Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa
File:                     AS32167.roa (raw, json)
Hash identifier:          p6qzVDQJsa9xabsc2eP15XfUroXwyqjdWOKCuE8wSo4=
Subject key identifier:   22:DE:FF:87:4D:6E:B4:C8:0A:02:6E:8D:56:23:4E:ED:0D:97:8F:80
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       4239668B951670252A8E7A1E5A102CA4DC8CC8F4
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa
Signing time:             Sat 14 Feb 2026 10:37:39 +0000
ROA not before:           Sat 14 Feb 2026 10:32:39 +0000
ROA not after:            Sat 13 Feb 2027 10:37:39 +0000
asID:                     32167
IP address blocks:        141.11.76.0/24 maxlen: 24
                          141.11.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:39:66:8b:95:16:70:25:2a:8e:7a:1e:5a:10:2c:a4:dc:8c:c8:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 14 10:32:39 2026 GMT
            Not After : Feb 13 10:37:39 2027 GMT
        Subject: CN=22DEFF874D6EB4C80A026E8D56234EED0D978F80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b8:65:d5:c5:32:e6:b7:a1:37:35:a0:dc:d3:
                    c1:73:a5:82:38:26:35:da:fc:c4:b4:88:f3:b6:d6:
                    b0:9a:7c:19:b4:58:82:89:99:e6:77:aa:ed:d7:13:
                    51:5a:43:9b:cf:63:7c:d2:07:d3:f3:e8:5c:3d:82:
                    8b:99:bc:80:64:6e:26:51:dd:7f:a9:58:7e:cb:16:
                    e3:1d:ec:a6:bf:ce:b7:df:b6:33:46:5e:9b:d5:49:
                    9f:e9:1e:dc:6d:42:2a:c7:aa:b0:b8:4d:f0:1c:4b:
                    f1:82:6a:6d:ac:64:1d:93:73:f3:5f:53:6e:ab:91:
                    df:41:38:85:4c:37:22:d3:46:3d:87:60:32:1a:7b:
                    e4:dc:ac:3b:45:d8:9e:17:93:c4:40:2e:68:bc:b6:
                    1a:6e:3d:f7:84:be:f2:74:ab:e9:ea:ae:44:63:d9:
                    04:d3:94:40:8b:0f:4b:04:f5:e5:8d:a9:cd:28:dd:
                    b0:57:4b:bc:4a:e1:45:24:ad:23:0d:02:f6:d9:e1:
                    eb:94:f4:a2:00:20:54:c7:c5:f2:ae:aa:bf:b2:8d:
                    25:80:03:c3:24:65:a9:8d:16:f8:c7:f0:29:2c:33:
                    02:25:21:b6:13:33:e4:f9:98:95:20:fc:83:a8:c3:
                    8e:76:f0:85:3b:0f:d5:70:b8:74:05:00:3a:cc:e7:
                    7b:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:DE:FF:87:4D:6E:B4:C8:0A:02:6E:8D:56:23:4E:ED:0D:97:8F:80
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.76.0/24
                  141.11.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:14:1b:f2:85:6a:d1:cc:cf:05:8d:20:eb:58:3a:2b:af:cd:
         2d:70:36:76:14:24:35:84:a7:25:68:2c:09:2a:71:c8:8e:81:
         74:5b:fb:ba:3a:e0:f1:0c:2c:8a:98:4e:96:ac:3b:84:e2:79:
         77:e3:89:72:7a:2f:fe:91:f3:02:c8:23:5c:e8:7c:77:1c:e0:
         c9:3e:5d:13:e8:d5:c8:ae:3f:5a:63:52:67:93:07:f1:f9:7e:
         79:2e:88:76:79:83:fe:27:a3:a9:f2:e2:4f:e2:57:9a:36:98:
         fe:15:7e:ac:9b:6a:c7:d8:26:de:72:cc:99:4f:7e:7b:2e:83:
         81:bd:0c:9c:fa:0f:7c:c3:f4:05:a2:62:0b:50:80:d8:85:64:
         06:1e:63:4a:b0:1f:4b:41:4d:5d:cb:3e:42:6a:1f:a0:c9:ee:
         d0:0a:b0:87:ac:41:90:d2:7c:67:fc:7a:6e:dd:95:30:53:bb:
         12:dc:ab:db:75:43:91:1b:cc:31:da:0e:39:5a:85:84:05:ad:
         12:38:cc:e0:74:07:ee:87:13:89:45:53:c1:06:2d:44:2b:3a:
         72:66:af:47:e1:36:46:eb:d1:9e:67:5e:01:4f:45:8d:3b:32:
         50:37:3f:08:59:d5:fe:c0:af:39:34:37:d0:d0:5a:57:19:a9:
         cf:20:ab:80
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUQjlmi5UWcCUqjnoeWhAspNyMyPQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMTQxMDMyMzlaFw0yNzAyMTMxMDM3MzlaMDMxMTAvBgNV
BAMTKDIyREVGRjg3NEQ2RUI0QzgwQTAyNkU4RDU2MjM0RUVEMEQ5NzhGODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPuGXVxTLmt6E3NaDc08FzpYI4
JjXa/MS0iPO21rCafBm0WIKJmeZ3qu3XE1FaQ5vPY3zSB9Pz6Fw9gouZvIBkbiZR
3X+pWH7LFuMd7Ka/zrfftjNGXpvVSZ/pHtxtQirHqrC4TfAcS/GCam2sZB2Tc/Nf
U26rkd9BOIVMNyLTRj2HYDIae+TcrDtF2J4Xk8RALmi8thpuPfeEvvJ0q+nqrkRj
2QTTlECLD0sE9eWNqc0o3bBXS7xK4UUkrSMNAvbZ4euU9KIAIFTHxfKuqr+yjSWA
A8MkZamNFvjH8CksMwIlIbYTM+T5mJUg/IOow4528IU7D9VwuHQFADrM53u1AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUIt7/h01utMgKAm6NViNO7Q2Xj4AwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzIxNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC0wD
BACNC4wwDQYJKoZIhvcNAQELBQADggEBAB0UG/KFatHMzwWNIOtYOiuvzS1wNnYU
JDWEpyVoLAkqcciOgXRb+7o64PEMLIqYTpasO4TieXfjiXJ6L/6R8wLII1zofHcc
4Mk+XRPo1ciuP1pjUmeTB/H5fnkuiHZ5g/4no6ny4k/iV5o2mP4VfqybasfYJt5y
zJlPfnsug4G9DJz6D3zD9AWiYgtQgNiFZAYeY0qwH0tBTV3LPkJqH6DJ7tAKsIes
QZDSfGf8em7dlTBTuxLcq9t1Q5EbzDHaDjlahYQFrRI4zOB0B+6HE4lFU8EGLUQr
OnJmr0fhNkbr0Z5nXgFPRY07MlA3PwhZ1f7Arzk0N9DQWlcZqc8gq4A=
-----END CERTIFICATE-----