Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400951.roa
File:                     AS400951.roa (raw, json)
Hash identifier:          aG6TIGOyXQey1peuXk6/DV6hmaBBEcAX8zX2CfxPF9U=
Subject key identifier:   90:02:0E:32:DD:2E:4A:54:49:68:DC:8A:9D:D2:AD:D1:18:F1:4A:AC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2907B6F470836EF09638F2F97E507445E755B8F3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400951.roa
Signing time:             Wed 08 Apr 2026 16:48:55 +0000
ROA not before:           Wed 08 Apr 2026 16:43:55 +0000
ROA not after:            Wed 07 Apr 2027 16:48:55 +0000
asID:                     400951
IP address blocks:        155.117.198.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:07:b6:f4:70:83:6e:f0:96:38:f2:f9:7e:50:74:45:e7:55:b8:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  8 16:43:55 2026 GMT
            Not After : Apr  7 16:48:55 2027 GMT
        Subject: CN=90020E32DD2E4A544968DC8A9DD2ADD118F14AAC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:13:4a:9d:11:e8:37:b6:d5:52:ab:f0:3d:d3:
                    ab:95:98:ae:37:1e:d2:ed:b9:16:48:bf:18:f2:32:
                    0f:ff:48:86:3e:cb:39:6c:b4:32:c6:21:48:89:78:
                    c1:2c:03:79:96:2f:d2:6d:9f:38:50:e0:d5:8b:c5:
                    cd:bf:c0:71:ea:1e:43:68:76:a2:e2:93:fe:dd:c3:
                    30:25:f8:c4:48:b9:02:77:96:13:21:13:a8:3c:dd:
                    9f:ec:b1:d0:8e:b3:ff:8c:46:03:3e:47:2d:75:40:
                    81:34:82:de:14:d8:14:90:57:5c:3e:b0:5e:c1:fe:
                    26:23:b8:9a:b0:37:0d:fa:40:07:c0:64:7f:1d:69:
                    0b:29:05:cd:b9:87:33:45:82:83:b2:5c:2e:fc:8c:
                    6b:ba:dc:76:a4:63:38:e1:87:dc:1e:06:0c:5c:69:
                    4c:52:8a:17:93:70:a6:80:51:ba:52:9c:f6:44:ba:
                    f7:9e:ae:db:c9:bf:9e:a1:b6:7a:bd:e4:1c:81:5a:
                    c6:36:35:c8:65:fe:8b:55:ab:79:7a:c5:a0:94:ce:
                    c4:ab:14:9e:bd:0f:68:c1:1a:1c:59:d2:0d:19:96:
                    fc:a5:80:75:b5:8a:4e:28:41:aa:e2:28:b1:b7:ee:
                    c9:36:ea:80:54:66:82:45:73:a7:c3:2a:10:d6:7b:
                    6c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:02:0E:32:DD:2E:4A:54:49:68:DC:8A:9D:D2:AD:D1:18:F1:4A:AC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS400951.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:42:4f:13:ff:d7:3a:6d:e3:b7:b0:36:c3:e0:43:37:d5:4b:
         47:5e:6a:1e:50:28:ba:3e:34:94:5a:b8:61:2a:e9:b0:80:e8:
         1b:a6:3c:fa:1e:8b:d9:d5:e9:9c:05:cb:d8:3c:44:b7:75:a0:
         fb:18:81:91:03:0b:83:59:11:95:4d:39:bd:34:43:f2:8a:9d:
         6a:11:9c:a7:91:ab:bb:62:32:9c:69:51:4f:83:e6:48:7a:04:
         63:5c:ea:ec:3c:2e:11:cf:82:1b:41:5e:58:c4:aa:cb:8a:b1:
         8a:db:b8:38:31:33:24:95:cc:0c:6c:9e:45:47:a4:6b:09:78:
         e1:de:cf:e0:a8:da:09:f6:67:b3:7e:c8:e5:f5:a3:f4:59:23:
         b3:54:84:f9:4a:12:f4:a0:9e:23:77:3d:9f:40:b8:1f:1d:d7:
         92:f3:7c:43:05:10:34:74:04:fd:e3:44:5b:dc:cb:2a:5f:11:
         16:76:da:b7:f7:b0:8c:77:90:82:1b:ad:a7:d4:a5:f8:8e:6b:
         1f:0f:56:6c:df:c1:ce:20:20:96:cf:3a:dd:34:0a:02:f9:b4:
         99:12:08:98:ad:8a:a6:6d:21:a9:d7:51:6c:f1:09:3b:fa:08:
         3f:4a:3d:17:4d:78:83:66:bf:af:bf:98:5a:66:af:ad:cf:f3:
         cb:85:08:8a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKQe29HCDbvCWOPL5flB0RedVuPMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDgxNjQzNTVaFw0yNzA0MDcxNjQ4NTVaMDMxMTAvBgNV
BAMTKDkwMDIwRTMyREQyRTRBNTQ0OTY4REM4QTlERDJBREQxMThGMTRBQUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDHE0qdEeg3ttVSq/A906uVmK43
HtLtuRZIvxjyMg//SIY+yzlstDLGIUiJeMEsA3mWL9JtnzhQ4NWLxc2/wHHqHkNo
dqLik/7dwzAl+MRIuQJ3lhMhE6g83Z/ssdCOs/+MRgM+Ry11QIE0gt4U2BSQV1w+
sF7B/iYjuJqwNw36QAfAZH8daQspBc25hzNFgoOyXC78jGu63HakYzjhh9weBgxc
aUxSiheTcKaAUbpSnPZEuveertvJv56htnq95ByBWsY2Nchl/otVq3l6xaCUzsSr
FJ69D2jBGhxZ0g0ZlvylgHW1ik4oQariKLG37sk26oBUZoJFc6fDKhDWe2xlAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUkAIOMt0uSlRJaNyKndKt0RjxSqwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAwOTUxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBm3XG
MA0GCSqGSIb3DQEBCwUAA4IBAQArQk8T/9c6beO3sDbD4EM31UtHXmoeUCi6PjSU
WrhhKumwgOgbpjz6HovZ1emcBcvYPES3daD7GIGRAwuDWRGVTTm9NEPyip1qEZyn
kau7YjKcaVFPg+ZIegRjXOrsPC4Rz4IbQV5YxKrLirGK27g4MTMklcwMbJ5FR6Rr
CXjh3s/gqNoJ9mezfsjl9aP0WSOzVIT5ShL0oJ4jdz2fQLgfHdeS83xDBRA0dAT9
40Rb3MsqXxEWdtq397CMd5CCG62n1KX4jmsfD1Zs38HOICCWzzrdNAoC+bSZEgiY
rYqmbSGp11Fs8Qk7+gg/Sj0XTXiDZr+vv5haZq+tz/PLhQiK
-----END CERTIFICATE-----