Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          CqR1zYBeBhMjtf3Sey3lwEgcutRsBEiyEvVd+DzVJU0=
Subject key identifier:   4D:EE:75:31:0F:54:C3:5A:5E:C4:82:39:C8:FD:24:17:3A:3E:5D:0A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3DE1C7B9B3EEE951E727715132402FBED1B90729
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
Signing time:             Wed 01 Apr 2026 14:06:09 +0000
ROA not before:           Wed 01 Apr 2026 14:01:09 +0000
ROA not after:            Wed 31 Mar 2027 14:06:09 +0000
asID:                     57043
IP address blocks:        162.141.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3d:e1:c7:b9:b3:ee:e9:51:e7:27:71:51:32:40:2f:be:d1:b9:07:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 14:01:09 2026 GMT
            Not After : Mar 31 14:06:09 2027 GMT
        Subject: CN=4DEE75310F54C35A5EC48239C8FD24173A3E5D0A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:72:92:9f:42:90:71:a6:82:b7:48:4a:fa:98:
                    04:d7:50:15:97:23:cc:96:7a:33:5c:2c:2f:88:a8:
                    c8:78:92:48:75:0d:a5:12:0f:e7:09:5b:0e:e5:fa:
                    c4:d9:9f:73:86:d7:57:1c:cb:eb:05:9a:4b:9d:bd:
                    0e:27:f9:9e:db:6f:e8:b0:92:07:a0:44:bf:56:9a:
                    45:af:b6:89:27:18:87:e0:9d:e2:e1:a5:3f:37:d0:
                    31:c1:2a:fc:36:3a:7d:0e:8f:84:ee:be:15:66:0e:
                    9e:08:af:a4:87:e6:65:25:ca:fe:48:5c:fb:18:63:
                    d0:18:7f:e7:06:89:17:15:4d:51:ed:7c:4b:07:cf:
                    e4:f4:d7:82:d9:b7:e2:72:8e:92:51:99:5e:5c:b9:
                    0f:ef:31:0a:4b:72:4d:a1:be:79:77:02:1c:d2:e0:
                    b9:b6:a6:f5:a2:5d:48:7a:2c:b8:a0:b3:44:36:c7:
                    0d:6b:8d:ec:e9:49:04:4c:04:8c:b7:0a:4c:6f:25:
                    03:a2:4b:9b:53:7e:19:9a:fb:54:bb:74:b3:4c:21:
                    75:ea:ea:28:e4:df:c4:fd:58:66:a7:0d:86:81:01:
                    54:39:d1:f2:1f:25:31:6b:87:57:54:0d:e1:80:93:
                    41:2f:09:b8:17:80:39:53:ef:0a:a2:0a:75:0d:9d:
                    c0:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:EE:75:31:0F:54:C3:5A:5E:C4:82:39:C8:FD:24:17:3A:3E:5D:0A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8f:36:19:33:12:d4:13:46:1f:fc:0c:9e:e6:09:05:9b:6e:
         ea:50:92:da:cb:05:82:75:4a:2c:fd:9d:e6:7b:9c:3a:4e:ab:
         a5:e2:22:86:33:ea:c8:df:1f:10:ee:56:cd:0d:c8:4b:6a:5a:
         c4:35:a9:aa:02:14:22:3e:75:a8:d5:9c:ba:f1:30:96:42:02:
         a3:b1:54:a0:04:54:f5:d0:b1:3c:6e:d8:7f:d1:d9:94:f7:36:
         8a:14:6b:b5:8e:02:2d:22:31:30:1c:73:13:db:8d:41:a3:e7:
         02:88:f6:55:e5:ea:83:78:48:df:eb:d2:5d:be:06:9c:30:77:
         a6:50:35:e5:bf:44:91:e7:0e:fa:77:87:0e:b0:59:c3:05:39:
         7c:94:ed:b4:45:69:52:47:57:76:7c:a7:4a:9d:af:f1:f9:d3:
         e3:98:aa:ad:50:4e:b7:06:4f:c3:23:20:64:bd:a5:12:f8:24:
         63:f3:b7:22:db:ab:e2:51:f5:23:2e:f4:77:a4:6d:58:8e:37:
         10:de:63:d6:09:3a:ff:4e:c6:3f:e0:b8:ed:61:b5:98:24:da:
         da:4b:b7:64:5e:da:f6:63:02:1c:27:3c:15:ed:7e:a3:f0:c0:
         bf:49:99:46:b0:c3:76:60:d9:73:97:3d:35:96:35:d0:9f:ef:
         40:3d:31:34
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPeHHubPu6VHnJ3FRMkAvvtG5BykwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDExNDAxMDlaFw0yNzAzMzExNDA2MDlaMDMxMTAvBgNV
BAMTKDRERUU3NTMxMEY1NEMzNUE1RUM0ODIzOUM4RkQyNDE3M0EzRTVEMEEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqcpKfQpBxpoK3SEr6mATXUBWX
I8yWejNcLC+IqMh4kkh1DaUSD+cJWw7l+sTZn3OG11ccy+sFmkudvQ4n+Z7bb+iw
kgegRL9WmkWvtoknGIfgneLhpT830DHBKvw2On0Oj4TuvhVmDp4Ir6SH5mUlyv5I
XPsYY9AYf+cGiRcVTVHtfEsHz+T014LZt+JyjpJRmV5cuQ/vMQpLck2hvnl3AhzS
4Lm2pvWiXUh6LLigs0Q2xw1rjezpSQRMBIy3CkxvJQOiS5tTfhma+1S7dLNMIXXq
6ijk38T9WGanDYaBAVQ50fIfJTFrh1dUDeGAk0EvCbgXgDlT7wqiCnUNncCBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUTe51MQ9Uw1pexII5yP0kFzo+XQowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACijX4w
DQYJKoZIhvcNAQELBQADggEBAAaPNhkzEtQTRh/8DJ7mCQWbbupQktrLBYJ1Siz9
neZ7nDpOq6XiIoYz6sjfHxDuVs0NyEtqWsQ1qaoCFCI+dajVnLrxMJZCAqOxVKAE
VPXQsTxu2H/R2ZT3NooUa7WOAi0iMTAccxPbjUGj5wKI9lXl6oN4SN/r0l2+Bpww
d6ZQNeW/RJHnDvp3hw6wWcMFOXyU7bRFaVJHV3Z8p0qdr/H50+OYqq1QTrcGT8Mj
IGS9pRL4JGPztyLbq+JR9SMu9HekbViONxDeY9YJOv9Oxj/guO1htZgk2tpLt2Re
2vZjAhwnPBXtfqPwwL9JmUaww3Zg2XOXPTWWNdCf70A9MTQ=
-----END CERTIFICATE-----