Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
File:                     AS12874.roa (raw, json)
Hash identifier:          wLjZv86RaLhybKsCLrsNSy1cfxs3wV3y2Drmx0RhJgg=
Subject key identifier:   74:59:C6:C4:6B:71:D4:3C:B5:28:68:3E:DB:20:30:36:AE:C6:40:C3
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       0F3D8585116862D8668E4A066B391F598861E0C0
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa
Signing time:             Mon 06 Apr 2026 19:47:02 +0000
ROA not before:           Mon 06 Apr 2026 19:42:02 +0000
ROA not after:            Mon 05 Apr 2027 19:47:02 +0000
asID:                     12874
IP address blocks:        194.5.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 23:56:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:3d:85:85:11:68:62:d8:66:8e:4a:06:6b:39:1f:59:88:61:e0:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr  6 19:42:02 2026 GMT
            Not After : Apr  5 19:47:02 2027 GMT
        Subject: CN=7459C6C46B71D43CB528683EDB203036AEC640C3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b3:61:2e:fe:ed:a0:75:61:2b:38:c8:dc:c7:
                    24:1c:11:a7:2e:f6:e6:b7:1e:46:00:96:80:d5:1f:
                    bb:60:2d:26:55:81:d3:fd:a7:8a:4f:db:81:f6:eb:
                    96:04:85:da:da:43:99:16:eb:a2:d0:d8:05:cb:d0:
                    3c:78:04:95:ac:b7:93:15:1f:c0:cb:5a:b9:b9:ef:
                    f8:78:77:17:57:bc:f4:cf:07:bb:20:6c:a3:1a:80:
                    83:55:18:e5:c1:72:cb:10:7f:04:e3:7e:e8:62:6b:
                    88:0e:35:20:ec:99:62:e9:1a:57:33:d5:dc:1a:12:
                    68:35:50:47:23:3a:93:2d:c0:b9:99:23:56:9e:da:
                    86:b1:e0:3d:4f:5f:d2:3d:a7:ea:46:e9:a7:a7:db:
                    9b:fa:f9:b5:94:0e:1a:1b:3c:d1:42:7c:01:df:44:
                    4c:e0:e0:04:01:6c:06:fc:a4:27:7d:34:ab:04:12:
                    fd:2b:03:be:3e:c7:32:1c:42:f6:f5:4b:6b:e6:fc:
                    1d:3c:6a:dd:35:1d:2f:82:df:d7:bb:9c:b5:3a:78:
                    fb:61:ba:35:96:08:17:0e:08:bc:b6:bd:f5:ff:5a:
                    dc:4b:51:14:4c:63:33:6c:fc:03:55:a6:41:8e:3c:
                    ca:30:46:11:20:15:26:f0:9d:40:49:2e:81:ec:a6:
                    19:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:59:C6:C4:6B:71:D4:3C:B5:28:68:3E:DB:20:30:36:AE:C6:40:C3
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS12874.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.5.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b9:56:43:cf:75:9f:a6:a3:12:88:1a:36:db:86:f8:97:23:d2:
         64:5d:4f:e9:7d:d3:f8:e4:e8:86:86:06:5a:ec:9d:62:7d:72:
         c4:b3:d6:bc:fc:fc:c6:33:40:a3:78:3f:be:76:17:12:5a:40:
         86:30:71:c3:2e:71:3e:9f:d3:84:27:66:d0:ec:84:ef:3f:6e:
         28:c2:41:1d:fc:2e:4f:00:fc:60:0b:49:10:47:bc:73:57:2e:
         2d:15:d5:d3:31:45:28:41:4c:4d:1a:1c:a1:8e:fb:b3:22:ad:
         c4:f0:6a:f9:24:19:06:de:35:84:bd:e0:25:7b:06:ef:5a:e8:
         00:55:d9:81:35:16:91:5c:12:62:b2:c5:81:cb:8f:63:a0:eb:
         21:18:05:cb:b3:a1:32:8f:1a:9a:5e:83:35:96:f6:d9:24:12:
         d0:66:1b:e9:1d:d5:d3:7e:f9:31:0c:e4:10:0e:70:93:f8:2f:
         49:db:bf:d7:98:c1:a6:12:79:ba:b0:88:9b:df:40:5e:c1:4a:
         8d:69:6f:03:fe:7c:25:d3:a9:a2:b5:fb:70:ab:dc:d9:c4:48:
         7d:3c:5a:70:d2:90:68:6a:dd:f6:58:43:39:bc:56:99:3e:7d:
         81:19:89:31:ba:d3:85:d5:34:2e:a0:7b:60:fe:87:17:03:0c:
         cf:0c:16:81
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDz2FhRFoYthmjkoGazkfWYhh4MAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MDYxOTQyMDJaFw0yNzA0MDUxOTQ3MDJaMDMxMTAvBgNV
BAMTKDc0NTlDNkM0NkI3MUQ0M0NCNTI4NjgzRURCMjAzMDM2QUVDNjQwQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1s2Eu/u2gdWErOMjcxyQcEacu
9ua3HkYAloDVH7tgLSZVgdP9p4pP24H265YEhdraQ5kW66LQ2AXL0Dx4BJWst5MV
H8DLWrm57/h4dxdXvPTPB7sgbKMagINVGOXBcssQfwTjfuhia4gONSDsmWLpGlcz
1dwaEmg1UEcjOpMtwLmZI1ae2oax4D1PX9I9p+pG6aen25v6+bWUDhobPNFCfAHf
REzg4AQBbAb8pCd9NKsEEv0rA74+xzIcQvb1S2vm/B08at01HS+C39e7nLU6ePth
ujWWCBcOCLy2vfX/WtxLURRMYzNs/ANVpkGOPMowRhEgFSbwnUBJLoHsphnNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdFnGxGtx1Dy1KGg+2yAwNq7GQMMwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMTI4NzQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADCBZIw
DQYJKoZIhvcNAQELBQADggEBALlWQ891n6ajEogaNtuG+Jcj0mRdT+l90/jk6IaG
BlrsnWJ9csSz1rz8/MYzQKN4P752FxJaQIYwccMucT6f04QnZtDshO8/bijCQR38
Lk8A/GALSRBHvHNXLi0V1dMxRShBTE0aHKGO+7MircTwavkkGQbeNYS94CV7Bu9a
6ABV2YE1FpFcEmKyxYHLj2Og6yEYBcuzoTKPGppegzWW9tkkEtBmG+kd1dN++TEM
5BAOcJP4L0nbv9eYwaYSebqwiJvfQF7BSo1pbwP+fCXTqaK1+3Cr3NnESH08WnDS
kGhq3fZYQzm8Vpk+fYEZiTG604XVNC6ge2D+hxcDDM8MFoE=
-----END CERTIFICATE-----