Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          bmRJ5X4+2ide91XZxbyKMxWm+XJtK+CO39Mc2AlxR+I=
Subject key identifier:   C4:FE:FA:11:6C:31:01:74:22:57:CA:F4:80:05:95:5B:82:C5:48:E1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3C66CE6013409277D893171B6B3275C2D93F4738
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399486.roa
Signing time:             Wed 01 Apr 2026 23:16:47 +0000
ROA not before:           Wed 01 Apr 2026 23:11:47 +0000
ROA not after:            Wed 31 Mar 2027 23:16:47 +0000
asID:                     399486
IP address blocks:        155.117.232.0/24 maxlen: 24
                          168.222.97.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:66:ce:60:13:40:92:77:d8:93:17:1b:6b:32:75:c2:d9:3f:47:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  1 23:11:47 2026 GMT
            Not After : Mar 31 23:16:47 2027 GMT
        Subject: CN=C4FEFA116C3101742257CAF48005955B82C548E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:af:46:b5:df:19:f7:79:6e:d7:bd:9b:86:78:
                    fe:33:c6:b0:43:e2:e7:3f:4d:31:e0:3b:73:44:40:
                    42:f7:1e:b3:5a:4e:36:e7:ad:c7:a9:a3:2f:d7:51:
                    2b:6b:1b:e6:57:cf:54:1e:21:ee:2c:df:3e:f6:fb:
                    b3:25:07:44:45:3e:96:23:bf:20:df:f2:a0:2e:2f:
                    39:0d:5d:be:44:b7:15:8e:71:23:9b:5b:1e:84:cb:
                    1c:c0:64:61:08:82:53:59:6b:8a:0c:6d:04:89:4d:
                    df:2e:81:7b:5a:6a:cb:98:6c:14:31:10:31:3c:97:
                    a5:b4:cf:0a:c3:f7:6a:b6:67:44:36:7e:7e:ae:e9:
                    45:d3:77:ad:6b:1e:57:81:7f:20:c0:47:77:99:17:
                    51:88:71:2d:d9:4b:04:99:49:4c:3a:a7:97:f5:68:
                    2e:d0:4f:55:f6:63:80:b1:95:51:0b:b8:2c:9c:bf:
                    aa:0f:73:36:a2:88:4f:b4:8f:ce:58:d3:bf:41:f6:
                    75:ca:16:99:a2:3e:6b:2f:21:5c:da:24:8f:cc:89:
                    89:89:1e:59:69:39:8f:53:c3:73:5a:69:97:4c:21:
                    e4:c6:ed:0e:b9:8f:f2:30:74:18:9c:f4:98:92:d5:
                    d4:fc:2e:00:69:ab:26:f0:99:5c:31:c4:ca:f4:3f:
                    5f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:FE:FA:11:6C:31:01:74:22:57:CA:F4:80:05:95:5B:82:C5:48:E1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.232.0/24
                  168.222.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:03:70:f4:f7:07:e7:e5:28:ce:9f:7b:6d:a3:ce:8e:cd:ee:
         c2:89:f2:73:41:91:39:e8:34:c7:3a:d7:1f:bb:84:a0:d3:42:
         ec:3c:30:41:b7:d3:1c:ab:66:03:2b:49:cd:ae:fb:df:08:b9:
         51:75:c3:07:83:e2:9a:da:e8:10:a8:da:ca:a9:7d:b4:90:70:
         2a:64:86:73:4f:67:c8:5e:e8:75:23:36:b3:ad:ad:0f:2c:3e:
         bd:ff:ea:b9:17:17:2a:37:ab:63:7c:6c:6b:8d:38:86:d8:e7:
         63:c2:52:39:7b:94:7d:69:5c:b3:2e:a7:f5:c9:f3:67:c2:af:
         0c:9d:d4:36:49:ff:e8:ee:32:b3:dc:d2:1b:53:f3:df:22:0f:
         db:2e:a1:32:17:80:7d:f0:9a:e1:3b:d5:b1:ec:2d:d1:2b:fd:
         da:65:ad:1e:b4:ea:cf:4e:bd:d3:3a:8e:6d:40:70:b2:c8:29:
         31:d2:a0:24:e3:fd:e0:d1:c8:a5:7c:eb:0a:9b:81:f8:fb:00:
         91:ab:a2:f1:e0:24:8e:18:fc:64:d9:49:b2:dc:ba:d6:02:ee:
         7a:52:54:21:c4:3b:b6:e0:dc:7f:f0:01:24:e8:12:65:d0:3e:
         eb:13:f4:60:6c:16:bf:3c:da:d0:2c:3b:14:39:01:35:10:6e:
         bf:24:35:e1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUPGbOYBNAknfYkxcbazJ1wtk/RzgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDEyMzExNDdaFw0yNzAzMzEyMzE2NDdaMDMxMTAvBgNV
BAMTKEM0RkVGQTExNkMzMTAxNzQyMjU3Q0FGNDgwMDU5NTVCODJDNTQ4RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChr0a13xn3eW7XvZuGeP4zxrBD
4uc/TTHgO3NEQEL3HrNaTjbnrcepoy/XUStrG+ZXz1QeIe4s3z72+7MlB0RFPpYj
vyDf8qAuLzkNXb5EtxWOcSObWx6EyxzAZGEIglNZa4oMbQSJTd8ugXtaasuYbBQx
EDE8l6W0zwrD92q2Z0Q2fn6u6UXTd61rHleBfyDAR3eZF1GIcS3ZSwSZSUw6p5f1
aC7QT1X2Y4CxlVELuCycv6oPczaiiE+0j85Y079B9nXKFpmiPmsvIVzaJI/MiYmJ
HllpOY9Tw3NaaZdMIeTG7Q65j/IwdBic9JiS1dT8LgBpqybwmVwxxMr0P1+NAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUxP76EWwxAXQiV8r0gAWVW4LFSOEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3Xo
AwQAqN5hMA0GCSqGSIb3DQEBCwUAA4IBAQBEA3D09wfn5SjOn3tto86Oze7CifJz
QZE56DTHOtcfu4Sg00LsPDBBt9Mcq2YDK0nNrvvfCLlRdcMHg+Ka2ugQqNrKqX20
kHAqZIZzT2fIXuh1Izazra0PLD69/+q5FxcqN6tjfGxrjTiG2OdjwlI5e5R9aVyz
Lqf1yfNnwq8MndQ2Sf/o7jKz3NIbU/PfIg/bLqEyF4B98JrhO9Wx7C3RK/3aZa0e
tOrPTr3TOo5tQHCyyCkx0qAk4/3g0cilfOsKm4H4+wCRq6Lx4CSOGPxk2Umy3LrW
Au56UlQhxDu24Nx/8AEk6BJl0D7rE/RgbBa/PNrQLDsUOQE1EG6/JDXh
-----END CERTIFICATE-----