Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8796.roa
File:                     AS8796.roa (raw, json)
Hash identifier:          Hf0zC9SVLwVpCncsYaZW4jPRTwX+4OWQuLKgUHv11Es=
Subject key identifier:   08:10:0E:24:2B:9F:83:43:5F:D0:51:54:F2:D3:5A:51:7F:B8:1E:6F
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5225212365CFB82E3672DFA8E9D9663D97CF98AE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8796.roa
Signing time:             Tue 09 Jun 2026 18:53:15 +0000
ROA not before:           Tue 09 Jun 2026 18:48:15 +0000
ROA not after:            Tue 08 Jun 2027 18:53:15 +0000
asID:                     8796
IP address blocks:        141.11.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:25:21:23:65:cf:b8:2e:36:72:df:a8:e9:d9:66:3d:97:cf:98:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  9 18:48:15 2026 GMT
            Not After : Jun  8 18:53:15 2027 GMT
        Subject: CN=08100E242B9F83435FD05154F2D35A517FB81E6F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:ee:db:7e:91:e7:9a:95:b4:e2:d0:e5:ce:33:
                    34:bd:7e:29:80:cd:88:d0:f3:a9:14:5a:ce:2c:06:
                    eb:07:3d:b0:60:8c:f6:16:18:30:38:2c:11:98:05:
                    94:25:e5:cb:2d:5d:d7:b4:64:9d:cc:f0:72:36:49:
                    4c:31:79:bf:4c:55:4f:4b:16:e4:1a:6a:cf:04:2d:
                    d8:f9:16:58:33:6a:75:4a:f9:e2:51:ef:97:56:99:
                    64:10:24:86:f5:54:1d:ea:86:37:bd:ba:56:40:a9:
                    27:3e:eb:b3:04:4b:59:77:ee:a1:21:c6:ca:30:e4:
                    13:a0:54:f2:6a:e3:d4:cb:86:20:cd:d9:12:cc:20:
                    d5:ba:5e:2e:7c:83:21:30:f1:76:e9:38:eb:6b:48:
                    e7:b7:d1:e7:0b:31:ec:b8:cc:ab:17:d3:ad:9e:a9:
                    4f:ba:4b:89:7d:00:07:85:43:ad:eb:5f:a3:c6:5b:
                    51:75:c2:b3:d1:0a:81:14:88:3f:78:46:05:6e:60:
                    ac:fc:38:90:af:5d:e5:19:8a:c3:8c:87:16:26:d1:
                    97:a3:4e:12:9a:76:73:bc:3e:28:8f:c0:eb:11:5f:
                    fc:92:eb:2f:6f:b8:00:7e:c3:2f:a0:e1:8a:85:8d:
                    5b:58:de:9f:c8:fa:d0:81:be:ab:8d:b9:1c:dc:15:
                    16:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:10:0E:24:2B:9F:83:43:5F:D0:51:54:F2:D3:5A:51:7F:B8:1E:6F
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS8796.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:fa:67:bf:7c:ce:20:0c:45:e8:bf:13:6f:0a:31:f1:62:51:
         2a:f5:67:3d:c2:11:4e:54:e2:25:26:09:89:45:e5:63:b7:fd:
         32:eb:d0:4c:f1:bb:5b:32:9d:68:2a:8b:9d:d1:d8:47:3d:be:
         e4:06:ad:7a:86:5a:4d:a6:74:61:24:eb:9f:01:8d:99:50:4a:
         06:9b:f4:97:3c:79:15:30:fe:21:88:1e:60:c1:24:f6:79:1f:
         dc:08:bb:d6:c9:25:06:b9:c6:83:33:82:3e:52:38:4f:38:33:
         14:b1:fc:8f:f4:98:ce:14:4c:d1:10:d7:4c:b2:7b:62:bf:cf:
         97:2f:c4:bc:34:86:69:a9:d6:4e:e9:12:b8:23:c9:23:a8:7f:
         58:ae:3a:b0:13:9f:58:fc:99:06:5e:0e:58:77:b0:d1:ef:95:
         2d:0f:e1:86:f6:6c:02:d1:2d:74:c8:1d:00:83:90:02:b3:b7:
         70:c3:5e:98:77:2e:a5:18:f4:8e:e8:43:e6:40:07:60:2b:46:
         a3:d1:36:c0:6b:76:32:ac:a7:eb:d2:1b:db:5f:5d:3e:46:49:
         9d:f8:32:1a:a6:8a:eb:a8:2b:b6:c8:79:0f:f6:6e:2e:24:59:
         08:df:76:c9:4b:b0:07:cc:d5:ac:b2:0a:93:4c:ca:f8:ff:aa:
         45:fa:e2:26
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUUiUhI2XPuC42ct+o6dlmPZfPmK4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDkxODQ4MTVaFw0yNzA2MDgxODUzMTVaMDMxMTAvBgNV
BAMTKDA4MTAwRTI0MkI5RjgzNDM1RkQwNTE1NEYyRDM1QTUxN0ZCODFFNkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCg7tt+keealbTi0OXOMzS9fimA
zYjQ86kUWs4sBusHPbBgjPYWGDA4LBGYBZQl5cstXde0ZJ3M8HI2SUwxeb9MVU9L
FuQaas8ELdj5FlgzanVK+eJR75dWmWQQJIb1VB3qhje9ulZAqSc+67MES1l37qEh
xsow5BOgVPJq49TLhiDN2RLMINW6Xi58gyEw8XbpOOtrSOe30ecLMey4zKsX062e
qU+6S4l9AAeFQ63rX6PGW1F1wrPRCoEUiD94RgVuYKz8OJCvXeUZisOMhxYm0Zej
ThKadnO8PiiPwOsRX/yS6y9vuAB+wy+g4YqFjVtY3p/I+tCBvquNuRzcFRZFAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUCBAOJCufg0Nf0FFU8tNaUX+4Hm8wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTODc5Ni5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI0LMjAN
BgkqhkiG9w0BAQsFAAOCAQEABvpnv3zOIAxF6L8Tbwox8WJRKvVnPcIRTlTiJSYJ
iUXlY7f9MuvQTPG7WzKdaCqLndHYRz2+5AateoZaTaZ0YSTrnwGNmVBKBpv0lzx5
FTD+IYgeYMEk9nkf3Ai71sklBrnGgzOCPlI4TzgzFLH8j/SYzhRM0RDXTLJ7Yr/P
ly/EvDSGaanWTukSuCPJI6h/WK46sBOfWPyZBl4OWHew0e+VLQ/hhvZsAtEtdMgd
AIOQArO3cMNemHcupRj0juhD5kAHYCtGo9E2wGt2Mqyn69Ib219dPkZJnfgyGqaK
66grtsh5D/ZuLiRZCN92yUuwB8zVrLIKk0zK+P+qRfriJg==
-----END CERTIFICATE-----