Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9291.roa
File:                     AS9291.roa (raw, json)
Hash identifier:          sy32DbHvz4d8o3twVMGGfnSH6/tV121h3I6tZpL9Bi8=
Subject key identifier:   D0:8D:51:12:55:C1:4B:45:D7:91:7D:8C:F0:47:EE:56:50:AF:62:4B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6443AFA0B91C40B6E18BD4338ABC90F95F2B88A5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9291.roa
Signing time:             Thu 09 Apr 2026 15:47:04 +0000
ROA not before:           Thu 09 Apr 2026 15:42:04 +0000
ROA not after:            Thu 08 Apr 2027 15:47:04 +0000
asID:                     9291
IP address blocks:        155.117.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:43:af:a0:b9:1c:40:b6:e1:8b:d4:33:8a:bc:90:f9:5f:2b:88:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  9 15:42:04 2026 GMT
            Not After : Apr  8 15:47:04 2027 GMT
        Subject: CN=D08D511255C14B45D7917D8CF047EE5650AF624B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a9:33:23:7a:03:cc:68:8e:b9:b4:9a:6f:20:
                    3a:f7:68:99:df:64:20:3c:0b:46:f7:35:76:6f:85:
                    27:60:e2:3b:35:d6:6c:7d:e2:0d:42:50:95:3d:3e:
                    ac:26:4f:48:07:de:10:42:ca:d2:76:51:21:ab:b6:
                    84:83:c4:b1:4c:30:af:35:ba:f3:0d:46:65:20:dd:
                    c0:a4:f8:df:42:57:11:66:4a:78:64:96:83:3f:bc:
                    6f:64:2a:84:59:bd:02:a6:06:65:f9:46:89:d3:d7:
                    3f:fa:6c:63:ac:b2:54:05:08:e2:cd:54:5f:c9:6c:
                    b1:58:40:30:c7:51:d5:98:f3:98:40:10:78:d6:b8:
                    ba:e0:34:e0:23:15:7f:a5:4b:9b:5b:5a:4c:c6:e0:
                    fc:a9:da:d0:48:de:45:ca:56:d5:9f:2c:65:1f:d9:
                    8f:d1:7b:ff:f0:71:e4:ea:fc:66:65:ae:e0:5d:3a:
                    46:8e:90:10:69:26:b6:b4:b9:be:87:e7:d5:6f:06:
                    b5:c0:e5:d3:21:e5:ff:5c:a9:3d:97:86:a1:db:bb:
                    e5:9f:9d:1a:81:3d:ac:f7:1b:6a:f0:74:6d:e3:ee:
                    31:15:c1:cf:f4:e7:ef:8d:a3:d9:a2:fc:6a:0a:95:
                    bc:93:17:cd:6d:35:0c:a7:38:69:bc:c2:7f:17:34:
                    c5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:8D:51:12:55:C1:4B:45:D7:91:7D:8C:F0:47:EE:56:50:AF:62:4B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS9291.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:bd:1a:8a:c9:ad:1b:a0:1d:7d:79:fe:8a:dc:b4:f7:95:cb:
         f7:5d:18:88:31:b9:ef:45:ce:f6:12:cd:64:05:35:1c:2c:02:
         7e:64:ac:72:a6:c3:3a:6b:c4:23:c4:36:e4:1a:09:e4:8f:ef:
         f3:0b:7d:5e:e7:43:7c:63:c0:0c:be:ff:d2:bc:2c:cd:44:d1:
         09:a6:f5:22:72:a2:e5:89:7c:72:c8:cc:64:c1:60:ec:6d:a2:
         f9:97:e3:be:19:49:91:53:5e:0b:bf:98:20:a3:48:be:62:65:
         69:4d:54:ad:b6:74:94:7e:ec:17:1d:d7:6b:ff:c9:2d:29:7d:
         e7:9d:68:ac:62:ae:a4:b6:b5:73:9f:31:41:e5:4e:a4:a8:f3:
         f4:e4:23:e2:7d:7d:4e:06:d1:1e:8b:eb:1b:fe:ba:39:ae:60:
         e6:90:39:e6:cb:7c:da:6a:83:87:74:07:fe:bb:bd:e9:a4:76:
         e0:e7:37:14:18:e7:c1:20:41:17:b2:80:f2:dc:ca:fb:19:ae:
         cd:59:d4:1b:a0:9f:76:9e:81:6e:75:c1:a2:95:58:d8:fc:4b:
         10:dd:da:cd:13:76:40:f1:6c:cc:ee:a9:c3:dc:de:27:e9:25:
         c5:d0:f2:01:d6:8d:a5:be:02:75:00:fe:d5:f0:f4:7c:06:1d:
         71:22:f3:bf
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUZEOvoLkcQLbhi9QziryQ+V8riKUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDkxNTQyMDRaFw0yNzA0MDgxNTQ3MDRaMDMxMTAvBgNV
BAMTKEQwOEQ1MTEyNTVDMTRCNDVENzkxN0Q4Q0YwNDdFRTU2NTBBRjYyNEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxqTMjegPMaI65tJpvIDr3aJnf
ZCA8C0b3NXZvhSdg4js11mx94g1CUJU9PqwmT0gH3hBCytJ2USGrtoSDxLFMMK81
uvMNRmUg3cCk+N9CVxFmSnhkloM/vG9kKoRZvQKmBmX5RonT1z/6bGOsslQFCOLN
VF/JbLFYQDDHUdWY85hAEHjWuLrgNOAjFX+lS5tbWkzG4Pyp2tBI3kXKVtWfLGUf
2Y/Re//wceTq/GZlruBdOkaOkBBpJra0ub6H59VvBrXA5dMh5f9cqT2XhqHbu+Wf
nRqBPaz3G2rwdG3j7jEVwc/05++No9mi/GoKlbyTF81tNQynOGm8wn8XNMVlAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU0I1RElXBS0XXkX2M8EfuVlCvYkswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTI5MS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJt17zAN
BgkqhkiG9w0BAQsFAAOCAQEAQr0aismtG6AdfXn+ity095XL910YiDG570XO9hLN
ZAU1HCwCfmSscqbDOmvEI8Q25BoJ5I/v8wt9XudDfGPADL7/0rwszUTRCab1InKi
5Yl8csjMZMFg7G2i+ZfjvhlJkVNeC7+YIKNIvmJlaU1UrbZ0lH7sFx3Xa//JLSl9
551orGKupLa1c58xQeVOpKjz9OQj4n19TgbRHovrG/66Oa5g5pA55st82mqDh3QH
/ru96aR24Oc3FBjnwSBBF7KA8tzK+xmuzVnUG6Cfdp6BbnXBopVY2PxLEN3azRN2
QPFszO6pw9zeJ+klxdDyAdaNpb4CdQD+1fD0fAYdcSLzvw==
-----END CERTIFICATE-----