Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          JlnfqGlHG+yiOPXPRx5Or8DhcbnRFD+osiHTCPqFQo4=
Subject key identifier:   3A:FE:5C:79:33:DA:16:07:C8:DE:4F:87:BF:7C:65:8A:F0:87:D9:08
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2EF38939CCA8505C9F9D6A9B21661DEACA6D52C7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402215.roa
Signing time:             Thu 04 Jun 2026 11:13:09 +0000
ROA not before:           Thu 04 Jun 2026 11:08:09 +0000
ROA not after:            Thu 03 Jun 2027 11:13:09 +0000
asID:                     402215
IP address blocks:        140.233.175.0/24 maxlen: 24
                          143.14.22.0/24 maxlen: 24
                          150.241.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2e:f3:89:39:cc:a8:50:5c:9f:9d:6a:9b:21:66:1d:ea:ca:6d:52:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  4 11:08:09 2026 GMT
            Not After : Jun  3 11:13:09 2027 GMT
        Subject: CN=3AFE5C7933DA1607C8DE4F87BF7C658AF087D908
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a1:eb:54:f1:02:c2:1d:a6:80:2b:70:2d:90:
                    b7:7e:da:05:7f:a9:69:fd:79:88:55:b5:4d:4c:af:
                    a5:f8:36:71:a9:e7:2c:bd:72:98:a2:a8:0c:3f:c3:
                    31:1d:f9:11:0d:94:a6:9a:26:7e:62:88:82:f2:8a:
                    14:6a:7c:43:4d:fb:19:05:e1:8d:1b:fe:6d:b1:e0:
                    59:93:4a:15:3e:1c:83:83:f2:c4:2a:a5:93:46:52:
                    d9:a5:60:e9:7e:5b:65:bf:33:fd:f2:f1:00:b8:38:
                    7c:94:66:d5:5b:27:8c:7a:bd:58:64:ef:d8:2e:a2:
                    36:73:22:86:4d:5e:4b:19:d7:51:65:6b:d2:ff:7d:
                    3a:34:e7:a4:56:9b:ac:cf:9f:e9:94:2d:d3:17:9d:
                    7e:11:a0:99:7d:c0:a7:1f:e7:83:fd:42:60:a2:90:
                    42:3c:84:6b:4e:b7:8c:2d:b6:42:53:8d:35:a0:37:
                    af:d4:cb:64:c7:dc:b1:5d:12:7d:6a:44:e5:b5:4a:
                    57:8e:0f:9e:4d:45:d2:07:57:c9:64:96:6d:33:41:
                    89:29:e1:74:8a:18:9b:8b:42:15:de:c1:93:ec:43:
                    94:a9:c9:52:4e:9e:97:b0:5f:94:16:8a:15:6b:63:
                    53:25:f0:64:05:11:96:97:44:c4:36:5a:3a:15:fc:
                    63:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FE:5C:79:33:DA:16:07:C8:DE:4F:87:BF:7C:65:8A:F0:87:D9:08
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.175.0/24
                  143.14.22.0/24
                  150.241.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:4d:4d:ba:4b:73:e0:b6:36:01:f2:f8:2d:ac:2a:57:77:10:
         99:30:ac:a0:71:64:c0:c5:b9:80:bf:26:b4:f4:1f:6a:f8:cd:
         72:bc:13:e6:a4:32:75:98:f4:d6:67:35:f3:8d:cd:e7:7c:7a:
         fb:74:a9:5c:4d:63:5d:37:6e:50:82:ac:f6:88:04:b8:05:14:
         84:1a:10:ef:8f:b0:29:69:60:a3:86:6a:7c:14:d0:a6:6c:0a:
         ba:51:44:5d:c8:f9:65:c0:20:00:62:0f:4e:c8:af:93:99:7e:
         7c:c5:9d:7d:95:37:5f:e8:b3:d8:e2:13:96:c3:82:de:06:cb:
         fd:c3:1e:a1:2c:b8:91:8f:c2:76:bb:1a:ce:48:d4:e0:13:28:
         11:90:84:d4:5b:8d:98:89:dd:47:53:5d:45:6b:3d:d8:e7:2f:
         ee:a1:55:ab:f3:75:1e:cb:ad:89:89:bd:23:81:ff:3f:49:f7:
         ab:89:0f:9c:78:1c:28:ba:8c:64:ab:c4:e8:80:76:c9:67:85:
         b5:fa:d1:85:4a:77:85:f1:e0:5b:7b:fa:0f:7a:ef:47:d8:8e:
         bd:9e:c6:58:39:a3:d5:fc:2e:41:72:d2:80:9f:5c:f8:be:f9:
         16:07:16:7b:72:70:02:3d:83:39:81:81:83:f2:79:6b:e1:78:
         c9:22:2e:fc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIULvOJOcyoUFyfnWqbIWYd6sptUscwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDQxMTA4MDlaFw0yNzA2MDMxMTEzMDlaMDMxMTAvBgNV
BAMTKDNBRkU1Qzc5MzNEQTE2MDdDOERFNEY4N0JGN0M2NThBRjA4N0Q5MDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9oetU8QLCHaaAK3AtkLd+2gV/
qWn9eYhVtU1Mr6X4NnGp5yy9cpiiqAw/wzEd+RENlKaaJn5iiILyihRqfENN+xkF
4Y0b/m2x4FmTShU+HIOD8sQqpZNGUtmlYOl+W2W/M/3y8QC4OHyUZtVbJ4x6vVhk
79guojZzIoZNXksZ11Fla9L/fTo056RWm6zPn+mULdMXnX4RoJl9wKcf54P9QmCi
kEI8hGtOt4wttkJTjTWgN6/Uy2TH3LFdEn1qROW1SleOD55NRdIHV8lklm0zQYkp
4XSKGJuLQhXewZPsQ5SpyVJOnpewX5QWihVrY1Ml8GQFEZaXRMQ2WjoV/GPhAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUOv5ceTPaFgfI3k+Hv3xlivCH2QgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjOmv
AwQAjw4WAwQAlvH9MA0GCSqGSIb3DQEBCwUAA4IBAQAbTU26S3PgtjYB8vgtrCpX
dxCZMKygcWTAxbmAvya09B9q+M1yvBPmpDJ1mPTWZzXzjc3nfHr7dKlcTWNdN25Q
gqz2iAS4BRSEGhDvj7ApaWCjhmp8FNCmbAq6UURdyPllwCAAYg9OyK+TmX58xZ19
lTdf6LPY4hOWw4LeBsv9wx6hLLiRj8J2uxrOSNTgEygRkITUW42Yid1HU11Faz3Y
5y/uoVWr83Uey62Jib0jgf8/SferiQ+ceBwouoxkq8TogHbJZ4W1+tGFSneF8eBb
e/oPeu9H2I69nsZYOaPV/C5BctKAn1z4vvkWBxZ7cnACPYM5gYGD8nlr4XjJIi78
-----END CERTIFICATE-----