Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401476.roa
File:                     AS401476.roa (raw, json)
Hash identifier:          v4VdOpXf5fmyrqBAVeMbJ7fhSkIUGuRcQdLbFuZGaDY=
Subject key identifier:   A9:4E:13:93:4D:B3:BD:AB:95:10:97:F6:E9:44:D4:4A:63:A7:43:55
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1F7E479A119E5078E9A3516F437123D5534B0643
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401476.roa
Signing time:             Thu 30 Oct 2025 16:47:45 +0000
ROA not before:           Thu 30 Oct 2025 16:42:45 +0000
ROA not after:            Thu 29 Oct 2026 16:47:45 +0000
asID:                     401476
IP address blocks:        146.103.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:7e:47:9a:11:9e:50:78:e9:a3:51:6f:43:71:23:d5:53:4b:06:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 30 16:42:45 2025 GMT
            Not After : Oct 29 16:47:45 2026 GMT
        Subject: CN=A94E13934DB3BDAB951097F6E944D44A63A74355
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:93:8a:66:a1:86:2b:14:0c:02:cb:c2:6e:18:
                    cc:03:20:01:98:2a:ea:91:28:3c:e4:26:98:9f:ed:
                    e2:8b:f4:d7:7a:74:f6:57:1e:37:f9:f4:a3:97:4a:
                    79:8a:28:6d:eb:c9:df:bb:06:15:a0:c9:e2:13:d1:
                    1f:2d:70:db:7b:98:9d:2b:cb:7b:ab:de:3a:d9:d9:
                    f2:b5:70:2f:53:4d:9d:a0:e2:12:cd:0a:81:95:05:
                    9c:0a:de:21:b0:b8:e7:40:00:c2:13:8a:69:24:ff:
                    79:43:7d:05:c2:9b:97:2e:b0:9e:53:d6:83:db:8b:
                    fa:25:de:de:59:a1:5b:9b:14:da:a0:16:a4:04:90:
                    cb:6c:e2:fb:f5:51:71:36:6f:2b:b9:53:47:aa:17:
                    ea:a5:c3:69:a3:0f:fe:57:3b:57:71:d4:35:e3:a0:
                    1e:a9:5b:f7:46:ec:e3:ec:d4:c2:11:5b:17:47:56:
                    6b:0a:a1:43:a1:2c:11:f4:1d:cf:60:7f:ec:1d:70:
                    f9:23:24:48:6d:19:5b:d9:76:4c:95:f2:07:bc:dd:
                    09:46:de:90:2d:3d:1d:9e:5d:8e:87:3d:05:bc:7f:
                    e2:5e:86:aa:be:fe:9a:7f:88:60:dd:ee:9a:e9:3f:
                    78:26:d4:15:92:d1:cc:8f:5f:e9:9a:b9:10:c6:4f:
                    91:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:4E:13:93:4D:B3:BD:AB:95:10:97:F6:E9:44:D4:4A:63:A7:43:55
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401476.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:91:b0:39:3b:5a:d5:bf:bd:0c:78:c5:a7:d7:ef:55:8a:86:
         e1:72:79:73:e5:74:53:34:27:f9:bf:a4:d7:cb:36:69:b4:45:
         73:65:96:cb:14:cf:47:48:33:3a:14:ec:eb:7e:e4:1f:e1:c4:
         18:0c:2e:64:fa:ab:7e:89:9a:d0:65:77:fb:c1:42:d9:39:63:
         1d:20:2a:47:32:ac:e4:f7:5c:ba:2f:2a:90:6e:28:4b:f1:93:
         e5:a6:18:4d:70:89:54:70:28:8c:b2:70:eb:22:08:cd:6e:c1:
         87:ad:8b:0e:bb:53:59:47:27:e9:3f:7c:37:a5:f0:2d:86:58:
         05:3f:41:8c:95:f6:5b:12:14:fe:16:8c:5e:d2:37:a8:03:8d:
         e5:ba:b9:7b:ad:77:ee:0c:40:50:55:ef:25:d7:e0:84:91:e1:
         85:3b:89:74:54:47:0e:2f:b9:2c:52:cb:9f:ee:3e:95:7b:77:
         62:7d:71:69:d4:7d:b7:3f:1b:1b:37:4f:fe:d0:ab:68:62:5a:
         ce:48:c8:39:f4:01:f9:1b:8d:9d:bd:19:72:40:ab:ae:f9:20:
         fd:2d:99:79:bb:93:91:94:7d:8a:64:5f:f5:66:ac:f3:48:fc:
         a3:b4:cd:ee:8d:e4:54:5a:53:92:40:2b:dd:a4:f0:73:b3:27:
         91:d3:7d:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUH35HmhGeUHjpo1FvQ3Ej1VNLBkMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMzAxNjQyNDVaFw0yNjEwMjkxNjQ3NDVaMDMxMTAvBgNV
BAMTKEE5NEUxMzkzNERCM0JEQUI5NTEwOTdGNkU5NDRENDRBNjNBNzQzNTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXk4pmoYYrFAwCy8JuGMwDIAGY
KuqRKDzkJpif7eKL9Nd6dPZXHjf59KOXSnmKKG3ryd+7BhWgyeIT0R8tcNt7mJ0r
y3ur3jrZ2fK1cC9TTZ2g4hLNCoGVBZwK3iGwuOdAAMITimkk/3lDfQXCm5cusJ5T
1oPbi/ol3t5ZoVubFNqgFqQEkMts4vv1UXE2byu5U0eqF+qlw2mjD/5XO1dx1DXj
oB6pW/dG7OPs1MIRWxdHVmsKoUOhLBH0Hc9gf+wdcPkjJEhtGVvZdkyV8ge83QlG
3pAtPR2eXY6HPQW8f+Jehqq+/pp/iGDd7prpP3gm1BWS0cyPX+mauRDGT5FPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqU4Tk02zvauVEJf26UTUSmOnQ1UwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAxNDc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmce
MA0GCSqGSIb3DQEBCwUAA4IBAQCRkbA5O1rVv70MeMWn1+9Viobhcnlz5XRTNCf5
v6TXyzZptEVzZZbLFM9HSDM6FOzrfuQf4cQYDC5k+qt+iZrQZXf7wULZOWMdICpH
Mqzk91y6LyqQbihL8ZPlphhNcIlUcCiMsnDrIgjNbsGHrYsOu1NZRyfpP3w3pfAt
hlgFP0GMlfZbEhT+Foxe0jeoA43lurl7rXfuDEBQVe8l1+CEkeGFO4l0VEcOL7ks
Usuf7j6Ve3difXFp1H23PxsbN0/+0KtoYlrOSMg59AH5G42dvRlyQKuu+SD9LZl5
u5ORlH2KZF/1ZqzzSPyjtM3ujeRUWlOSQCvdpPBzsyeR033g
-----END CERTIFICATE-----