Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa
File:                     AS32167.roa (raw, json)
Hash identifier:          2iH8i5dqSV+S2hD1rHpz5+koo84WgDbZva6ifcrm+Ec=
Subject key identifier:   51:AD:C4:54:47:52:A1:00:5B:C4:37:B3:17:81:C3:7D:1C:E1:DB:DC
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       75EE003E241C840B0B7EC5FF4A2F8FF85118A2C3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa
Signing time:             Tue 14 Apr 2026 20:47:54 +0000
ROA not before:           Tue 14 Apr 2026 20:42:54 +0000
ROA not after:            Tue 13 Apr 2027 20:47:54 +0000
asID:                     32167
IP address blocks:        141.11.76.0/24 maxlen: 24
                          141.11.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:ee:00:3e:24:1c:84:0b:0b:7e:c5:ff:4a:2f:8f:f8:51:18:a2:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 14 20:42:54 2026 GMT
            Not After : Apr 13 20:47:54 2027 GMT
        Subject: CN=51ADC4544752A1005BC437B31781C37D1CE1DBDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:00:bc:9f:b1:65:45:00:63:74:9f:25:f8:af:
                    85:20:a4:10:1b:63:33:f8:c2:c7:4e:44:43:59:31:
                    83:2f:18:81:34:1d:be:64:80:82:9c:83:7b:26:5e:
                    10:40:70:19:3e:1b:ec:8f:4e:be:20:b4:10:43:a0:
                    18:31:d7:ef:56:03:18:2f:03:7e:f0:1f:bb:86:55:
                    b0:7f:82:2a:46:5d:19:4a:75:02:10:b0:81:77:82:
                    6f:37:59:09:83:d9:6c:c2:f1:30:ec:b8:6b:39:69:
                    c9:68:98:75:24:a0:b3:d5:94:73:2f:52:e6:fc:0b:
                    75:47:ca:ce:81:d0:2a:a7:bd:f2:28:6a:79:fe:1d:
                    48:26:9d:03:f0:24:36:42:cb:88:0f:81:24:65:3d:
                    15:ac:0e:7e:dc:82:3f:56:3e:df:9e:8e:48:74:07:
                    e2:2a:dc:b9:06:2c:f4:2d:9d:f9:ae:87:b1:0f:2c:
                    19:63:4d:45:84:16:be:2a:40:5a:b0:68:ec:21:84:
                    b7:09:06:71:95:22:1b:25:e2:ba:45:5a:cc:47:22:
                    bf:59:62:ab:d8:30:03:ab:00:0a:27:f5:0e:2f:43:
                    84:4e:6a:37:86:14:2c:fb:6f:cc:d8:79:87:4a:a7:
                    a1:f0:2d:13:a9:09:6c:87:c6:b1:e8:f6:c6:30:07:
                    26:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:AD:C4:54:47:52:A1:00:5B:C4:37:B3:17:81:C3:7D:1C:E1:DB:DC
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS32167.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.76.0/24
                  141.11.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:ec:e0:18:9a:9a:52:97:33:ba:7f:91:87:e4:6d:cf:da:89:
         e8:c0:24:91:8a:7e:41:00:48:de:44:82:c9:0b:2e:f4:c8:19:
         94:c7:c0:b3:22:1b:a8:a4:31:e7:33:39:73:4b:4f:1b:36:08:
         f0:6f:df:e0:00:2c:be:75:64:93:15:ad:12:5d:66:42:f1:3f:
         9f:69:0e:a1:81:f8:e5:88:7d:3b:33:ea:d1:ca:84:99:f5:6c:
         54:16:4d:da:0c:9f:64:23:f9:c8:08:c9:87:bb:d3:71:60:c7:
         13:fe:81:96:42:cf:ce:4c:d4:6c:db:8e:0c:39:52:40:9e:e9:
         5b:e7:b9:a3:85:24:11:c6:09:34:18:93:e7:8e:50:af:87:2d:
         77:fe:40:e6:e2:4c:68:7f:c7:40:7e:69:92:c3:50:42:21:c4:
         29:dc:dc:75:02:64:52:08:2c:d2:21:f1:ee:e5:4f:ef:05:f7:
         09:27:24:ce:b1:9b:c3:f4:42:e1:7c:1f:92:05:f4:bc:59:fc:
         21:f1:a2:bc:f1:82:85:0a:3c:b1:73:ff:08:fd:77:82:ec:e4:
         54:4e:1c:49:27:0e:17:c7:5d:04:a5:81:b6:91:d6:79:c6:ce:
         0b:ae:cb:ed:21:7b:12:b1:94:1a:1c:1d:b3:f4:e7:71:08:e9:
         cd:5c:b2:04
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUde4APiQchAsLfsX/Si+P+FEYosMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MTQyMDQyNTRaFw0yNzA0MTMyMDQ3NTRaMDMxMTAvBgNV
BAMTKDUxQURDNDU0NDc1MkExMDA1QkM0MzdCMzE3ODFDMzdEMUNFMURCREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxALyfsWVFAGN0nyX4r4UgpBAb
YzP4wsdORENZMYMvGIE0Hb5kgIKcg3smXhBAcBk+G+yPTr4gtBBDoBgx1+9WAxgv
A37wH7uGVbB/gipGXRlKdQIQsIF3gm83WQmD2WzC8TDsuGs5aclomHUkoLPVlHMv
Uub8C3VHys6B0CqnvfIoann+HUgmnQPwJDZCy4gPgSRlPRWsDn7cgj9WPt+ejkh0
B+Iq3LkGLPQtnfmuh7EPLBljTUWEFr4qQFqwaOwhhLcJBnGVIhsl4rpFWsxHIr9Z
YqvYMAOrAAon9Q4vQ4ROajeGFCz7b8zYeYdKp6HwLROpCWyHxrHo9sYwByYpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUUa3EVEdSoQBbxDezF4HDfRzh29wwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzIxNjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACNC0wD
BACNC4wwDQYJKoZIhvcNAQELBQADggEBAKzs4BiamlKXM7p/kYfkbc/aiejAJJGK
fkEASN5EgskLLvTIGZTHwLMiG6ikMeczOXNLTxs2CPBv3+AALL51ZJMVrRJdZkLx
P59pDqGB+OWIfTsz6tHKhJn1bFQWTdoMn2Qj+cgIyYe703FgxxP+gZZCz85M1Gzb
jgw5UkCe6VvnuaOFJBHGCTQYk+eOUK+HLXf+QObiTGh/x0B+aZLDUEIhxCnc3HUC
ZFIILNIh8e7lT+8F9wknJM6xm8P0QuF8H5IF9LxZ/CHxorzxgoUKPLFz/wj9d4Ls
5FROHEknDhfHXQSlgbaR1nnGzguuy+0hexKxlBocHbP053EI6c1csgQ=
-----END CERTIFICATE-----