Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47311.roa
File:                     AS47311.roa (raw, json)
Hash identifier:          HAdxQuk4a92+2kbX9ZyNSLNz7/Ydv8ZOSSs7VlJdhj4=
Subject key identifier:   C7:D6:4F:81:BC:CE:EC:2F:A7:2C:68:E1:74:5E:A1:8F:94:0C:EB:C9
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       72A402B6F22EBEA85E7D2D9C51D6D8628203C04D
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47311.roa
Signing time:             Wed 08 Apr 2026 11:32:57 +0000
ROA not before:           Wed 08 Apr 2026 11:27:57 +0000
ROA not after:            Wed 07 Apr 2027 11:32:57 +0000
asID:                     47311
IP address blocks:        178.83.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:a4:02:b6:f2:2e:be:a8:5e:7d:2d:9c:51:d6:d8:62:82:03:c0:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr  8 11:27:57 2026 GMT
            Not After : Apr  7 11:32:57 2027 GMT
        Subject: CN=C7D64F81BCCEEC2FA72C68E1745EA18F940CEBC9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a1:78:06:b6:73:e8:dd:63:b9:bf:da:3c:5e:
                    1c:d2:74:48:22:b0:16:61:14:2d:75:f3:1d:54:53:
                    30:09:24:2b:ef:03:88:c0:25:6f:79:eb:24:0d:4e:
                    31:a9:a6:60:17:e3:70:69:b6:0d:b1:ae:6d:aa:db:
                    02:d9:a9:73:90:93:09:de:ac:60:61:98:e2:9e:b0:
                    6a:b2:16:56:c5:86:f3:22:e1:20:1d:7e:21:9d:a4:
                    28:85:e5:86:9c:2e:45:3e:ff:8e:17:64:e7:11:5b:
                    72:ef:82:99:0e:e1:33:e5:44:7c:9b:2a:9a:af:bf:
                    17:18:10:b7:7b:12:63:89:25:62:ef:9b:4a:ea:30:
                    53:e4:68:f9:5d:c0:0e:4a:9d:3d:9e:ca:89:98:4f:
                    bf:5a:19:a0:82:de:d9:6f:72:cc:13:e9:0e:fc:16:
                    5c:fb:05:ff:cb:68:ad:18:4b:be:e3:75:7e:2c:0f:
                    38:cd:11:4b:9f:79:99:44:3d:5a:28:82:29:c2:6b:
                    d7:3b:f2:c3:cb:5f:61:14:09:37:18:1f:f4:f9:12:
                    b7:d0:b1:d2:0f:7c:b6:cb:07:77:9e:13:b7:04:f3:
                    33:75:1d:d7:02:d7:35:37:cf:eb:8f:19:c5:68:6d:
                    54:0e:e9:cc:52:78:13:a1:51:05:ec:af:c4:71:c5:
                    94:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D6:4F:81:BC:CE:EC:2F:A7:2C:68:E1:74:5E:A1:8F:94:0C:EB:C9
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS47311.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:66:a3:ed:17:8e:5b:ba:6b:08:d6:9f:46:a0:2d:82:ed:29:
         c4:f0:f5:ca:43:a4:81:79:56:72:e2:ff:25:4f:8f:a0:fa:a9:
         34:d1:ab:ea:a1:12:5f:61:05:cd:c9:e3:37:9b:69:40:28:33:
         ef:2d:4e:4b:d0:6e:9c:82:db:89:ab:d6:b3:22:0d:d2:25:78:
         eb:ab:46:f1:fe:72:db:7b:ba:5b:97:a2:19:4d:24:fd:68:50:
         45:aa:89:64:f2:fa:0e:f6:ae:0f:c3:c7:62:60:d0:3d:2f:68:
         96:a6:a6:61:c0:57:31:0b:db:26:a0:ec:dd:12:a8:01:9a:4e:
         9e:bf:f3:d7:39:a3:3c:d1:85:4b:9d:35:0a:92:87:67:5f:20:
         8b:be:32:fc:fa:e3:eb:2a:41:eb:78:0a:9b:83:fb:46:25:e8:
         38:f3:b4:2c:de:df:d4:99:49:40:7b:8c:9d:93:98:c2:a4:29:
         7a:c3:a7:e5:32:14:59:b2:54:68:7e:1f:e6:9b:ed:26:c2:c0:
         b7:aa:c6:6c:c6:05:54:57:a9:20:2c:f2:3f:58:19:aa:27:44:
         e4:e5:b7:7a:16:53:7b:d5:e5:84:4a:83:05:05:aa:ca:ea:fa:
         f2:f6:10:2e:eb:b4:9f:d7:dd:7c:a8:23:af:9d:8a:4a:3e:71:
         74:95:5f:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUcqQCtvIuvqhefS2cUdbYYoIDwE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MDgxMTI3NTdaFw0yNzA0MDcxMTMyNTdaMDMxMTAvBgNV
BAMTKEM3RDY0RjgxQkNDRUVDMkZBNzJDNjhFMTc0NUVBMThGOTQwQ0VCQzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVoXgGtnPo3WO5v9o8XhzSdEgi
sBZhFC118x1UUzAJJCvvA4jAJW956yQNTjGppmAX43Bptg2xrm2q2wLZqXOQkwne
rGBhmOKesGqyFlbFhvMi4SAdfiGdpCiF5YacLkU+/44XZOcRW3LvgpkO4TPlRHyb
KpqvvxcYELd7EmOJJWLvm0rqMFPkaPldwA5KnT2eyomYT79aGaCC3tlvcswT6Q78
Flz7Bf/LaK0YS77jdX4sDzjNEUufeZlEPVooginCa9c78sPLX2EUCTcYH/T5ErfQ
sdIPfLbLB3eeE7cE8zN1HdcC1zU3z+uPGcVobVQO6cxSeBOhUQXsr8RxxZShAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUx9ZPgbzO7C+nLGjhdF6hj5QM68kwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDczMTEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyU7ww
DQYJKoZIhvcNAQELBQADggEBAH9mo+0Xjlu6awjWn0agLYLtKcTw9cpDpIF5VnLi
/yVPj6D6qTTRq+qhEl9hBc3J4zebaUAoM+8tTkvQbpyC24mr1rMiDdIleOurRvH+
ctt7uluXohlNJP1oUEWqiWTy+g72rg/Dx2Jg0D0vaJampmHAVzEL2yag7N0SqAGa
Tp6/89c5ozzRhUudNQqSh2dfIIu+Mvz64+sqQet4CpuD+0Yl6DjztCze39SZSUB7
jJ2TmMKkKXrDp+UyFFmyVGh+H+ab7SbCwLeqxmzGBVRXqSAs8j9YGaonROTlt3oW
U3vV5YRKgwUFqsrq+vL2EC7rtJ/X3XyoI6+diko+cXSVX68=
-----END CERTIFICATE-----