Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          Lgnn5yIacxHNyF109gfHrwI+mredvF23dVhtkiSyUxA=
Subject key identifier:   0D:43:15:08:28:2A:FD:8C:77:EC:22:B1:46:37:45:35:F0:BD:28:41
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6616ED7CD44B9018822F26D9AC26F234694CF01D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa
Signing time:             Wed 11 Jun 2025 11:10:46 +0000
ROA not before:           Wed 11 Jun 2025 11:05:46 +0000
ROA not after:            Wed 10 Jun 2026 11:10:46 +0000
asID:                     22427
IP address blocks:        178.94.160.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:16:ed:7c:d4:4b:90:18:82:2f:26:d9:ac:26:f2:34:69:4c:f0:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 11 11:05:46 2025 GMT
            Not After : Jun 10 11:10:46 2026 GMT
        Subject: CN=0D431508282AFD8C77EC22B146374535F0BD2841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:ac:4e:d3:d8:57:cd:61:b0:36:e8:b1:61:06:
                    11:cd:4c:4c:c0:98:8f:c5:fa:47:ba:a2:29:6f:b3:
                    7e:7d:f0:d4:dd:d1:7c:49:cf:2d:cf:d0:c7:d5:b4:
                    4d:c5:03:6c:28:fb:5d:0a:b1:56:9c:d4:f4:dc:ea:
                    9a:80:17:78:b7:9a:58:13:e7:9f:e8:fa:7e:cc:50:
                    92:8d:7b:1d:dd:fb:ba:70:72:55:29:d6:97:e7:a3:
                    80:af:85:7e:65:aa:8a:8f:15:a7:49:24:84:95:28:
                    c7:f3:a7:6c:d9:2d:1e:77:f4:db:e3:dc:f7:32:79:
                    28:6b:ad:1c:e2:e5:19:52:a6:cd:72:8c:dd:c0:6e:
                    f8:63:9c:df:02:8e:84:d6:55:60:c6:b2:75:22:e8:
                    f5:e2:72:b4:61:25:58:a2:89:ce:10:e4:30:c8:20:
                    8a:7d:3b:c5:94:08:51:1c:e8:26:94:f5:5e:e0:67:
                    17:45:ab:c0:68:41:5a:58:86:9a:f1:a4:df:76:66:
                    da:d1:41:26:b1:cc:77:e7:8b:f6:d7:4a:19:53:27:
                    9a:6d:1a:e0:fc:e2:2a:8a:0b:12:f3:49:94:ae:77:
                    fc:e1:bb:0c:bf:45:7e:72:53:2c:75:73:f2:59:87:
                    c7:4a:70:75:7a:07:53:39:05:b4:d2:bd:6b:0d:7a:
                    ec:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:43:15:08:28:2A:FD:8C:77:EC:22:B1:46:37:45:35:F0:BD:28:41
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.94.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:f5:bd:82:5f:8e:7c:e3:24:d3:87:4b:38:8a:e7:f6:17:d6:
         61:b3:09:8e:80:38:2a:99:0c:2c:e4:e6:c3:1b:cf:5a:fd:ce:
         b7:ee:a1:81:a6:80:13:96:92:8e:eb:21:56:12:4c:40:30:88:
         fc:13:e4:55:39:36:2e:83:20:4f:2f:11:36:d3:7a:b9:25:c4:
         6c:25:19:bb:b3:00:ff:2d:d1:53:71:34:c2:61:9e:82:7a:77:
         55:84:04:97:3a:0d:a7:c9:1d:00:62:1b:9c:ce:34:ad:da:15:
         42:bb:3c:64:51:ca:87:bc:21:4d:57:de:59:bd:c9:f3:f7:86:
         2a:06:f9:55:94:62:58:3c:28:c9:a2:ac:31:f7:8a:07:a1:f0:
         c7:08:3a:d0:65:09:93:5f:69:3b:93:ac:d2:e1:9a:5f:17:c1:
         7e:e3:45:38:f9:b6:d2:1c:db:d6:33:32:39:ef:57:87:df:c0:
         96:cc:11:74:8c:af:fa:48:a5:bb:ff:07:0c:83:f2:35:f1:17:
         94:17:cd:4a:f9:e0:a9:f8:19:59:05:22:76:0c:cb:15:8c:2a:
         bb:bf:4d:a7:1b:c1:55:1f:4e:33:2c:ab:dc:29:fa:e1:fe:06:
         ed:46:0a:99:b3:e5:c9:b0:e3:08:00:ac:60:a4:73:56:77:f4:
         30:fc:88:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUZhbtfNRLkBiCLybZrCbyNGlM8B0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MTExMTA1NDZaFw0yNjA2MTAxMTEwNDZaMDMxMTAvBgNV
BAMTKDBENDMxNTA4MjgyQUZEOEM3N0VDMjJCMTQ2Mzc0NTM1RjBCRDI4NDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCirE7T2FfNYbA26LFhBhHNTEzA
mI/F+ke6oilvs3598NTd0XxJzy3P0MfVtE3FA2wo+10KsVac1PTc6pqAF3i3mlgT
55/o+n7MUJKNex3d+7pwclUp1pfno4CvhX5lqoqPFadJJISVKMfzp2zZLR539Nvj
3PcyeShrrRzi5RlSps1yjN3AbvhjnN8CjoTWVWDGsnUi6PXicrRhJViiic4Q5DDI
IIp9O8WUCFEc6CaU9V7gZxdFq8BoQVpYhprxpN92ZtrRQSaxzHfni/bXShlTJ5pt
GuD84iqKCxLzSZSud/zhuwy/RX5yUyx1c/JZh8dKcHV6B1M5BbTSvWsNeuyXAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUDUMVCCgq/Yx37CKxRjdFNfC9KEEwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACyXqAw
DQYJKoZIhvcNAQELBQADggEBAIL1vYJfjnzjJNOHSziK5/YX1mGzCY6AOCqZDCzk
5sMbz1r9zrfuoYGmgBOWko7rIVYSTEAwiPwT5FU5Ni6DIE8vETbTerklxGwlGbuz
AP8t0VNxNMJhnoJ6d1WEBJc6DafJHQBiG5zONK3aFUK7PGRRyoe8IU1X3lm9yfP3
hioG+VWUYlg8KMmirDH3igeh8McIOtBlCZNfaTuTrNLhml8XwX7jRTj5ttIc29Yz
MjnvV4ffwJbMEXSMr/pIpbv/BwyD8jXxF5QXzUr54Kn4GVkFInYMyxWMKru/Tacb
wVUfTjMsq9wp+uH+Bu1GCpmz5cmw4wgArGCkc1Z39DD8iKo=
-----END CERTIFICATE-----