Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          6jdCb3pjRANoYKChAdcTobr3QM+Kch8fRdZK/jWKbtg=
Subject key identifier:   A4:9D:86:D9:39:DA:17:92:C0:11:C9:C0:7A:F6:B5:D5:37:66:7F:88
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       052E0B5E824E55A42EFC11CEDC91EE9B4130B469
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa
Signing time:             Sun 15 Feb 2026 00:07:05 +0000
ROA not before:           Sun 15 Feb 2026 00:02:05 +0000
ROA not after:            Sun 14 Feb 2027 00:07:05 +0000
asID:                     397630
IP address blocks:        143.14.188.0/24 maxlen: 24
                          150.241.136.0/24 maxlen: 24
                          155.117.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 12:54:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:2e:0b:5e:82:4e:55:a4:2e:fc:11:ce:dc:91:ee:9b:41:30:b4:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 15 00:02:05 2026 GMT
            Not After : Feb 14 00:07:05 2027 GMT
        Subject: CN=A49D86D939DA1792C011C9C07AF6B5D537667F88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:e5:5a:91:94:c4:df:88:43:3c:b9:13:ba:8b:
                    73:57:a0:26:2e:49:95:07:1b:c0:ae:65:2c:9d:9b:
                    6d:6d:11:d9:95:2d:b3:d2:b5:31:9b:ed:06:ae:2c:
                    e3:50:52:75:df:65:ff:19:f6:84:43:9e:4c:28:fc:
                    c1:8b:2e:c6:b5:1c:ed:03:08:25:54:6b:4b:d1:90:
                    7d:6f:2b:63:06:69:d9:76:fe:a4:dd:7b:cf:70:6c:
                    a8:f0:47:24:0f:5b:9f:f0:ef:77:47:9a:ba:24:5b:
                    53:ec:cc:a0:3b:40:d5:fe:f4:ff:eb:68:04:1b:d4:
                    3b:c2:42:0d:f2:51:fe:8e:ed:90:bf:71:be:db:29:
                    87:c7:76:30:65:2f:8a:40:79:33:3c:96:ac:b6:d5:
                    a8:8e:a1:6c:4f:b9:91:a7:43:d1:4d:2e:21:52:81:
                    f7:8b:4f:37:eb:f5:dd:3f:84:da:1b:6f:c2:dc:39:
                    31:db:cc:88:c5:9b:16:af:83:7b:1e:a0:b7:d8:fd:
                    e9:9f:8b:d5:45:01:ea:dc:ee:f9:db:84:64:ce:fb:
                    24:0e:07:9f:3b:9f:72:38:37:02:65:85:86:85:4b:
                    c0:4b:8c:b7:df:29:e3:70:d4:c8:a9:81:4c:b0:58:
                    76:42:5d:d6:94:df:ee:b9:ae:4c:92:64:c2:40:12:
                    33:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:9D:86:D9:39:DA:17:92:C0:11:C9:C0:7A:F6:B5:D5:37:66:7F:88
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.188.0/24
                  150.241.136.0/24
                  155.117.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:3b:f0:90:3e:ac:90:2b:43:bb:21:7e:5c:36:10:75:a5:3f:
         77:0e:db:32:99:41:eb:70:7c:3a:2c:b8:42:95:2f:0f:40:4e:
         a1:62:9c:3d:9d:93:1b:1d:c3:35:12:71:b1:e2:42:09:e2:17:
         30:00:65:3f:27:60:3e:28:86:4b:53:0b:77:da:ae:c9:c6:93:
         b5:7a:f2:f0:71:f8:29:c8:49:81:d1:fd:da:70:51:0c:2c:69:
         29:88:2c:76:5c:5a:71:0d:e2:2a:13:1f:11:94:37:2c:cb:c2:
         46:91:c7:fc:5b:66:e3:78:0e:51:58:6f:14:ee:eb:ee:cd:f3:
         92:98:82:2e:43:37:0f:f2:e3:41:ba:0e:b6:03:05:fc:66:0f:
         97:b1:af:84:a6:cd:55:e1:ca:d4:f3:2e:ae:19:08:e6:50:52:
         66:ac:9a:ab:0b:67:47:cd:83:da:c0:41:3e:43:eb:5d:04:c4:
         8f:26:25:25:7c:d0:15:50:f1:e2:9c:79:29:a1:04:a3:21:f6:
         3f:da:72:12:ef:51:18:13:91:55:5c:ee:05:23:15:18:19:95:
         97:af:c1:bb:4b:23:40:64:5e:c8:af:f2:04:b9:28:80:e2:4c:
         e9:da:6c:33:49:13:91:b7:fa:c0:ac:b8:2d:47:71:3a:07:6b:
         49:6f:18:23
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUBS4LXoJOVaQu/BHO3JHum0EwtGkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTUwMDAyMDVaFw0yNzAyMTQwMDA3MDVaMDMxMTAvBgNV
BAMTKEE0OUQ4NkQ5MzlEQTE3OTJDMDExQzlDMDdBRjZCNUQ1Mzc2NjdGODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM5VqRlMTfiEM8uRO6i3NXoCYu
SZUHG8CuZSydm21tEdmVLbPStTGb7QauLONQUnXfZf8Z9oRDnkwo/MGLLsa1HO0D
CCVUa0vRkH1vK2MGadl2/qTde89wbKjwRyQPW5/w73dHmrokW1PszKA7QNX+9P/r
aAQb1DvCQg3yUf6O7ZC/cb7bKYfHdjBlL4pAeTM8lqy21aiOoWxPuZGnQ9FNLiFS
gfeLTzfr9d0/hNobb8LcOTHbzIjFmxavg3seoLfY/emfi9VFAerc7vnbhGTO+yQO
B587n3I4NwJlhYaFS8BLjLffKeNw1MipgUywWHZCXdaU3+65rkySZMJAEjMtAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUpJ2G2TnaF5LAEcnAeva11Tdmf4gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw68
AwQAlvGIAwQAm3VRMA0GCSqGSIb3DQEBCwUAA4IBAQBXO/CQPqyQK0O7IX5cNhB1
pT93DtsymUHrcHw6LLhClS8PQE6hYpw9nZMbHcM1EnGx4kIJ4hcwAGU/J2A+KIZL
Uwt32q7JxpO1evLwcfgpyEmB0f3acFEMLGkpiCx2XFpxDeIqEx8RlDcsy8JGkcf8
W2bjeA5RWG8U7uvuzfOSmIIuQzcP8uNBug62AwX8Zg+Xsa+Eps1V4crU8y6uGQjm
UFJmrJqrC2dHzYPawEE+Q+tdBMSPJiUlfNAVUPHinHkpoQSjIfY/2nIS71EYE5FV
XO4FIxUYGZWXr8G7SyNAZF7Ir/IEuSiA4kzp2mwzSRORt/rArLgtR3E6B2tJbxgj
-----END CERTIFICATE-----