Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa
File:                     AS47690.roa (raw, json)
Hash identifier:          Vh1Ty7tlH+VOQXMAOOcicLwKUoXs0XqB/ZQhqHasRzU=
Subject key identifier:   37:4E:89:FD:C5:85:9E:68:DA:35:AE:BA:B1:BD:88:3D:09:B9:64:28
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       20FFB0B2A72EDA006A0422C8731EFFCFCFAE3A5F
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa
Signing time:             Mon 16 Feb 2026 00:06:58 +0000
ROA not before:           Mon 16 Feb 2026 00:01:58 +0000
ROA not after:            Mon 15 Feb 2027 00:06:58 +0000
asID:                     47690
IP address blocks:        212.60.152.0/24 maxlen: 24
                          212.60.156.0/24 maxlen: 24
                          212.60.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:ff:b0:b2:a7:2e:da:00:6a:04:22:c8:73:1e:ff:cf:cf:ae:3a:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Feb 16 00:01:58 2026 GMT
            Not After : Feb 15 00:06:58 2027 GMT
        Subject: CN=374E89FDC5859E68DA35AEBAB1BD883D09B96428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:b6:b0:4a:74:bf:4e:fd:37:e7:b3:bc:c5:98:
                    d6:d2:b8:05:99:f0:a3:4e:d6:92:69:00:e8:9a:a7:
                    d3:2c:e2:09:da:e9:25:64:6f:fc:1d:f8:45:89:fc:
                    a9:77:86:87:66:9a:97:e2:3a:cb:41:44:7a:95:2a:
                    76:2b:d2:52:25:7f:ca:98:cb:8d:96:41:7d:f6:64:
                    5b:fa:80:53:02:ed:5d:7e:36:da:2e:5d:77:2d:58:
                    b4:ca:7c:20:32:14:21:e9:5b:d9:e3:e3:39:cb:f8:
                    70:6a:c8:b0:79:37:2c:fa:da:e3:80:0d:d3:38:ba:
                    bb:20:bf:ed:f8:7e:78:5d:37:58:71:9d:e5:6d:79:
                    65:bf:78:51:16:13:c6:75:06:be:5f:bc:93:d6:78:
                    23:ad:6d:45:ff:00:33:2c:3e:3a:93:1d:39:03:a1:
                    0b:f6:d7:20:9c:7d:61:27:8c:7f:b6:67:51:2a:dd:
                    a5:a0:88:e8:4c:78:e9:fb:a3:b4:66:00:40:55:ea:
                    6a:1e:9e:87:54:be:5a:e2:f0:e9:ac:ba:f5:ba:c7:
                    04:ea:d3:33:6d:94:74:c8:06:1c:5b:ec:31:8a:f4:
                    78:6a:6f:c2:93:bc:10:7a:79:07:6d:23:e5:6f:d8:
                    7a:36:02:fe:ce:3d:49:64:5d:e3:39:3f:25:68:14:
                    76:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4E:89:FD:C5:85:9E:68:DA:35:AE:BA:B1:BD:88:3D:09:B9:64:28
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS47690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.152.0/24
                  212.60.156.0/24
                  212.60.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:05:62:4f:43:5d:92:e3:fb:45:5b:6b:e0:97:97:46:2b:c7:
         c5:c5:c7:b7:db:ad:b9:9a:c9:b5:5a:d9:7a:ad:d1:35:de:ee:
         2e:36:2b:8a:a9:d9:2d:40:07:0b:1e:81:c1:dc:6f:23:a0:2a:
         4d:c7:b0:9f:7b:be:41:a8:c4:06:e1:cf:74:44:fd:a4:18:f0:
         b6:74:02:05:05:88:ee:a9:87:e5:0f:9a:9d:71:fe:06:bf:78:
         48:48:8a:20:11:20:87:7b:ac:3c:11:4c:0b:82:76:35:20:84:
         ed:fb:91:7f:4a:a9:1e:1c:b0:06:cd:07:83:6b:45:7e:ae:74:
         3f:67:39:f1:11:09:b6:35:a1:08:a7:42:73:47:a3:f7:65:8c:
         6b:e9:fd:f2:e6:b0:bb:8e:d2:cc:e1:b4:bd:85:7e:ed:f9:45:
         b1:15:0b:34:5d:5a:68:bd:0a:01:1b:87:9c:fa:1e:d4:12:0b:
         76:de:12:3a:35:46:b2:e5:a0:f9:57:82:50:55:26:ed:b9:d4:
         6d:c5:f7:45:30:af:14:59:fa:b2:c0:b8:c5:9c:8f:ea:8f:dc:
         9a:0b:72:9c:48:a1:f6:22:8b:c6:1b:69:a6:d0:ad:83:98:d4:
         9e:bf:2a:d9:fe:9f:ff:e8:f1:55:39:14:a3:c3:d1:4b:57:76:
         92:7f:95:0a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIP+wsqcu2gBqBCLIcx7/z8+uOl8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjAyMTYwMDAxNThaFw0yNzAyMTUwMDA2NThaMDMxMTAvBgNV
BAMTKDM3NEU4OUZEQzU4NTlFNjhEQTM1QUVCQUIxQkQ4ODNEMDlCOTY0MjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChtrBKdL9O/Tfns7zFmNbSuAWZ
8KNO1pJpAOiap9Ms4gna6SVkb/wd+EWJ/Kl3hodmmpfiOstBRHqVKnYr0lIlf8qY
y42WQX32ZFv6gFMC7V1+NtouXXctWLTKfCAyFCHpW9nj4znL+HBqyLB5Nyz62uOA
DdM4ursgv+34fnhdN1hxneVteWW/eFEWE8Z1Br5fvJPWeCOtbUX/ADMsPjqTHTkD
oQv21yCcfWEnjH+2Z1Eq3aWgiOhMeOn7o7RmAEBV6moenodUvlri8OmsuvW6xwTq
0zNtlHTIBhxb7DGK9Hhqb8KTvBB6eQdtI+Vv2Ho2Av7OPUlkXeM5PyVoFHYzAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUN06J/cWFnmjaNa66sb2IPQm5ZCgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDc2OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBADUPJgD
BADUPJwDBADUPJ4wDQYJKoZIhvcNAQELBQADggEBABoFYk9DXZLj+0Vba+CXl0Yr
x8XFx7fbrbmaybVa2Xqt0TXe7i42K4qp2S1ABwsegcHcbyOgKk3HsJ97vkGoxAbh
z3RE/aQY8LZ0AgUFiO6ph+UPmp1x/ga/eEhIiiARIId7rDwRTAuCdjUghO37kX9K
qR4csAbNB4NrRX6udD9nOfERCbY1oQinQnNHo/dljGvp/fLmsLuO0szhtL2Ffu35
RbEVCzRdWmi9CgEbh5z6HtQSC3beEjo1RrLloPlXglBVJu251G3F90UwrxRZ+rLA
uMWcj+qP3JoLcpxIofYii8YbaabQrYOY1J6/Ktn+n//o8VU5FKPD0UtXdpJ/lQo=
-----END CERTIFICATE-----