Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS56594.roa
File:                     AS56594.roa (raw, json)
Hash identifier:          GmjDUL2J3LNGLU62PPnJno0gEcU/q8xxzB1Y1Gnb0qU=
Subject key identifier:   AC:5E:92:BC:EE:1A:84:91:16:10:D1:72:CA:88:59:CA:87:20:1E:97
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       24A4A8899FC2F69CB592FA5ADB0F8C80B087E2B5
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS56594.roa
Signing time:             Thu 12 Mar 2026 16:46:48 +0000
ROA not before:           Thu 12 Mar 2026 16:41:48 +0000
ROA not after:            Thu 11 Mar 2027 16:46:48 +0000
asID:                     56594
IP address blocks:        45.158.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 13:03:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:a4:a8:89:9f:c2:f6:9c:b5:92:fa:5a:db:0f:8c:80:b0:87:e2:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 12 16:41:48 2026 GMT
            Not After : Mar 11 16:46:48 2027 GMT
        Subject: CN=AC5E92BCEE1A84911610D172CA8859CA87201E97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:0a:b5:fc:0d:46:c5:cc:dd:57:b3:19:3f:10:
                    50:fc:db:e6:cb:6c:21:62:df:f6:83:a9:39:c7:d8:
                    37:97:3f:70:07:3d:da:b8:03:09:c5:cc:12:81:71:
                    a8:56:2c:a4:da:58:78:88:b0:50:78:fb:c9:8b:1f:
                    61:af:e5:38:d5:ca:68:8b:67:a5:fb:da:4c:4d:f5:
                    f3:0c:29:59:88:9b:36:f3:e6:29:81:5e:76:d4:96:
                    96:94:20:74:24:d5:10:52:8b:63:25:8a:7c:cd:dd:
                    ef:43:43:3b:04:ae:86:6c:89:1e:48:8e:37:43:b3:
                    c6:32:ec:e3:d6:08:e2:13:1e:58:a2:67:eb:cf:a3:
                    0a:7b:aa:3a:92:d6:78:5a:65:75:38:78:37:4a:bc:
                    31:cd:58:bd:09:a0:8b:f7:10:99:58:0a:73:bf:ed:
                    b7:f5:96:b5:0c:04:09:ba:0c:e9:1a:cf:87:59:a3:
                    b6:d4:78:ce:1f:06:17:08:e7:9c:49:5c:fa:e6:89:
                    b9:fb:fa:dc:36:6d:81:0c:44:5e:64:8b:c2:c0:49:
                    95:ea:8d:37:41:8a:85:48:cb:a8:41:bd:68:63:04:
                    79:b3:cd:8d:74:42:49:e4:56:ee:35:a8:b2:a7:40:
                    dd:c8:0d:86:30:6e:c6:39:8b:15:d7:08:de:d3:0f:
                    f7:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:5E:92:BC:EE:1A:84:91:16:10:D1:72:CA:88:59:CA:87:20:1E:97
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS56594.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:2d:b3:19:ce:8e:f8:22:35:2f:12:47:42:44:c2:11:25:84:
         93:19:eb:73:6b:69:09:01:be:cd:a1:14:61:3f:3d:2b:72:c0:
         99:e1:10:2c:fa:45:f4:9e:94:de:e0:69:71:40:ad:8a:d3:a9:
         fd:85:00:09:6a:e1:6f:ed:ba:7f:45:e4:17:a8:fb:93:f8:d1:
         45:5a:da:2b:e2:8b:61:35:1d:74:90:7d:05:2a:5e:61:d1:92:
         e8:2b:ee:4e:2b:22:3c:03:91:91:85:01:5b:ac:6d:f4:b1:5f:
         95:f7:e1:53:1d:c2:ea:8d:81:79:b1:68:df:48:97:f2:11:cf:
         51:9d:4d:28:a1:91:0b:91:91:f6:53:e6:a0:58:88:7b:20:57:
         3c:c2:7f:ca:dd:60:51:8d:68:f5:1c:bd:a0:77:ac:b3:26:35:
         fc:92:37:2f:17:45:86:f9:69:5c:1e:7e:72:d8:0b:a2:a0:f9:
         54:8b:7f:9f:60:b1:d0:28:08:10:bd:7c:63:9f:7a:bc:ae:e3:
         12:5a:dc:42:87:a4:18:f5:c4:4d:fa:89:f5:e6:e2:ed:17:a2:
         e4:f3:b1:60:79:93:a4:38:1a:ab:3d:88:a5:d4:db:60:8c:e4:
         f0:93:04:df:bc:bc:f2:91:9a:4b:49:fa:02:7e:e8:bd:3e:a7:
         25:68:95:ba
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJKSoiZ/C9py1kvpa2w+MgLCH4rUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMTIxNjQxNDhaFw0yNzAzMTExNjQ2NDhaMDMxMTAvBgNV
BAMTKEFDNUU5MkJDRUUxQTg0OTExNjEwRDE3MkNBODg1OUNBODcyMDFFOTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3CrX8DUbFzN1Xsxk/EFD82+bL
bCFi3/aDqTnH2DeXP3AHPdq4AwnFzBKBcahWLKTaWHiIsFB4+8mLH2Gv5TjVymiL
Z6X72kxN9fMMKVmImzbz5imBXnbUlpaUIHQk1RBSi2MlinzN3e9DQzsEroZsiR5I
jjdDs8Yy7OPWCOITHliiZ+vPowp7qjqS1nhaZXU4eDdKvDHNWL0JoIv3EJlYCnO/
7bf1lrUMBAm6DOkaz4dZo7bUeM4fBhcI55xJXPrmibn7+tw2bYEMRF5ki8LASZXq
jTdBioVIy6hBvWhjBHmzzY10QknkVu41qLKnQN3IDYYwbsY5ixXXCN7TD/c/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUrF6SvO4ahJEWENFyyohZyocgHpcwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNTY1OTQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtnqkw
DQYJKoZIhvcNAQELBQADggEBANItsxnOjvgiNS8SR0JEwhElhJMZ63NraQkBvs2h
FGE/PStywJnhECz6RfSelN7gaXFArYrTqf2FAAlq4W/tun9F5Beo+5P40UVa2ivi
i2E1HXSQfQUqXmHRkugr7k4rIjwDkZGFAVusbfSxX5X34VMdwuqNgXmxaN9Il/IR
z1GdTSihkQuRkfZT5qBYiHsgVzzCf8rdYFGNaPUcvaB3rLMmNfySNy8XRYb5aVwe
fnLYC6Kg+VSLf59gsdAoCBC9fGOferyu4xJa3EKHpBj1xE36ifXm4u0XouTzsWB5
k6Q4Gqs9iKXU22CM5PCTBN+8vPKRmktJ+gJ+6L0+pyVolbo=
-----END CERTIFICATE-----