Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS273894.roa
File:                     AS273894.roa (raw, json)
Hash identifier:          MOdqyI2evqVb4Pr9liGB/ZN5DZ9JhFQiKGbLn1Ql7KA=
Subject key identifier:   DD:6A:07:FD:DE:EA:3B:07:1E:DF:0E:4E:D4:3D:00:FF:57:CD:2B:DE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1A91AAFF1160FA28031C1CE5C7CCF34B7E3ED0AC
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS273894.roa
Signing time:             Mon 04 May 2026 19:41:36 +0000
ROA not before:           Mon 04 May 2026 19:36:36 +0000
ROA not after:            Mon 03 May 2027 19:41:36 +0000
asID:                     273894
IP address blocks:        141.11.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:91:aa:ff:11:60:fa:28:03:1c:1c:e5:c7:cc:f3:4b:7e:3e:d0:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  4 19:36:36 2026 GMT
            Not After : May  3 19:41:36 2027 GMT
        Subject: CN=DD6A07FDDEEA3B071EDF0E4ED43D00FF57CD2BDE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c7:99:0a:5c:8c:e9:8e:ff:11:87:ed:e4:1e:
                    0f:d8:b6:c5:85:1b:25:2c:f3:61:96:6a:4b:8e:81:
                    89:c0:ee:b8:a3:86:57:10:6d:e5:e6:bb:cd:98:10:
                    7a:2a:e9:e4:ba:e4:7f:44:21:6a:bb:a2:76:9f:f1:
                    4a:ba:02:4f:a3:eb:85:44:3f:a0:24:23:46:7b:0c:
                    54:83:7d:f8:0c:b7:05:82:4a:8d:5c:ea:96:33:6e:
                    ff:fc:41:f5:24:84:ea:f8:88:87:60:f5:84:49:70:
                    80:b5:8a:cc:ab:c8:38:a6:4e:3a:21:2b:a3:45:4d:
                    97:78:81:15:71:fb:4c:e8:cb:9f:2b:0d:08:b3:06:
                    da:3c:5f:98:93:76:65:12:de:bb:e8:e1:0b:14:7a:
                    2c:a2:5a:c6:22:7e:56:86:21:90:22:9a:75:00:7d:
                    3e:a8:68:ff:c7:20:ab:7f:89:10:4d:e8:c3:e5:b3:
                    12:26:80:af:69:54:b3:92:13:4d:74:23:3a:6d:81:
                    47:1e:57:b7:b3:5a:f3:6f:f1:94:fe:73:a1:53:02:
                    7e:e3:79:7c:d4:2b:5f:d2:9c:65:1a:77:3d:f1:7f:
                    fa:86:71:3f:a9:1f:db:30:59:40:3e:ae:67:d4:04:
                    cb:39:2a:c2:51:35:b7:45:44:5c:c2:51:b6:1e:9f:
                    3b:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:6A:07:FD:DE:EA:3B:07:1E:DF:0E:4E:D4:3D:00:FF:57:CD:2B:DE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS273894.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:28:32:10:6b:e7:32:dd:bf:f5:54:64:e7:1a:f3:44:78:ae:
         71:c7:a1:5d:8b:77:42:72:44:3b:13:e2:98:38:56:ce:5a:5d:
         4d:1d:4f:19:d9:e2:b9:1a:f8:19:75:34:53:6f:7b:38:9d:2b:
         fa:7f:9b:ec:36:bd:d1:6e:55:c6:af:af:67:0c:cc:01:03:88:
         31:ed:77:6c:1c:64:ab:01:a3:f2:df:87:0d:da:6c:4c:0f:d2:
         10:46:5b:38:67:c6:33:21:b9:47:60:b6:dd:d5:46:88:7b:05:
         67:20:2b:07:1a:ec:09:bf:9d:97:bf:c7:3a:93:4c:de:7c:90:
         23:23:f4:a8:a5:83:89:96:4d:c3:9c:19:f3:9f:30:89:ff:21:
         c4:e2:34:4b:93:35:c8:17:11:a9:92:ec:6a:3d:31:e3:df:87:
         cc:ad:6e:5d:2b:69:0f:db:40:1c:6b:12:13:0a:a2:cd:89:7e:
         54:ff:ab:f3:8c:60:b9:91:09:61:b2:26:a6:2e:78:6f:ce:88:
         e3:2b:f6:5c:85:84:bf:0a:06:6e:94:3e:10:95:62:8b:26:e5:
         b0:9c:bf:05:3e:f4:61:63:47:48:08:de:54:42:13:e2:72:3a:
         35:3c:f7:3c:8a:d0:05:51:1b:fb:94:9b:f9:ef:39:07:00:68:
         03:fe:f6:fd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGpGq/xFg+igDHBzlx8zzS34+0KwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDQxOTM2MzZaFw0yNzA1MDMxOTQxMzZaMDMxMTAvBgNV
BAMTKERENkEwN0ZEREVFQTNCMDcxRURGMEU0RUQ0M0QwMEZGNTdDRDJCREUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpx5kKXIzpjv8Rh+3kHg/YtsWF
GyUs82GWakuOgYnA7rijhlcQbeXmu82YEHoq6eS65H9EIWq7onaf8Uq6Ak+j64VE
P6AkI0Z7DFSDffgMtwWCSo1c6pYzbv/8QfUkhOr4iIdg9YRJcIC1isyryDimTjoh
K6NFTZd4gRVx+0zoy58rDQizBto8X5iTdmUS3rvo4QsUeiyiWsYiflaGIZAimnUA
fT6oaP/HIKt/iRBN6MPlsxImgK9pVLOSE010IzptgUceV7ezWvNv8ZT+c6FTAn7j
eXzUK1/SnGUadz3xf/qGcT+pH9swWUA+rmfUBMs5KsJRNbdFRFzCUbYenzsxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3WoH/d7qOwce3w5O1D0A/1fNK94wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMjczODk0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQtd
MA0GCSqGSIb3DQEBCwUAA4IBAQDUKDIQa+cy3b/1VGTnGvNEeK5xx6Fdi3dCckQ7
E+KYOFbOWl1NHU8Z2eK5GvgZdTRTb3s4nSv6f5vsNr3RblXGr69nDMwBA4gx7Xds
HGSrAaPy34cN2mxMD9IQRls4Z8YzIblHYLbd1UaIewVnICsHGuwJv52Xv8c6k0ze
fJAjI/SopYOJlk3DnBnznzCJ/yHE4jRLkzXIFxGpkuxqPTHj34fMrW5dK2kP20Ac
axITCqLNiX5U/6vzjGC5kQlhsiamLnhvzojjK/ZchYS/CgZulD4QlWKLJuWwnL8F
PvRhY0dICN5UQhPicjo1PPc8itAFURv7lJv57zkHAGgD/vb9
-----END CERTIFICATE-----