9:30:bc:24:2a:59:fa:
                    68:d3:0c:cc:b6:69:4a:43:0f:f2:fc:03:f1:b4:c2:
                    77:d1:6c:41:0b:28:83:a5:a4:b3:97:f9:32:26:a6:
                    61:0e:58:97:cb:c3:28:57:68:08:56:2b:04:41:c0:
                    e1:13:f9:96:a5:68:e2:48:88:66:62:75:d7:69:b0:
                    2f:35:8d:2f:ea:e9:74:91:26:5c:b5:f9:14:e2:d8:
                    48:d3:22:70:61:08:60:62:f4:38:fc:e4:b8:39:ab:
                    58:7b:ff:0b:9a:da:16:84:1c:72:1f:ee:26:b1:89:
                    8a:0e:b9:0f:75:e8:e3:3c:08:d4:03:32:c7:71:58:
                    13:2f:b5:5b:a2:5e:10:0a:39:a9:c8:9a:70:3a:d3:
                    93:74:09:cf:d7:b3:4f:1e:54:8c:fb:ef:32:22:6a:
                    d4:68:09:a2:08:d5:86:2b:bf:9d:cc:58:e9:d4:db:
                    6b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:28:A8:DA:55:63:EA:81:E7:1E:D1:35:39:BE:1F:D4:12:AB:81:10
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:d3:1d:fa:07:1a:d8:e4:69:f4:be:1d:ba:91:8a:4d:c2:84:
         e0:ac:96:7b:93:ce:9e:e9:ff:56:cb:29:73:b6:98:90:38:bd:
         99:e5:13:9c:15:0f:a2:a9:10:5c:21:fd:8a:4c:f9:b6:8c:2f:
         d5:0e:c6:c4:3e:59:a6:6f:9d:d4:a3:19:c8:75:c7:af:7e:06:
         7b:9a:a3:f3:07:2a:c0:3f:c4:04:0a:d5:41:32:eb:87:5d:23:
         67:06:dc:05:d2:71:eb:15:1d:7b:4b:af:38:5a:5b:8f:52:b2:
         d8:79:d6:6e:76:1f:f1:ef:42:ac:79:cc:b1:9e:76:08:96:6f:
         69:71:f7:48:59:83:bc:8e:94:97:72:17:9d:4f:00:7b:c3:ff:
         28:ba:fd:61:c7:e9:18:74:b2:7e:27:f0:e2:37:d6:94:42:2e:
         84:a2:70:1e:c1:8c:54:bb:db:df:b6:fd:78:fb:c9:05:ed:48:
         57:77:4d:b6:54:74:92:4b:18:38:96:2a:4d:91:b2:61:3a:14:
         ec:c4:1c:c9:c2:a5:f8:07:c7:50:aa:ae:7d:19:1c:7b:f8:25:
         7d:a8:7f:ad:d2:95:45:cc:e8:b7:e3:f2:34:bc:7e:09:af:22:
         86:ca:9a:e6:92:ee:80:ab:f2:e8:0f:74:71:ca:07:bb:95:b0:
         07:e5:29:51
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUSQ2bIuytbd/ux3RwDi8IQAujLQEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTcwODU2MTFaFw0yNzAzMTYwOTAxMTFaMDMxMTAvBgNV
BAMTKEY5MjhBOERBNTU2M0VBODFFNzFFRDEzNTM5QkUxRkQ0MTJBQjgxMTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ9+16sqgQkoIrQGZ6pHMCbIk9
yiv6QX47eXmCRKZ7xppcn9GLRbfGuuO74Cc3CamIbfK76REISzj6xf4Sx2PDvjVh
JOC7fbmd8RIkyaXZOzuMuTC8JCpZ+mjTDMy2aUpDD/L8A/G0wnfRbEELKIOlpLOX
+TImpmEOWJfLwyhXaAhWKwRBwOET+ZalaOJIiGZidddpsC81jS/q6XSRJly1+RTi
2EjTInBhCGBi9Dj85Lg5q1h7/wua2haEHHIf7iaxiYoOuQ916OM8CNQDMsdxWBMv
tVuiXhAKOanImnA605N0Cc/Xs08eVIz77zIiatRoCaII1YYrv53MWOnU22s1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU+Sio2lVj6oHnHtE1Ob4f1BKrgRAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5m94w
DQYJKoZIhvcNAQELBQADggEBABrTHfoHGtjkafS+HbqRik3ChOCslnuTzp7p/1bL
KXO2mJA4vZnlE5wVD6KpEFwh/YpM+baML9UOxsQ+WaZvndSjGch1x69+Bnuao/MH
KsA/xAQK1UEy64ddI2cG3AXScesVHXtLrzhaW49Ssth51m52H/HvQqx5zLGedgiW
b2lx90hZg7yOlJdyF51PAHvD/yi6/WHH6Rh0sn4n8OI31pRCLoSicB7BjFS729+2
/Xj7yQXtSFd3TbZUdJJLGDiWKk2RsmE6FOzEHMnCpfgHx1Cqrn0ZHHv4JX2of63S
lUXM6Lfj8jS8fgmvIobKmuaS7oCr8ugPdHHKB7uVsAflKVE=
-----END CERTIFICATE-----