Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
File:                     AS60790.roa (raw, json)
Hash identifier:          LwW6iVw+iW2bOex1k66FzNWDEZ9cQjFPen/xOeYQLDY=
Subject key identifier:   DE:9E:85:77:B7:D3:BC:33:78:5A:CA:34:A2:F7:3C:9C:83:91:28:8F
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       32B51D032CDDF1901B1D0E79A59ADB2CC5B343AF
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa
Signing time:             Thu 05 Feb 2026 18:55:37 +0000
ROA not before:           Thu 05 Feb 2026 18:50:37 +0000
ROA not after:            Thu 04 Feb 2027 18:55:37 +0000
asID:                     60790
IP address blocks:        185.155.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:19:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            32:b5:1d:03:2c:dd:f1:90:1b:1d:0e:79:a5:9a:db:2c:c5:b3:43:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb  5 18:50:37 2026 GMT
            Not After : Feb  4 18:55:37 2027 GMT
        Subject: CN=DE9E8577B7D3BC33785ACA34A2F73C9C8391288F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7b:1b:ac:10:98:ed:f9:c7:ef:58:e4:b3:1d:
                    81:53:c4:3f:30:9b:1d:a4:2b:a6:f2:2a:a9:b6:63:
                    15:5c:24:8a:e0:3a:59:8e:1e:4c:23:24:bd:c8:6c:
                    1c:3e:34:ce:30:7e:96:c9:a2:2a:fa:b0:5d:97:f3:
                    bb:5d:5a:ae:89:40:cf:62:be:d3:02:f6:4f:71:3c:
                    10:b7:b3:9a:c2:63:d5:26:d6:4b:66:5c:a6:2b:1d:
                    e3:57:2b:43:78:be:93:5c:0b:de:df:af:3a:cf:cd:
                    84:f2:5b:24:05:fd:e9:69:a1:30:e8:5d:58:c9:07:
                    f8:e0:c5:26:39:6d:7c:02:31:8a:da:c6:de:33:d4:
                    b0:2c:5a:a8:51:51:60:c3:27:9e:cc:17:26:92:73:
                    58:ce:cd:83:b2:79:4f:c6:ca:1d:c5:01:99:48:de:
                    b7:a3:01:4f:93:ac:06:9f:61:8e:e1:af:8d:63:7b:
                    e1:26:90:40:38:0f:1e:a0:14:8e:ca:d1:0f:74:00:
                    17:2f:63:69:2e:46:0d:9d:53:d8:c8:1c:a7:10:4b:
                    32:d6:3a:f8:cb:3f:53:1f:34:b1:36:4d:33:e8:02:
                    b9:84:65:04:a7:79:05:5d:4a:f6:ef:10:cb:ec:6b:
                    60:9d:31:63:4c:ee:b6:e7:83:82:e8:12:63:c1:25:
                    ad:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:9E:85:77:B7:D3:BC:33:78:5A:CA:34:A2:F7:3C:9C:83:91:28:8F
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS60790.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:38:b5:dc:ca:9b:89:e5:49:f7:4b:af:71:20:5e:8e:cb:85:
         42:19:6d:a1:c7:bb:48:8b:66:b0:27:b4:3f:21:e0:a2:6f:5e:
         b2:c0:88:a6:80:c1:e5:55:f4:6d:80:80:90:3f:25:ab:f9:74:
         29:2d:0a:97:5e:6d:b3:43:5d:9f:2d:3a:de:e9:9c:41:8e:b4:
         35:c8:46:12:78:4b:a0:44:9a:18:57:12:31:ef:a7:5d:e6:dd:
         0d:f9:2b:3a:30:8e:39:68:5d:60:65:db:61:15:15:66:ab:b5:
         39:08:98:11:a8:fd:bc:05:5a:5d:3f:6e:c3:8a:a2:5b:f2:a7:
         b0:b7:b1:79:21:bf:72:51:81:78:b1:83:41:21:2e:2f:0b:c2:
         eb:a5:2e:80:44:43:8e:ff:ae:95:4c:a9:cf:ba:ac:8c:d6:5e:
         a7:fd:ca:ed:b3:19:d9:b8:5d:a7:3a:2f:a6:99:bd:66:17:60:
         52:5c:41:a7:08:43:fc:5a:fa:16:99:14:ef:3d:68:67:ac:fa:
         2a:54:19:a5:c0:36:30:19:19:17:45:8b:18:5a:6f:ce:fd:a6:
         e5:9b:9f:4f:db:f9:94:13:c9:df:79:09:ec:a1:f1:b9:25:ca:
         b5:34:50:10:4d:75:56:db:e2:c7:08:5a:1c:c0:2f:8e:74:27:
         16:a2:9e:38
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMrUdAyzd8ZAbHQ55pZrbLMWzQ68wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMDUxODUwMzdaFw0yNzAyMDQxODU1MzdaMDMxMTAvBgNV
BAMTKERFOUU4NTc3QjdEM0JDMzM3ODVBQ0EzNEEyRjczQzlDODM5MTI4OEYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6exusEJjt+cfvWOSzHYFTxD8w
mx2kK6byKqm2YxVcJIrgOlmOHkwjJL3IbBw+NM4wfpbJoir6sF2X87tdWq6JQM9i
vtMC9k9xPBC3s5rCY9Um1ktmXKYrHeNXK0N4vpNcC97frzrPzYTyWyQF/elpoTDo
XVjJB/jgxSY5bXwCMYraxt4z1LAsWqhRUWDDJ57MFyaSc1jOzYOyeU/Gyh3FAZlI
3rejAU+TrAafYY7hr41je+EmkEA4Dx6gFI7K0Q90ABcvY2kuRg2dU9jIHKcQSzLW
OvjLP1MfNLE2TTPoArmEZQSneQVdSvbvEMvsa2CdMWNM7rbng4LoEmPBJa0VAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU3p6Fd7fTvDN4Wso0ovc8nIORKI8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNjA3OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5m9ww
DQYJKoZIhvcNAQELBQADggEBAB44tdzKm4nlSfdLr3EgXo7LhUIZbaHHu0iLZrAn
tD8h4KJvXrLAiKaAweVV9G2AgJA/Jav5dCktCpdebbNDXZ8tOt7pnEGOtDXIRhJ4
S6BEmhhXEjHvp13m3Q35KzowjjloXWBl22EVFWartTkImBGo/bwFWl0/bsOKolvy
p7C3sXkhv3JRgXixg0EhLi8LwuulLoBEQ47/rpVMqc+6rIzWXqf9yu2zGdm4Xac6
L6aZvWYXYFJcQacIQ/xa+haZFO89aGes+ipUGaXANjAZGRdFixhab879puWbn0/b
+ZQTyd95Ceyh8bklyrU0UBBNdVbb4scIWhzAL450Jxainjg=
-----END CERTIFICATE-----