Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS6517.roa
File:                     AS6517.roa (raw, json)
Hash identifier:          X6GX45rLVEUidnTqIfgn06NRXQB0zwhFnIN/BjfCZ8Y=
Subject key identifier:   4F:2F:DF:2D:36:A7:A2:52:D6:A0:37:07:83:46:9C:0D:97:B6:C7:30
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       4E38A7697B9425B319CEF8E0EC75349F9D427D25
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS6517.roa
Signing time:             Mon 04 May 2026 14:56:19 +0000
ROA not before:           Mon 04 May 2026 14:51:19 +0000
ROA not after:            Mon 03 May 2027 14:56:19 +0000
asID:                     6517
IP address blocks:        2a14:7580:f600::/40 maxlen: 40
                          2a14:7583:5e00::/40 maxlen: 48
                          2a14:7583:a400::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:48:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:38:a7:69:7b:94:25:b3:19:ce:f8:e0:ec:75:34:9f:9d:42:7d:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May  4 14:51:19 2026 GMT
            Not After : May  3 14:56:19 2027 GMT
        Subject: CN=4F2FDF2D36A7A252D6A0370783469C0D97B6C730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:6f:f7:2b:8f:f6:49:9a:3c:5c:c6:14:3e:11:
                    06:c4:bd:16:a1:8a:b8:92:38:b3:5c:5f:a7:df:8b:
                    fa:df:58:11:38:2c:fd:be:cc:0c:96:b5:c1:db:bb:
                    e9:6e:f9:a3:f1:ed:a4:48:5f:86:c2:5f:c3:be:82:
                    be:99:68:e5:05:58:f5:ec:bd:59:36:fe:c7:60:66:
                    7a:f2:98:aa:1c:ed:89:f6:d3:bd:3d:57:f4:2b:7f:
                    b8:fa:66:f2:d3:ea:ee:c2:80:ed:e1:3b:c2:37:73:
                    ef:e8:fc:e5:2b:ce:86:8d:60:78:0f:81:5b:7f:4d:
                    34:43:57:c1:04:82:49:0e:87:2f:d7:a9:16:6c:70:
                    7b:96:82:40:c9:4e:27:83:4e:46:d7:7f:a2:2e:07:
                    60:b5:5f:65:4c:01:3c:e9:f9:62:92:d3:61:40:cc:
                    75:c0:c7:48:e2:4d:2d:c4:b1:1d:67:45:e6:68:e6:
                    22:ca:36:8c:1a:ec:b5:fe:db:07:81:25:3a:b8:f4:
                    1f:6a:6c:f0:14:b3:f4:d9:cb:b8:96:fb:47:b5:1e:
                    d7:0a:b8:7f:ea:f6:fc:35:2f:92:89:85:22:6a:5f:
                    e5:78:7c:33:e4:79:93:b5:9e:97:64:4f:41:1c:c5:
                    2b:77:dc:6e:e1:83:90:6d:f3:8e:bf:0e:2a:a4:66:
                    78:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:2F:DF:2D:36:A7:A2:52:D6:A0:37:07:83:46:9C:0D:97:B6:C7:30
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS6517.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:f600::/40
                  2a14:7583:5e00::/40
                  2a14:7583:a400::/38

    Signature Algorithm: sha256WithRSAEncryption
         50:90:e1:f0:0c:ba:79:d7:cf:5a:ad:87:26:a6:02:ee:cd:44:
         01:d0:4c:ad:3d:fc:67:a2:35:f0:15:4a:7f:8c:8a:49:f0:6d:
         a8:0b:f9:ac:7c:24:f3:99:3e:ae:e3:2f:87:31:b5:69:68:f6:
         20:bf:18:9a:10:37:73:f4:55:bb:93:45:27:c7:bb:14:18:de:
         06:4f:64:ec:a9:4c:bf:a4:ba:f7:00:94:46:ed:a6:88:f9:80:
         5b:83:09:39:9a:a8:e1:73:47:d3:13:d9:91:17:d6:9b:7b:36:
         d1:70:15:cd:dc:4b:c0:f2:36:e0:40:f2:0f:5f:4f:84:c7:05:
         ff:c0:5a:37:a4:88:cb:15:07:36:3b:25:03:a8:82:0c:8f:cb:
         64:a4:23:de:db:41:c9:d0:6e:38:52:1a:1b:c1:0f:43:5e:40:
         f5:d6:d9:dd:cf:b7:39:ed:81:84:89:bd:4c:32:07:a5:de:8d:
         40:61:1a:61:02:46:ca:11:08:6c:bd:71:10:e0:25:da:55:a4:
         5d:74:e8:00:c4:d4:ef:e0:30:51:05:19:8b:b2:07:c2:76:f1:
         e1:a4:54:a9:10:b2:cd:3a:37:8e:4e:7e:2d:2c:12:58:cb:e9:
         1f:4e:56:9c:58:34:62:f7:a6:ff:82:8d:01:13:ec:4a:47:75:
         27:bc:b3:25
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIUTjinaXuUJbMZzvjg7HU0n51CfSUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MDQxNDUxMTlaFw0yNzA1MDMxNDU2MTlaMDMxMTAvBgNV
BAMTKDRGMkZERjJEMzZBN0EyNTJENkEwMzcwNzgzNDY5QzBEOTdCNkM3MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCob/crj/ZJmjxcxhQ+EQbEvRah
iriSOLNcX6ffi/rfWBE4LP2+zAyWtcHbu+lu+aPx7aRIX4bCX8O+gr6ZaOUFWPXs
vVk2/sdgZnrymKoc7Yn20709V/Qrf7j6ZvLT6u7CgO3hO8I3c+/o/OUrzoaNYHgP
gVt/TTRDV8EEgkkOhy/XqRZscHuWgkDJTieDTkbXf6IuB2C1X2VMATzp+WKS02FA
zHXAx0jiTS3EsR1nReZo5iLKNowa7LX+2weBJTq49B9qbPAUs/TZy7iW+0e1HtcK
uH/q9vw1L5KJhSJqX+V4fDPkeZO1npdkT0EcxSt33G7hg5Bt846/DiqkZnjrAgMB
AAGjggIaMIICFjAdBgNVHQ4EFgQUTy/fLTanolLWoDcHg0acDZe2xzAwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNjUxNy5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAxBggrBgEFBQcBBwEB/wQiMCAwHgQCAAIwGAMGACoUdYD2
AwYAKhR1g14DBgIqFHWDpDANBgkqhkiG9w0BAQsFAAOCAQEAUJDh8Ay6edfPWq2H
JqYC7s1EAdBMrT38Z6I18BVKf4yKSfBtqAv5rHwk85k+ruMvhzG1aWj2IL8YmhA3
c/RVu5NFJ8e7FBjeBk9k7KlMv6S69wCURu2miPmAW4MJOZqo4XNH0xPZkRfWm3s2
0XAVzdxLwPI24EDyD19PhMcF/8BaN6SIyxUHNjslA6iCDI/LZKQj3ttBydBuOFIa
G8EPQ15A9dbZ3c+3Oe2BhIm9TDIHpd6NQGEaYQJGyhEIbL1xEOAl2lWkXXToAMTU
7+AwUQUZi7IHwnbx4aRUqRCyzTo3jk5+LSwSWMvpH05WnFg0Yvem/4KNARPsSkd1
J7yzJQ==
-----END CERTIFICATE-----