Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS47447.roa
File:                     AS47447.roa (raw, json)
Hash identifier:          EV6UkRUVQoLwIT15f7LQ/kubL7TbxYLv0TYbgaOS6zY=
Subject key identifier:   8F:EA:54:5A:B9:92:59:B6:CE:D0:0A:33:C9:21:4B:69:4D:5E:E2:9B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       62CE22D02D0D5685C14868732C9B8B9B216F93D6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS47447.roa
Signing time:             Mon 08 Jun 2026 04:41:49 +0000
ROA not before:           Mon 08 Jun 2026 04:36:49 +0000
ROA not after:            Mon 07 Jun 2027 04:41:49 +0000
asID:                     47447
IP address blocks:        148.135.182.0/24 maxlen: 24
                          155.117.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:ce:22:d0:2d:0d:56:85:c1:48:68:73:2c:9b:8b:9b:21:6f:93:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  8 04:36:49 2026 GMT
            Not After : Jun  7 04:41:49 2027 GMT
        Subject: CN=8FEA545AB99259B6CED00A33C9214B694D5EE29B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:08:da:d6:a7:58:a8:bc:67:18:55:a0:a5:cd:
                    8f:d4:06:2c:41:d2:95:39:54:df:42:e1:ca:5a:f5:
                    0c:b8:f9:7b:92:c3:65:73:83:cf:fc:b5:c7:df:17:
                    bd:8b:c0:7d:d7:bf:e9:a9:8d:ed:ba:ba:3b:7e:a2:
                    b1:fa:c2:fc:98:17:d2:60:25:cf:c4:d4:3d:df:77:
                    35:fa:8b:06:f2:ae:02:94:9b:b7:15:21:e5:ae:ea:
                    cb:4a:b7:0b:6a:64:5e:c7:9b:2e:f4:42:84:04:39:
                    4f:a3:08:c5:b7:f7:0e:c8:c4:e6:8e:b7:8c:4d:37:
                    78:be:79:d6:64:77:97:f9:39:45:c4:07:7f:a5:df:
                    54:a0:bf:07:5e:24:96:96:36:71:34:2d:09:3f:c5:
                    74:45:3e:d0:b5:39:45:4b:2a:6b:c5:33:71:d5:b1:
                    02:88:5b:90:35:19:f2:57:72:ae:1f:cb:bb:e1:09:
                    f8:cf:95:43:87:f3:5e:e5:06:a8:06:ad:80:36:c1:
                    72:72:19:01:82:96:30:37:61:42:ea:88:ae:b1:cd:
                    e9:50:25:8b:46:f8:af:04:99:a0:c6:51:c6:f5:91:
                    d0:e3:ec:ed:fd:5c:d7:be:c2:1a:f8:ea:c0:6a:8a:
                    31:0b:fd:d8:f3:4d:23:5a:cc:17:69:5d:b6:31:f3:
                    df:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:EA:54:5A:B9:92:59:B6:CE:D0:0A:33:C9:21:4B:69:4D:5E:E2:9B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS47447.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.182.0/24
                  155.117.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:f3:8f:fb:8a:65:9d:0b:9e:90:56:03:e1:19:6e:01:0d:5c:
         93:47:5d:c8:5e:47:55:fe:db:e8:e0:ff:2d:68:04:d2:59:7c:
         7e:bd:46:d9:ae:dc:1d:69:86:67:2b:f8:b9:68:ea:50:00:73:
         72:49:1c:f4:46:ee:f0:55:94:60:b6:da:59:bc:04:10:ea:48:
         f8:12:27:f4:16:14:9c:f6:54:82:03:c3:b9:63:99:ee:c8:6d:
         33:e3:0f:28:27:f9:fe:2e:05:90:f5:58:1b:04:7d:05:9b:a4:
         4f:a3:1c:31:02:16:11:f7:cc:b3:c5:2a:7a:1e:81:bb:be:c0:
         b8:5c:7f:0c:fe:19:99:d6:3f:01:6b:f0:53:80:c4:f6:4e:13:
         a9:7e:a6:db:2c:58:6d:10:fd:d4:3a:14:44:ad:2d:fc:3c:6f:
         d2:a1:96:3e:6f:d5:66:c1:70:6d:d8:4f:ae:ac:e4:d8:24:ca:
         cc:e6:70:92:63:e5:e4:5a:e7:9b:57:4b:40:51:67:09:67:92:
         46:09:c4:6b:2b:3c:1b:25:79:85:d3:ff:b1:e5:4f:7e:49:01:
         06:6f:16:58:f5:36:bc:fa:2f:22:2b:83:2e:cf:37:b4:b0:25:
         11:b6:dc:a8:f0:c0:1e:0a:22:99:6a:9b:41:5e:67:b2:82:f4:
         61:f5:d5:54
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUYs4i0C0NVoXBSGhzLJuLmyFvk9YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDgwNDM2NDlaFw0yNzA2MDcwNDQxNDlaMDMxMTAvBgNV
BAMTKDhGRUE1NDVBQjk5MjU5QjZDRUQwMEEzM0M5MjE0QjY5NEQ1RUUyOUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4CNrWp1iovGcYVaClzY/UBixB
0pU5VN9C4cpa9Qy4+XuSw2Vzg8/8tcffF72LwH3Xv+mpje26ujt+orH6wvyYF9Jg
Jc/E1D3fdzX6iwbyrgKUm7cVIeWu6stKtwtqZF7Hmy70QoQEOU+jCMW39w7IxOaO
t4xNN3i+edZkd5f5OUXEB3+l31SgvwdeJJaWNnE0LQk/xXRFPtC1OUVLKmvFM3HV
sQKIW5A1GfJXcq4fy7vhCfjPlUOH817lBqgGrYA2wXJyGQGCljA3YULqiK6xzelQ
JYtG+K8EmaDGUcb1kdDj7O39XNe+whr46sBqijEL/djzTSNazBdpXbYx899HAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUj+pUWrmSWbbO0AozySFLaU1e4pswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDc0NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACUh7YD
BACbdbcwDQYJKoZIhvcNAQELBQADggEBAE3zj/uKZZ0LnpBWA+EZbgENXJNHXche
R1X+2+jg/y1oBNJZfH69Rtmu3B1phmcr+Llo6lAAc3JJHPRG7vBVlGC22lm8BBDq
SPgSJ/QWFJz2VIIDw7ljme7IbTPjDygn+f4uBZD1WBsEfQWbpE+jHDECFhH3zLPF
Knoegbu+wLhcfwz+GZnWPwFr8FOAxPZOE6l+ptssWG0Q/dQ6FEStLfw8b9Khlj5v
1WbBcG3YT66s5NgkyszmcJJj5eRa55tXS0BRZwlnkkYJxGsrPBsleYXT/7HlT35J
AQZvFlj1Nrz6LyIrgy7PN7SwJRG23KjwwB4KIplqm0FeZ7KC9GH11VQ=
-----END CERTIFICATE-----