Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS53667.roa
File:                     AS53667.roa (raw, json)
Hash identifier:          PYsRGcOkn8NP9u2U4EnYBTBxMVcG84SqsJjd5GPiQB0=
Subject key identifier:   F4:8F:C8:63:52:AF:30:11:9F:EB:22:0A:59:38:5E:E3:6C:82:C1:17
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       7199DA29BF8B87A8B7C06A654AB8AC77F61221F2
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS53667.roa
Signing time:             Sun 22 Feb 2026 18:57:51 +0000
ROA not before:           Sun 22 Feb 2026 18:52:51 +0000
ROA not after:            Sun 21 Feb 2027 18:57:51 +0000
asID:                     53667
IP address blocks:        2a14:7580:e400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            71:99:da:29:bf:8b:87:a8:b7:c0:6a:65:4a:b8:ac:77:f6:12:21:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Feb 22 18:52:51 2026 GMT
            Not After : Feb 21 18:57:51 2027 GMT
        Subject: CN=F48FC86352AF30119FEB220A59385EE36C82C117
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:3f:bc:75:e5:d7:dc:99:b6:3a:bb:64:68:d0:
                    f4:48:99:7c:7c:49:4d:14:5a:82:fc:6f:bb:bc:7a:
                    1f:ee:de:bd:dc:4f:dc:58:1c:9e:34:ee:e7:5d:f1:
                    82:ae:b3:0d:3f:88:d8:f3:90:38:b1:34:0d:96:9c:
                    d2:e1:5d:4c:71:3e:4a:98:ba:dd:2a:55:c4:04:50:
                    98:7a:46:fe:1b:7f:cd:89:71:ec:c1:c1:a1:a4:3b:
                    3d:2e:61:13:c0:fe:3d:f3:9d:13:d3:e0:4f:88:a3:
                    1a:42:b9:48:1b:cc:fe:6b:0a:20:ce:7e:03:d4:7d:
                    b8:90:43:1f:d2:f4:9b:89:59:4f:8d:8c:82:e8:a2:
                    0c:97:da:70:f3:84:a9:57:97:ea:8f:0b:0a:c3:00:
                    db:cd:11:3a:f3:15:74:81:13:11:55:6b:b4:b3:ba:
                    ac:6d:65:41:ef:20:bd:b2:cc:33:c1:e5:36:db:11:
                    59:39:20:4d:50:48:af:c6:e3:41:6e:90:64:b0:12:
                    bc:cf:76:40:8b:a4:ea:b4:5d:23:dd:6b:e9:2d:28:
                    cd:26:6e:2e:d0:f4:77:bb:0b:83:9c:ed:2f:3b:31:
                    ce:15:4b:b8:1a:91:90:6b:4e:fe:94:62:65:27:e0:
                    2d:56:b9:fb:1e:24:e8:26:7d:dd:56:7f:29:12:32:
                    b9:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:8F:C8:63:52:AF:30:11:9F:EB:22:0A:59:38:5E:E3:6C:82:C1:17
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS53667.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7580:e400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2b:b5:59:e3:6d:be:36:8a:df:07:88:2c:ee:68:7d:9a:99:a3:
         01:37:dd:85:55:64:11:36:71:2a:67:cd:2d:17:9c:59:8a:ce:
         39:75:29:33:be:21:18:aa:7c:4e:ca:d8:b1:34:ed:5d:91:6d:
         d4:8d:9d:7c:8c:25:78:2a:29:d4:5b:71:0e:c0:0b:cb:72:86:
         8f:a2:52:dd:cf:a3:09:50:46:03:df:4b:ca:87:aa:f7:19:0a:
         48:f6:80:27:f0:69:76:56:4d:b8:25:4d:c3:47:85:67:09:9a:
         5c:62:f2:2e:f0:e1:51:b4:89:b5:ef:53:e9:61:20:0d:ea:db:
         03:48:ca:5d:7d:2f:c8:71:17:f1:a5:c0:71:36:7e:86:e3:93:
         d2:71:67:2e:10:33:f3:f0:de:0b:60:a7:ee:0f:7f:21:4c:d5:
         39:d5:cd:22:e2:34:db:72:12:a7:c7:31:df:50:e8:89:35:f2:
         75:54:dd:08:3e:f1:b4:22:c6:41:06:b4:b2:c3:fe:32:ef:3d:
         ae:76:ae:e3:6e:1f:ff:ae:66:fb:aa:83:9a:29:5f:92:27:8e:
         41:94:ba:80:8c:3c:f6:d5:57:a5:af:44:50:9e:d4:4c:38:16:
         5a:e7:c5:8a:14:8b:fd:33:19:8e:c9:03:55:cf:e9:99:1c:78:
         9f:5f:d2:41
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUcZnaKb+Lh6i3wGplSrisd/YSIfIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAyMjIxODUyNTFaFw0yNzAyMjExODU3NTFaMDMxMTAvBgNV
BAMTKEY0OEZDODYzNTJBRjMwMTE5RkVCMjIwQTU5Mzg1RUUzNkM4MkMxMTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9P7x15dfcmbY6u2Ro0PRImXx8
SU0UWoL8b7u8eh/u3r3cT9xYHJ407udd8YKusw0/iNjzkDixNA2WnNLhXUxxPkqY
ut0qVcQEUJh6Rv4bf82JcezBwaGkOz0uYRPA/j3znRPT4E+IoxpCuUgbzP5rCiDO
fgPUfbiQQx/S9JuJWU+NjILoogyX2nDzhKlXl+qPCwrDANvNETrzFXSBExFVa7Sz
uqxtZUHvIL2yzDPB5TbbEVk5IE1QSK/G40FukGSwErzPdkCLpOq0XSPda+ktKM0m
bi7Q9He7C4Oc7S87Mc4VS7gakZBrTv6UYmUn4C1WufseJOgmfd1WfykSMrktAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU9I/IY1KvMBGf6yIKWThe42yCwRcwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTNTM2Njcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqFHWA
5DANBgkqhkiG9w0BAQsFAAOCAQEAK7VZ422+NorfB4gs7mh9mpmjATfdhVVkETZx
KmfNLRecWYrOOXUpM74hGKp8TsrYsTTtXZFt1I2dfIwleCop1FtxDsALy3KGj6JS
3c+jCVBGA99Lyoeq9xkKSPaAJ/BpdlZNuCVNw0eFZwmaXGLyLvDhUbSJte9T6WEg
DerbA0jKXX0vyHEX8aXAcTZ+huOT0nFnLhAz8/DeC2Cn7g9/IUzVOdXNIuI023IS
p8cx31DoiTXydVTdCD7xtCLGQQa0ssP+Mu89rnau424f/65m+6qDmilfkieOQZS6
gIw89tVXpa9EUJ7UTDgWWufFihSL/TMZjskDVc/pmRx4n1/SQQ==
-----END CERTIFICATE-----