Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
File:                     AS17497.roa (raw, json)
Hash identifier:          g2LWeLYVf+vXbFEc+OLP83lpria3fPP1CcvM0XN9hDc=
Subject key identifier:   5A:45:35:1F:D6:6D:A1:BC:90:98:71:59:0B:F4:57:B4:B2:11:F9:48
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3FD7E57DACDFCDB35BCA3532391437FE8FCC6AB7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa
Signing time:             Sat 28 Feb 2026 02:09:41 +0000
ROA not before:           Sat 28 Feb 2026 02:04:41 +0000
ROA not after:            Sat 27 Feb 2027 02:09:41 +0000
asID:                     17497
IP address blocks:        148.135.172.0/24 maxlen: 24
                          162.141.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:d7:e5:7d:ac:df:cd:b3:5b:ca:35:32:39:14:37:fe:8f:cc:6a:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 28 02:04:41 2026 GMT
            Not After : Feb 27 02:09:41 2027 GMT
        Subject: CN=5A45351FD66DA1BC909871590BF457B4B211F948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:48:96:03:a3:b6:29:da:ad:60:30:f2:3d:64:
                    3f:86:31:01:7e:65:b0:4f:03:8c:98:3d:06:02:85:
                    e1:90:cd:c8:16:e3:1b:eb:48:02:1f:6c:d5:ca:87:
                    9d:4e:74:ea:9e:84:fa:e7:32:88:67:ea:20:62:b7:
                    ae:09:17:a1:d3:5a:4b:53:98:cc:ee:b4:18:46:90:
                    b8:b5:8e:5d:05:43:e5:30:d1:6c:6b:7b:5f:bf:d5:
                    62:a0:53:6b:20:8a:f9:ad:c5:05:56:79:d0:c0:81:
                    66:09:c4:dc:ec:56:3d:3b:c1:4e:09:93:9c:44:47:
                    06:8c:70:7a:e1:a9:1c:f7:a4:74:1e:a6:02:2a:01:
                    60:c8:4d:9b:64:68:b5:37:cc:ff:ba:d1:42:92:f9:
                    d3:d2:e8:23:55:4f:5a:d7:4b:22:7f:39:00:14:9a:
                    96:db:36:ce:36:ba:7f:d8:c5:a1:4c:20:22:05:e5:
                    86:6a:a2:f4:fc:d7:2b:e0:a6:62:3a:0c:54:e5:4f:
                    3c:97:7f:50:79:2d:8e:80:87:67:43:72:e0:97:00:
                    9e:47:6a:56:37:04:86:26:0b:b6:98:08:de:41:40:
                    5a:fc:10:e7:00:b3:0a:a1:83:4b:b7:0c:96:4a:3b:
                    26:4d:10:bb:84:12:71:72:0d:b2:28:b7:36:90:fe:
                    d3:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:45:35:1F:D6:6D:A1:BC:90:98:71:59:0B:F4:57:B4:B2:11:F9:48
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS17497.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.172.0/24
                  162.141.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:0d:c1:98:06:17:dd:6c:51:22:f6:b8:38:b2:c7:95:8d:be:
         fa:02:12:99:6b:10:eb:6a:8c:eb:1e:fb:2f:89:59:98:76:a8:
         77:ab:ed:b3:87:1d:b5:d6:7c:80:8d:cd:44:08:87:15:cd:32:
         83:24:d3:a9:58:e3:0e:8d:f6:b0:58:f0:1c:41:b1:06:ae:dd:
         67:9e:7d:1b:9e:77:61:e6:a8:a1:dd:19:f3:a0:6a:70:89:35:
         e5:9e:79:d9:ba:94:01:02:fc:09:80:22:c0:3d:3b:2c:b6:6f:
         1e:27:9d:f4:8f:87:7a:1b:c4:2f:0a:7f:75:f3:dc:86:44:b0:
         0f:e6:1c:12:c6:fe:7e:91:9c:3f:c5:78:7e:03:e5:60:72:0b:
         3f:20:bc:2b:ca:c6:6b:5a:c9:9a:99:c5:29:7f:93:7b:df:e8:
         4e:d5:95:54:83:1c:43:51:7c:e8:d7:04:21:72:62:4d:5f:1b:
         1d:7c:86:08:b8:93:b0:33:6d:0f:d1:3e:43:9f:f6:62:d4:a0:
         be:ca:d9:07:56:eb:39:84:28:85:c4:65:17:55:ef:64:ad:28:
         da:c4:a0:ee:2a:4f:56:82:75:fd:60:7b:6d:0e:75:17:d0:41:
         ce:6b:b4:3d:61:27:84:e6:10:95:bb:7e:9a:2e:ab:e1:8b:84:
         15:2c:0b:6f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUP9flfazfzbNbyjUyORQ3/o/MarcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMjgwMjA0NDFaFw0yNzAyMjcwMjA5NDFaMDMxMTAvBgNV
BAMTKDVBNDUzNTFGRDY2REExQkM5MDk4NzE1OTBCRjQ1N0I0QjIxMUY5NDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDASJYDo7Yp2q1gMPI9ZD+GMQF+
ZbBPA4yYPQYCheGQzcgW4xvrSAIfbNXKh51OdOqehPrnMohn6iBit64JF6HTWktT
mMzutBhGkLi1jl0FQ+Uw0Wxre1+/1WKgU2sgivmtxQVWedDAgWYJxNzsVj07wU4J
k5xERwaMcHrhqRz3pHQepgIqAWDITZtkaLU3zP+60UKS+dPS6CNVT1rXSyJ/OQAU
mpbbNs42un/YxaFMICIF5YZqovT81yvgpmI6DFTlTzyXf1B5LY6Ah2dDcuCXAJ5H
alY3BIYmC7aYCN5BQFr8EOcAswqhg0u3DJZKOyZNELuEEnFyDbIotzaQ/tMTAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUWkU1H9ZtobyQmHFZC/RXtLIR+UgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTc0OTcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACUh6wD
BACijWAwDQYJKoZIhvcNAQELBQADggEBABwNwZgGF91sUSL2uDiyx5WNvvoCEplr
EOtqjOse+y+JWZh2qHer7bOHHbXWfICNzUQIhxXNMoMk06lY4w6N9rBY8BxBsQau
3WeefRued2HmqKHdGfOganCJNeWeedm6lAEC/AmAIsA9Oyy2bx4nnfSPh3obxC8K
f3Xz3IZEsA/mHBLG/n6RnD/FeH4D5WByCz8gvCvKxmtayZqZxSl/k3vf6E7VlVSD
HENRfOjXBCFyYk1fGx18hgi4k7AzbQ/RPkOf9mLUoL7K2QdW6zmEKIXEZRdV72St
KNrEoO4qT1aCdf1ge20OdRfQQc5rtD1hJ4TmEJW7fpouq+GLhBUsC28=
-----END CERTIFICATE-----