Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS202673.roa
File:                     AS202673.roa (raw, json)
Hash identifier:          Ufv9NGq1LGK3YRWTSdNvqo/PU1UXOCYGCXsbYTI8G2w=
Subject key identifier:   CD:74:47:7C:45:C8:12:53:7C:3F:C3:76:A2:63:E3:E5:EE:10:05:12
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1D2BE980616D301246246B79B5FD4FE663A90F2F
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS202673.roa
Signing time:             Wed 29 Apr 2026 12:45:46 +0000
ROA not before:           Wed 29 Apr 2026 12:40:46 +0000
ROA not after:            Wed 28 Apr 2027 12:45:46 +0000
asID:                     202673
IP address blocks:        2a14:7583:f800::/48 maxlen: 48
                          2a14:7583:f802::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:2b:e9:80:61:6d:30:12:46:24:6b:79:b5:fd:4f:e6:63:a9:0f:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Apr 29 12:40:46 2026 GMT
            Not After : Apr 28 12:45:46 2027 GMT
        Subject: CN=CD74477C45C812537C3FC376A263E3E5EE100512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:14:c2:11:e6:be:71:5b:11:d9:79:24:6e:ee:
                    79:d4:b6:8d:96:22:dc:a5:ec:5f:4c:0e:13:6d:3c:
                    66:69:de:a1:59:37:c9:6e:3a:49:7b:05:06:8f:fa:
                    ec:dc:4d:31:35:15:a4:9b:5a:a2:fd:0a:ee:5e:c1:
                    01:b4:6b:42:a8:74:b0:42:a1:71:c2:8c:8e:b7:ae:
                    ab:11:8f:61:f7:d7:36:bd:49:64:91:1a:34:91:02:
                    ec:e1:05:cb:ac:29:bc:b8:57:32:ad:72:ad:ee:2e:
                    ca:7a:c2:ef:54:9d:24:f6:7f:6e:0a:52:08:06:1b:
                    1b:0a:9c:be:e5:46:6b:4d:db:db:9f:fe:20:35:e6:
                    8e:1d:2f:fe:cc:d6:47:e1:57:72:83:05:f3:8a:9e:
                    f5:e0:dd:ff:6c:dc:d3:1a:91:ff:25:13:4f:2d:90:
                    7d:b7:87:6e:ef:1a:58:c7:4c:7d:08:3f:e2:9c:da:
                    1b:25:b3:90:95:53:59:47:50:04:48:e8:5a:ee:73:
                    13:39:f4:b2:4c:f6:90:28:b7:33:30:12:fc:cc:20:
                    e5:ce:a3:02:6a:7a:9f:c9:0d:95:d2:77:2d:7d:2d:
                    01:0e:a2:a7:57:a9:a3:4f:02:2a:85:3f:f9:07:8b:
                    8b:5c:f0:41:14:4e:38:63:b1:e3:a9:3d:c1:e1:25:
                    fd:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:74:47:7C:45:C8:12:53:7C:3F:C3:76:A2:63:E3:E5:EE:10:05:12
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS202673.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:f800::/48
                  2a14:7583:f802::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:34:9b:8d:0e:ba:3f:b5:15:a3:17:90:53:69:84:38:5f:75:
         af:a8:14:47:e3:9a:bd:1a:13:2e:6d:e1:cd:f7:fc:91:d1:9d:
         10:09:bd:78:61:e6:9b:40:bf:09:1b:86:01:f1:25:ea:a0:77:
         e4:bc:a5:33:d4:ae:82:20:9a:46:bf:76:33:08:8e:3e:d7:a9:
         20:c9:91:48:cd:eb:0d:21:2a:8a:cf:1e:f5:a9:b7:14:ac:bd:
         0d:f5:a7:73:63:d9:31:79:99:29:04:a9:b6:1b:f6:c8:ff:c8:
         1f:8a:b5:f6:f6:04:01:62:ba:3e:c7:bb:ce:5a:9d:18:69:56:
         35:bc:b2:4e:d3:39:0c:ae:7e:3a:5c:e4:99:b6:3d:a5:c1:8f:
         96:45:30:bd:41:c7:32:57:59:2f:4e:c3:6e:aa:ee:38:26:9c:
         7c:14:83:1f:fe:57:83:b6:44:72:4a:8e:52:e7:21:04:62:8b:
         57:6f:88:05:74:46:76:cf:29:ea:c8:23:b3:a3:23:9d:c5:bb:
         51:57:5c:db:20:73:bd:1f:be:aa:27:c3:26:1f:11:73:ab:a6:
         69:9e:a6:f7:a9:cd:a1:8a:c7:62:63:50:60:43:69:9a:2c:39:
         c0:49:79:91:7a:04:af:28:5d:88:47:4d:d0:26:47:70:c6:39:
         4d:ff:c6:1c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUHSvpgGFtMBJGJGt5tf1P5mOpDy8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA0MjkxMjQwNDZaFw0yNzA0MjgxMjQ1NDZaMDMxMTAvBgNV
BAMTKENENzQ0NzdDNDVDODEyNTM3QzNGQzM3NkEyNjNFM0U1RUUxMDA1MTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3FMIR5r5xWxHZeSRu7nnUto2W
Ityl7F9MDhNtPGZp3qFZN8luOkl7BQaP+uzcTTE1FaSbWqL9Cu5ewQG0a0KodLBC
oXHCjI63rqsRj2H31za9SWSRGjSRAuzhBcusKby4VzKtcq3uLsp6wu9UnST2f24K
UggGGxsKnL7lRmtN29uf/iA15o4dL/7M1kfhV3KDBfOKnvXg3f9s3NMakf8lE08t
kH23h27vGljHTH0IP+Kc2hsls5CVU1lHUARI6FrucxM59LJM9pAotzMwEvzMIOXO
owJqep/JDZXSdy19LQEOoqdXqaNPAiqFP/kHi4tc8EEUTjhjseOpPcHhJf3dAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUzXRHfEXIElN8P8N2omPj5e4QBRIwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjAyNjczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhR1
g/gAAwcAKhR1g/gCMA0GCSqGSIb3DQEBCwUAA4IBAQBLNJuNDro/tRWjF5BTaYQ4
X3WvqBRH45q9GhMubeHN9/yR0Z0QCb14YeabQL8JG4YB8SXqoHfkvKUz1K6CIJpG
v3YzCI4+16kgyZFIzesNISqKzx71qbcUrL0N9adzY9kxeZkpBKm2G/bI/8gfirX2
9gQBYro+x7vOWp0YaVY1vLJO0zkMrn46XOSZtj2lwY+WRTC9QccyV1kvTsNuqu44
Jpx8FIMf/leDtkRySo5S5yEEYotXb4gFdEZ2zynqyCOzoyOdxbtRV1zbIHO9H76q
J8MmHxFzq6Zpnqb3qc2hisdiY1BgQ2maLDnASXmRegSvKF2IR03QJkdwxjlN/8Yc
-----END CERTIFICATE-----