Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa
File:                     AS2856.roa (raw, json)
Hash identifier:          JawuLYDuWqW81FgGaMpj5zkXvt3ktzs5JvnwCbCMHgc=
Subject key identifier:   CF:6A:3C:71:EA:D2:AC:87:D6:BD:AD:25:58:45:DA:A7:C2:BB:4A:B2
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6715165EFF959525460EBE48510D9A73F2ECF40A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa
Signing time:             Fri 20 Jun 2025 00:03:02 +0000
ROA not before:           Thu 19 Jun 2025 23:58:02 +0000
ROA not after:            Fri 19 Jun 2026 00:03:02 +0000
asID:                     2856
IP address blocks:        178.93.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            67:15:16:5e:ff:95:95:25:46:0e:be:48:51:0d:9a:73:f2:ec:f4:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 19 23:58:02 2025 GMT
            Not After : Jun 19 00:03:02 2026 GMT
        Subject: CN=CF6A3C71EAD2AC87D6BDAD255845DAA7C2BB4AB2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:2f:e4:6a:b6:6d:cd:b2:5d:93:24:ff:c4:bf:
                    69:d5:2e:54:b5:b9:3c:06:94:b2:7d:55:75:35:b9:
                    43:b1:71:e6:bd:5f:19:75:30:d4:e6:7f:fc:bc:f6:
                    a6:85:46:88:bc:29:a0:71:b0:d6:ad:28:be:38:b8:
                    49:ac:73:1d:26:6d:48:58:68:a1:ef:16:73:37:0e:
                    0e:09:e6:0a:8f:52:0f:7b:b5:52:42:34:e1:e4:69:
                    1b:74:89:71:ae:fe:9f:02:36:cd:13:95:f7:81:ce:
                    aa:d7:7e:21:3d:7a:3f:44:cb:e1:cd:56:81:14:ef:
                    a0:2d:ee:e3:55:60:6b:80:35:60:2c:3a:17:2f:60:
                    fa:ed:25:e4:96:c9:a5:ec:a7:51:dc:ca:20:1e:a4:
                    eb:6f:56:19:95:7e:62:be:da:ad:4c:34:9f:a6:35:
                    78:18:7b:46:1a:c6:79:30:72:b2:6f:bf:d6:56:e6:
                    e6:a3:7e:85:06:2b:b6:be:95:87:99:0e:dd:bb:32:
                    0a:19:d8:a8:ab:df:95:32:a8:56:51:fc:95:d0:2b:
                    f7:81:4a:c3:4e:d6:35:25:01:8f:c9:03:a0:45:79:
                    95:79:b6:ba:69:52:b8:96:37:0e:1b:1b:a4:1e:8a:
                    74:b9:87:49:2f:05:20:67:49:fd:e1:75:a8:cc:ed:
                    b0:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:6A:3C:71:EA:D2:AC:87:D6:BD:AD:25:58:45:DA:A7:C2:BB:4A:B2
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS2856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:43:14:ec:8e:7a:f1:45:b9:3e:0e:15:a1:f1:f4:7e:ba:ad:
         01:6e:61:1c:26:a7:e4:b2:4a:f9:90:97:1c:1f:66:43:16:07:
         99:e4:2a:90:e1:29:4e:d4:0a:a7:28:12:62:85:0c:d7:64:c6:
         9e:ae:49:b4:ee:0a:bd:60:ff:4d:d9:cf:c2:17:78:b2:da:d2:
         fc:73:27:ff:98:26:8f:35:1d:03:46:a9:40:31:36:53:61:84:
         9a:06:e3:99:d8:02:17:d1:07:a1:b1:9d:9a:e5:02:82:26:a6:
         40:ec:d0:98:93:62:8c:28:32:bd:d0:88:8e:36:6a:2d:bb:4b:
         b1:b3:97:8d:f1:14:72:3b:f8:6a:0f:df:f8:99:dd:f7:63:cf:
         1c:ba:e7:35:16:19:14:31:df:4a:87:57:30:16:23:63:ce:33:
         fd:c6:d4:11:30:92:f7:64:d8:72:76:38:5b:a0:17:78:0d:64:
         45:7b:2c:de:e5:b1:06:6d:b0:be:21:cf:da:63:b6:a4:e8:4a:
         44:15:54:cd:9f:07:24:6d:35:09:6a:47:43:0c:6b:bd:dc:a8:
         0d:9a:99:d6:74:97:b0:4f:41:ff:7c:5a:5d:27:e1:e5:50:ac:
         59:bf:46:2f:87:fc:97:d8:b7:62:da:b6:4b:0c:5f:bd:19:d7:
         d7:0b:69:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUZxUWXv+VlSVGDr5IUQ2ac/Ls9AowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MTkyMzU4MDJaFw0yNjA2MTkwMDAzMDJaMDMxMTAvBgNV
BAMTKENGNkEzQzcxRUFEMkFDODdENkJEQUQyNTU4NDVEQUE3QzJCQjRBQjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4L+Rqtm3Nsl2TJP/Ev2nVLlS1
uTwGlLJ9VXU1uUOxcea9Xxl1MNTmf/y89qaFRoi8KaBxsNatKL44uEmscx0mbUhY
aKHvFnM3Dg4J5gqPUg97tVJCNOHkaRt0iXGu/p8CNs0TlfeBzqrXfiE9ej9Ey+HN
VoEU76At7uNVYGuANWAsOhcvYPrtJeSWyaXsp1HcyiAepOtvVhmVfmK+2q1MNJ+m
NXgYe0YaxnkwcrJvv9ZW5uajfoUGK7a+lYeZDt27MgoZ2Kir35UyqFZR/JXQK/eB
SsNO1jUlAY/JA6BFeZV5trppUriWNw4bG6QeinS5h0kvBSBnSf3hdajM7bAJAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUz2o8cerSrIfWva0lWEXap8K7SrIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjg1Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArJdaDAN
BgkqhkiG9w0BAQsFAAOCAQEAPUMU7I568UW5Pg4VofH0frqtAW5hHCan5LJK+ZCX
HB9mQxYHmeQqkOEpTtQKpygSYoUM12TGnq5JtO4KvWD/TdnPwhd4strS/HMn/5gm
jzUdA0apQDE2U2GEmgbjmdgCF9EHobGdmuUCgiamQOzQmJNijCgyvdCIjjZqLbtL
sbOXjfEUcjv4ag/f+Jnd92PPHLrnNRYZFDHfSodXMBYjY84z/cbUETCS92TYcnY4
W6AXeA1kRXss3uWxBm2wviHP2mO2pOhKRBVUzZ8HJG01CWpHQwxrvdyoDZqZ1nSX
sE9B/3xaXSfh5VCsWb9GL4f8l9i3Ytq2SwxfvRnX1wtpKg==
-----END CERTIFICATE-----