Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS51847.roa
File:                     AS51847.roa (raw, json)
Hash identifier:          iRAVvHwhZ3ppoO/SqwETGCzkrNSun1LLs4nAqnnJB3A=
Subject key identifier:   B9:7B:F5:19:64:90:1B:BB:11:5A:D2:99:D5:C5:15:EF:25:A2:97:E7
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       29FF0ED37752F7301F207A7B28DBC28CE88667FA
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS51847.roa
Signing time:             Wed 10 Jun 2026 13:39:52 +0000
ROA not before:           Wed 10 Jun 2026 13:34:52 +0000
ROA not after:            Wed 09 Jun 2027 13:39:52 +0000
asID:                     51847
IP address blocks:        188.220.158.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:ff:0e:d3:77:52:f7:30:1f:20:7a:7b:28:db:c2:8c:e8:86:67:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 10 13:34:52 2026 GMT
            Not After : Jun  9 13:39:52 2027 GMT
        Subject: CN=B97BF51964901BBB115AD299D5C515EF25A297E7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a9:4f:76:37:44:b0:85:dc:4e:7c:0a:84:e4:
                    84:0f:4d:21:da:b3:70:59:fa:23:2e:c3:9a:bb:a4:
                    53:61:45:81:1e:ec:1a:24:d3:76:bb:24:03:90:7e:
                    90:73:32:30:3c:63:36:24:75:91:81:24:bb:41:16:
                    49:6a:78:42:37:f8:ae:2d:9e:75:83:6a:ec:d9:0c:
                    0f:e8:62:b8:27:c3:c9:55:16:53:b1:c8:22:41:2f:
                    8c:8a:0c:9e:3d:18:93:43:b0:bf:bc:26:8d:3c:a9:
                    b8:0f:cf:da:82:c0:8b:6f:19:08:58:1c:d4:ee:37:
                    d5:1c:46:87:8d:4a:a9:de:b8:ec:d2:62:eb:c9:94:
                    e5:c7:74:6e:57:ca:ef:c6:b5:1d:09:56:18:56:e5:
                    5d:88:6a:f5:53:36:0d:61:34:8f:56:c6:8e:72:ca:
                    de:29:46:35:6c:a6:c3:14:5f:b1:1b:3d:d0:36:7e:
                    ae:48:1d:26:e0:23:fa:2d:d8:6e:9b:3d:62:91:be:
                    b1:63:8b:51:3f:ec:e6:43:15:25:56:92:fd:66:0b:
                    a7:9f:65:28:6c:60:17:28:a6:b2:d7:ad:28:81:bd:
                    df:df:f8:6b:fc:a0:a2:27:ca:09:a2:f6:27:db:bc:
                    eb:5e:98:a3:27:42:21:14:95:de:ce:20:93:1c:8d:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:7B:F5:19:64:90:1B:BB:11:5A:D2:99:D5:C5:15:EF:25:A2:97:E7
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS51847.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.220.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4d:2c:d0:28:4d:a8:2c:a3:2d:8d:1a:61:54:78:1c:c9:b2:93:
         db:25:a4:28:83:55:ac:1e:5d:24:62:0e:b7:04:60:c1:7a:b8:
         5e:c6:08:fd:fa:56:91:f7:4d:c3:ad:96:30:02:4c:ec:ae:4d:
         b2:05:3d:83:5c:e8:3b:b1:dd:b6:e2:ef:77:89:99:de:52:5c:
         84:46:d5:07:ea:c7:b1:a8:11:6f:01:28:54:fa:a6:ba:e6:87:
         9b:0d:ee:df:30:cd:25:54:bb:fc:0d:79:f1:b2:88:72:bb:d5:
         49:e4:45:0e:7e:3a:e6:d0:59:b5:1d:71:b4:ba:10:be:a3:c4:
         ff:7b:94:f6:5e:88:c8:34:d5:e2:cb:5a:3f:9d:11:35:c3:79:
         35:50:f9:2c:14:c1:94:8b:28:70:bd:37:34:2b:5d:53:1d:a8:
         d0:57:6e:9d:f5:67:06:1e:d6:4e:76:b4:c4:fd:68:0a:01:43:
         e0:76:8a:df:7c:91:1e:f5:a5:64:41:63:fe:fe:11:45:15:fd:
         38:72:8b:b8:69:3b:b8:98:71:4c:a4:ac:2c:ed:98:ab:eb:4d:
         51:09:3d:58:4d:6d:15:76:c4:56:5c:7c:c3:fe:84:9a:94:f1:
         c5:bb:87:9f:73:ea:75:77:6b:5a:e2:d8:03:65:1e:ba:c0:de:
         b7:f8:45:b8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKf8O03dS9zAfIHp7KNvCjOiGZ/owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTAxMzM0NTJaFw0yNzA2MDkxMzM5NTJaMDMxMTAvBgNV
BAMTKEI5N0JGNTE5NjQ5MDFCQkIxMTVBRDI5OUQ1QzUxNUVGMjVBMjk3RTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrqU92N0SwhdxOfAqE5IQPTSHa
s3BZ+iMuw5q7pFNhRYEe7Bok03a7JAOQfpBzMjA8YzYkdZGBJLtBFklqeEI3+K4t
nnWDauzZDA/oYrgnw8lVFlOxyCJBL4yKDJ49GJNDsL+8Jo08qbgPz9qCwItvGQhY
HNTuN9UcRoeNSqneuOzSYuvJlOXHdG5Xyu/GtR0JVhhW5V2IavVTNg1hNI9Wxo5y
yt4pRjVspsMUX7EbPdA2fq5IHSbgI/ot2G6bPWKRvrFji1E/7OZDFSVWkv1mC6ef
ZShsYBcoprLXrSiBvd/f+Gv8oKInygmi9ifbvOtemKMnQiEUld7OIJMcjQw3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUuXv1GWSQG7sRWtKZ1cUV7yWil+cwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTNTE4NDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAG83J4w
DQYJKoZIhvcNAQELBQADggEBAE0s0ChNqCyjLY0aYVR4HMmyk9slpCiDVaweXSRi
DrcEYMF6uF7GCP36VpH3TcOtljACTOyuTbIFPYNc6Dux3bbi73eJmd5SXIRG1Qfq
x7GoEW8BKFT6prrmh5sN7t8wzSVUu/wNefGyiHK71UnkRQ5+OubQWbUdcbS6EL6j
xP97lPZeiMg01eLLWj+dETXDeTVQ+SwUwZSLKHC9NzQrXVMdqNBXbp31ZwYe1k52
tMT9aAoBQ+B2it98kR71pWRBY/7+EUUV/Thyi7hpO7iYcUykrCztmKvrTVEJPVhN
bRV2xFZcfMP+hJqU8cW7h59z6nV3a1ri2ANlHrrA3rf4Rbg=
-----END CERTIFICATE-----