Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa
File:                     AS42960.roa (raw, json)
Hash identifier:          +9dydKzg8iwloadci8g+v0EmELMFMDLrIE28V8FLWrg=
Subject key identifier:   79:2F:D1:5E:48:E9:DF:76:69:79:30:40:FC:8B:2B:A8:C8:43:3F:5A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       786006B6BA1AEA6A021DE24CED43486B8F7E8A9F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa
Signing time:             Thu 11 Jun 2026 12:16:42 +0000
ROA not before:           Thu 11 Jun 2026 12:11:42 +0000
ROA not after:            Thu 10 Jun 2027 12:16:42 +0000
asID:                     42960
IP address blocks:        155.117.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:60:06:b6:ba:1a:ea:6a:02:1d:e2:4c:ed:43:48:6b:8f:7e:8a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 11 12:11:42 2026 GMT
            Not After : Jun 10 12:16:42 2027 GMT
        Subject: CN=792FD15E48E9DF7669793040FC8B2BA8C8433F5A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:a0:2c:4c:69:35:ce:f1:ab:9c:00:9b:33:27:
                    99:60:6e:90:a9:ba:c5:df:d9:24:98:d7:2f:33:94:
                    1e:d1:9d:5f:01:a0:d0:ab:8c:aa:05:47:08:a8:9f:
                    1a:a4:5e:ea:01:fa:ce:6b:a8:ce:0e:e7:bc:73:c9:
                    4d:2e:53:8e:a1:20:36:43:84:ba:a0:ab:be:ec:19:
                    d4:49:f1:11:06:57:72:7d:4e:35:d6:f5:5d:ff:db:
                    2c:97:4e:4c:28:15:37:0a:27:69:29:18:28:f6:e1:
                    43:a5:dc:2a:08:9c:2c:14:0f:85:2c:52:a0:8c:12:
                    bf:cd:38:07:9c:2f:fc:96:cc:05:09:c7:6b:12:61:
                    74:17:d5:49:3b:fa:5d:1f:ca:4f:6b:a1:18:7e:f8:
                    1b:af:3f:e9:99:1d:d5:2f:8d:7f:f0:77:21:8d:3b:
                    3f:17:61:16:7a:1e:78:5d:3d:7a:36:7b:2c:66:0d:
                    62:5d:c5:fc:73:ac:af:5c:79:d7:76:d1:70:2e:76:
                    b7:eb:bd:7d:0b:80:97:f2:0c:b1:ae:41:a3:eb:b8:
                    4b:d2:98:0f:d7:a0:d5:c3:f7:1e:b7:4e:fb:4d:94:
                    6b:fc:8e:3d:ba:e0:69:28:4e:88:09:e2:bc:2d:21:
                    65:77:4b:fe:23:d4:1d:fa:75:59:ca:d1:20:ad:c6:
                    c2:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:2F:D1:5E:48:E9:DF:76:69:79:30:40:FC:8B:2B:A8:C8:43:3F:5A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS42960.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:00:0b:2b:71:d8:90:0e:88:f8:fd:85:ff:05:f6:32:7d:6e:
         e9:f4:7f:d5:64:9d:7c:b0:5e:88:b1:aa:f6:04:1e:0c:b9:3d:
         7e:aa:66:cc:d2:19:68:7f:17:f0:67:cc:ca:a5:0e:e8:00:3c:
         67:bf:cf:a4:ee:4a:04:51:12:1b:18:0c:35:9f:da:37:4f:11:
         ec:31:d0:d0:9f:7f:d6:30:a1:0e:19:65:57:44:56:26:20:e0:
         c4:b4:6c:08:a3:46:ce:7e:82:11:f6:04:9d:0f:0a:71:f6:16:
         d3:4d:a3:1b:a5:1e:09:f5:3a:39:a8:1c:36:73:8a:c8:d6:32:
         d1:b9:c3:0d:46:81:5d:85:fa:5c:ba:f1:1a:3e:a1:00:bc:d3:
         c5:f2:d1:50:8f:3b:c6:f3:d0:b2:ac:7d:d0:49:44:df:89:b1:
         4a:d3:b1:20:84:b4:1f:4e:ac:32:84:b1:5f:f9:81:35:d4:7d:
         42:49:db:b8:de:38:f9:5d:db:9e:86:f8:54:e1:7b:46:c9:dc:
         78:bb:62:4a:95:f8:f3:6e:77:80:93:94:42:b4:b1:f4:7e:96:
         66:a9:88:ff:9d:a1:e7:00:85:08:32:58:e1:78:d2:89:39:6c:
         28:c5:ff:56:e0:d3:2c:b2:01:cb:11:56:a1:d3:d4:13:fd:94:
         31:7c:03:ef
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUeGAGtroa6moCHeJM7UNIa49+ip8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTExMjExNDJaFw0yNzA2MTAxMjE2NDJaMDMxMTAvBgNV
BAMTKDc5MkZEMTVFNDhFOURGNzY2OTc5MzA0MEZDOEIyQkE4Qzg0MzNGNUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpoCxMaTXO8aucAJszJ5lgbpCp
usXf2SSY1y8zlB7RnV8BoNCrjKoFRwionxqkXuoB+s5rqM4O57xzyU0uU46hIDZD
hLqgq77sGdRJ8REGV3J9TjXW9V3/2yyXTkwoFTcKJ2kpGCj24UOl3CoInCwUD4Us
UqCMEr/NOAecL/yWzAUJx2sSYXQX1Uk7+l0fyk9roRh++BuvP+mZHdUvjX/wdyGN
Oz8XYRZ6HnhdPXo2eyxmDWJdxfxzrK9cedd20XAudrfrvX0LgJfyDLGuQaPruEvS
mA/XoNXD9x63TvtNlGv8jj264GkoTogJ4rwtIWV3S/4j1B36dVnK0SCtxsLNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUeS/RXkjp33ZpeTBA/IsrqMhDP1owHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDI5NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACbdXsw
DQYJKoZIhvcNAQELBQADggEBAAAACytx2JAOiPj9hf8F9jJ9bun0f9VknXywXoix
qvYEHgy5PX6qZszSGWh/F/BnzMqlDugAPGe/z6TuSgRREhsYDDWf2jdPEewx0NCf
f9YwoQ4ZZVdEViYg4MS0bAijRs5+ghH2BJ0PCnH2FtNNoxulHgn1OjmoHDZzisjW
MtG5ww1GgV2F+ly68Ro+oQC808Xy0VCPO8bz0LKsfdBJRN+JsUrTsSCEtB9OrDKE
sV/5gTXUfUJJ27jeOPld256G+FThe0bJ3Hi7YkqV+PNud4CTlEK0sfR+lmapiP+d
oecAhQgyWOF40ok5bCjF/1bg0yyyAcsRVqHT1BP9lDF8A+8=
-----END CERTIFICATE-----