Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS1239.roa
File:                     AS1239.roa (raw, json)
Hash identifier:          02FN8QZBrhhJLp+/+fbne8B1QHQuXygwHrNm6VQNr/I=
Subject key identifier:   4B:94:14:CF:4C:EA:E2:F6:6F:5D:8B:00:AD:69:4C:DC:47:B4:94:3F
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5D246451D4533FE19C738052A7919E5405F233A1
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS1239.roa
Signing time:             Tue 24 Mar 2026 00:04:53 +0000
ROA not before:           Mon 23 Mar 2026 23:59:53 +0000
ROA not after:            Tue 23 Mar 2027 00:04:53 +0000
asID:                     1239
IP address blocks:        92.113.70.0/24 maxlen: 24
                          92.113.71.0/24 maxlen: 24
                          92.113.72.0/24 maxlen: 24
                          92.113.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:24:64:51:d4:53:3f:e1:9c:73:80:52:a7:91:9e:54:05:f2:33:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 23 23:59:53 2026 GMT
            Not After : Mar 23 00:04:53 2027 GMT
        Subject: CN=4B9414CF4CEAE2F66F5D8B00AD694CDC47B4943F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:b3:f6:2d:07:91:75:8e:15:e2:c5:6e:a7:a4:
                    22:3d:b1:03:3f:8a:38:59:86:2a:63:bd:3e:85:57:
                    2a:d9:14:53:52:59:b5:f2:a4:68:46:5c:1d:d8:1f:
                    5b:03:cc:b6:5e:f6:e3:41:c9:b1:03:f6:c0:f2:dc:
                    4c:f0:8b:bc:49:33:4d:d0:aa:a3:92:e2:3e:96:5c:
                    f2:ba:53:6e:60:cc:07:e2:ab:25:64:b3:6c:27:63:
                    50:df:38:29:82:2a:4e:48:f0:29:7f:2e:32:60:4a:
                    64:86:9b:f7:7e:46:42:18:a8:01:06:7e:81:10:ee:
                    67:eb:53:5b:fb:0f:b2:ed:13:39:a7:80:03:9b:29:
                    04:9a:cb:dd:7a:25:8e:39:1d:33:c1:57:8c:72:eb:
                    8f:86:89:23:78:04:95:0e:4f:68:9d:5f:8c:69:db:
                    fb:e4:b6:65:68:6f:9b:46:6d:09:10:73:43:77:22:
                    68:c0:a4:4f:21:d1:4e:fe:f2:d3:e9:67:af:f3:4f:
                    f2:a4:19:12:e1:8c:c8:6d:b5:ec:7d:13:05:75:77:
                    de:d8:2a:40:dd:57:1f:54:d6:0b:5f:91:a6:c3:c6:
                    79:7d:6f:98:7b:6d:0d:38:09:05:30:71:d2:aa:96:
                    83:34:14:1f:97:da:fe:19:d6:33:0b:bd:9c:55:45:
                    b2:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:94:14:CF:4C:EA:E2:F6:6F:5D:8B:00:AD:69:4C:DC:47:B4:94:3F
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS1239.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.70.0-92.113.72.255
                  92.113.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:05:5e:02:c7:d2:de:7d:8e:0b:93:f7:4b:e1:5a:b7:84:bc:
         df:a7:f9:7b:d9:8d:26:fb:cb:ba:d0:f1:07:3a:a3:cb:16:14:
         cf:d9:77:26:84:5c:b7:78:3d:b6:9b:a6:af:6a:ea:12:b1:ba:
         8b:db:ce:e6:30:58:f9:d7:80:e1:2e:8c:44:bc:f8:9d:ee:10:
         67:8a:94:f2:5d:80:ce:be:6e:e7:1d:7c:ca:ba:42:5b:ae:c0:
         a9:6a:51:9b:ae:bf:c8:0e:bd:56:1f:f0:29:44:59:85:ed:96:
         d7:29:ae:69:47:c1:fe:a5:29:64:de:14:b5:64:a8:4f:af:80:
         ae:78:b4:cb:78:17:14:46:36:e5:21:d0:b4:ad:d9:df:da:61:
         55:37:ae:f0:01:20:fe:b8:5f:ba:81:83:9f:0c:30:4e:a2:1f:
         9f:03:d9:57:47:bc:6e:20:17:43:b2:9f:ee:f6:c1:13:20:d5:
         32:0e:dc:eb:de:6e:8a:49:d4:50:9d:c4:3e:f7:2f:ac:39:f6:
         ec:62:22:73:33:33:73:4a:32:bb:06:96:de:74:ce:3f:f3:3a:
         dd:fe:06:05:2b:c2:db:b3:e9:11:32:15:db:eb:ef:b4:43:ad:
         4c:8b:5e:4c:58:e1:48:bf:58:91:aa:26:c8:7e:eb:a9:16:71:
         80:79:b6:a9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXSRkUdRTP+Gcc4BSp5GeVAXyM6EwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMjMyMzU5NTNaFw0yNzAzMjMwMDA0NTNaMDMxMTAvBgNV
BAMTKDRCOTQxNENGNENFQUUyRjY2RjVEOEIwMEFENjk0Q0RDNDdCNDk0M0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCjs/YtB5F1jhXixW6npCI9sQM/
ijhZhipjvT6FVyrZFFNSWbXypGhGXB3YH1sDzLZe9uNBybED9sDy3Ezwi7xJM03Q
qqOS4j6WXPK6U25gzAfiqyVks2wnY1DfOCmCKk5I8Cl/LjJgSmSGm/d+RkIYqAEG
foEQ7mfrU1v7D7LtEzmngAObKQSay916JY45HTPBV4xy64+GiSN4BJUOT2idX4xp
2/vktmVob5tGbQkQc0N3ImjApE8h0U7+8tPpZ6/zT/KkGRLhjMhttex9EwV1d97Y
KkDdVx9U1gtfkabDxnl9b5h7bQ04CQUwcdKqloM0FB+X2v4Z1jMLvZxVRbKlAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUS5QUz0zq4vZvXYsArWlM3Ee0lD8wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTIzOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFDAMAwQBXHFG
AwQAXHFIAwQAXHGgMA0GCSqGSIb3DQEBCwUAA4IBAQCWBV4Cx9LefY4Lk/dL4Vq3
hLzfp/l72Y0m+8u60PEHOqPLFhTP2XcmhFy3eD22m6avauoSsbqL287mMFj514Dh
LoxEvPid7hBnipTyXYDOvm7nHXzKukJbrsCpalGbrr/IDr1WH/ApRFmF7ZbXKa5p
R8H+pSlk3hS1ZKhPr4CueLTLeBcURjblIdC0rdnf2mFVN67wASD+uF+6gYOfDDBO
oh+fA9lXR7xuIBdDsp/u9sETINUyDtzr3m6KSdRQncQ+9y+sOfbsYiJzMzNzSjK7
BpbedM4/8zrd/gYFK8Lbs+kRMhXb6++0Q61Mi15MWOFIv1iRqibIfuupFnGAebap
-----END CERTIFICATE-----