Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS51722.roa
File:                     AS51722.roa (raw, json)
Hash identifier:          IfrudN+i/kf4cvLbaQm+CEvnUKuM1J3IoreI7yz+eP4=
Subject key identifier:   AD:0D:F8:B1:39:95:73:59:F1:F9:1E:AF:39:77:DF:35:34:42:E9:59
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       15DEB0D938DE8A5CA9D4806DC9B9DD42371FEF0D
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS51722.roa
Signing time:             Sat 04 Apr 2026 08:31:24 +0000
ROA not before:           Sat 04 Apr 2026 08:26:24 +0000
ROA not after:            Sat 03 Apr 2027 08:31:24 +0000
asID:                     51722
IP address blocks:        31.40.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            15:de:b0:d9:38:de:8a:5c:a9:d4:80:6d:c9:b9:dd:42:37:1f:ef:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr  4 08:26:24 2026 GMT
            Not After : Apr  3 08:31:24 2027 GMT
        Subject: CN=AD0DF8B139957359F1F91EAF3977DF353442E959
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:a5:9b:38:be:cd:2f:9d:dc:11:e2:39:93:ab:
                    15:79:af:a4:4b:5c:f9:86:8a:e8:67:e9:fb:99:e0:
                    7a:15:31:ed:fc:68:64:5f:52:7e:25:5f:fe:45:88:
                    57:e9:68:74:71:fb:0d:26:b5:7e:7b:d1:bf:5f:15:
                    68:e1:c1:4e:12:84:30:c9:c0:8d:b8:1c:4d:f6:c2:
                    43:54:54:93:d3:81:c6:f0:cf:5c:36:1b:3b:9f:9a:
                    96:0b:f6:53:b0:e5:fc:51:b7:75:45:ec:e3:d0:4d:
                    61:37:50:90:06:ec:6b:77:aa:66:fc:b2:4e:87:6d:
                    52:9d:7b:d9:7b:0e:95:08:54:f0:37:c6:6d:a6:da:
                    c8:a9:e1:8f:85:34:0f:6b:71:b1:98:dc:b8:4f:b5:
                    8b:26:88:88:c7:3d:8a:a2:77:67:f5:cc:4f:eb:05:
                    3c:39:86:38:f1:e2:da:eb:b9:50:ea:5e:3a:44:7e:
                    0d:36:84:a2:92:56:ba:53:31:3f:a4:40:14:b7:4b:
                    8e:22:7d:6a:15:63:c2:86:00:85:4a:f4:37:c0:7d:
                    c7:64:b0:ae:67:3e:8c:ee:e3:03:25:b4:5a:04:73:
                    21:b8:30:b7:0b:cf:1c:c1:16:b1:56:75:99:14:d2:
                    fc:86:6a:0a:21:45:6a:f5:eb:72:ba:b0:c8:e4:d6:
                    b2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:0D:F8:B1:39:95:73:59:F1:F9:1E:AF:39:77:DF:35:34:42:E9:59
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS51722.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.40.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:89:6a:8a:20:ba:b8:34:f9:08:0e:f6:42:e9:05:9a:49:be:
         b4:8c:87:b2:fe:cd:59:5b:2f:4b:f6:c3:98:fc:c1:31:8e:0a:
         5d:55:46:df:a4:bc:ad:23:62:b1:e6:c8:e8:45:1b:7b:de:ae:
         f6:8c:78:06:67:7b:e5:1a:c9:eb:79:6d:13:7f:f3:da:ce:ff:
         2d:46:d4:5c:66:a6:9a:96:86:f0:f1:36:10:8b:0f:f6:fc:f6:
         77:a9:e4:5b:bb:7e:3b:0d:d2:33:80:fe:fa:e3:59:e1:cf:df:
         16:5d:dc:6f:9c:2c:48:3b:5c:04:6f:2a:5c:93:a8:4e:92:f5:
         0d:29:d6:a6:fd:c8:c9:99:38:22:9a:8a:b9:ba:54:d1:e5:9c:
         6e:bd:60:48:95:83:ba:8a:81:a4:ae:a7:65:a6:63:61:c1:88:
         c7:41:c4:31:a5:cd:96:31:06:bc:32:89:83:f9:1f:11:be:e5:
         1d:64:15:92:22:97:94:75:c0:ac:05:ca:c3:c5:d8:14:f1:55:
         6d:0f:68:36:ac:dd:f2:ad:f9:c0:65:90:76:c0:f8:16:f2:e8:
         59:e8:fb:20:01:c9:c0:24:62:84:a4:74:45:ba:d6:06:13:c3:
         5c:d4:b4:f1:0f:7e:0b:2d:8c:5d:17:a3:f3:8a:c2:3d:09:d1:
         0d:1e:70:03
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUFd6w2Tjeilyp1IBtybndQjcf7w0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MDQwODI2MjRaFw0yNzA0MDMwODMxMjRaMDMxMTAvBgNV
BAMTKEFEMERGOEIxMzk5NTczNTlGMUY5MUVBRjM5NzdERjM1MzQ0MkU5NTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmpZs4vs0vndwR4jmTqxV5r6RL
XPmGiuhn6fuZ4HoVMe38aGRfUn4lX/5FiFfpaHRx+w0mtX570b9fFWjhwU4ShDDJ
wI24HE32wkNUVJPTgcbwz1w2GzufmpYL9lOw5fxRt3VF7OPQTWE3UJAG7Gt3qmb8
sk6HbVKde9l7DpUIVPA3xm2m2sip4Y+FNA9rcbGY3LhPtYsmiIjHPYqid2f1zE/r
BTw5hjjx4trruVDqXjpEfg02hKKSVrpTMT+kQBS3S44ifWoVY8KGAIVK9DfAfcdk
sK5nPozu4wMltFoEcyG4MLcLzxzBFrFWdZkU0vyGagohRWr163K6sMjk1rK1AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUrQ34sTmVc1nx+R6vOXffNTRC6VkwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTNTE3MjIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAfKMww
DQYJKoZIhvcNAQELBQADggEBADKJaoogurg0+QgO9kLpBZpJvrSMh7L+zVlbL0v2
w5j8wTGOCl1VRt+kvK0jYrHmyOhFG3vervaMeAZne+Uayet5bRN/89rO/y1G1Fxm
ppqWhvDxNhCLD/b89nep5Fu7fjsN0jOA/vrjWeHP3xZd3G+cLEg7XARvKlyTqE6S
9Q0p1qb9yMmZOCKairm6VNHlnG69YEiVg7qKgaSup2WmY2HBiMdBxDGlzZYxBrwy
iYP5HxG+5R1kFZIil5R1wKwFysPF2BTxVW0PaDas3fKt+cBlkHbA+Bby6Fno+yAB
ycAkYoSkdEW61gYTw1zUtPEPfgstjF0Xo/OKwj0J0Q0ecAM=
-----END CERTIFICATE-----