Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402507.roa
File:                     AS402507.roa (raw, json)
Hash identifier:          CU2JpXmQ4iNw16PFYI51/7iXMNPkpQ5XX38tE9Oi3Uo=
Subject key identifier:   CC:19:33:8B:6E:29:62:24:4A:41:47:08:8E:55:21:51:A8:F9:6C:58
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4B53DAD0734D0A73FB739D825956D352D87D81BA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402507.roa
Signing time:             Sat 06 Jun 2026 15:35:56 +0000
ROA not before:           Sat 06 Jun 2026 15:30:56 +0000
ROA not after:            Sat 05 Jun 2027 15:35:56 +0000
asID:                     402507
IP address blocks:        143.14.209.0/24 maxlen: 24
                          155.117.222.0/24 maxlen: 24
                          167.148.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:53:da:d0:73:4d:0a:73:fb:73:9d:82:59:56:d3:52:d8:7d:81:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  6 15:30:56 2026 GMT
            Not After : Jun  5 15:35:56 2027 GMT
        Subject: CN=CC19338B6E2962244A4147088E552151A8F96C58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:2a:d0:0d:27:57:b2:fd:3e:ec:09:a0:f0:cc:
                    c4:84:a7:e0:13:d2:05:a3:93:45:b2:9f:96:e3:d7:
                    ed:6c:99:74:e0:75:22:08:4c:81:63:a9:c7:f3:b4:
                    4a:d5:35:e9:df:e4:b4:f8:eb:2c:56:56:90:15:60:
                    2c:b2:8f:b0:f5:9d:b0:62:93:4c:7e:30:6c:fe:d3:
                    8a:4d:bd:b7:2a:7f:1f:1c:41:77:fc:1f:82:fe:47:
                    fe:28:5f:c6:60:31:88:f7:e6:7c:6a:20:04:96:5b:
                    a2:2d:2f:33:71:a4:57:fd:e5:d1:60:67:3d:cf:41:
                    ef:48:34:ae:2c:ff:d1:ee:17:46:0f:2d:15:15:71:
                    fb:50:63:a7:ba:62:6b:35:73:35:24:0d:70:db:d8:
                    76:94:76:3f:23:cc:64:09:b4:8d:ec:cb:09:4e:67:
                    59:33:f4:6c:7b:70:ef:70:cb:b5:b1:f1:e9:9f:55:
                    79:10:e8:0a:4b:77:20:2f:2c:d3:68:b6:25:f1:c3:
                    37:f6:cb:09:fc:91:84:91:51:01:95:0a:36:1f:dd:
                    db:c3:9b:f9:4f:15:c3:75:ea:28:18:e0:5d:25:95:
                    22:df:e9:b1:c8:96:4f:5a:91:77:7b:81:29:7a:ef:
                    31:61:ab:a5:af:06:0c:e8:c8:5f:81:ca:dc:54:25:
                    61:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:19:33:8B:6E:29:62:24:4A:41:47:08:8E:55:21:51:A8:F9:6C:58
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402507.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.209.0/24
                  155.117.222.0/24
                  167.148.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:99:de:7f:41:b9:6f:e0:e2:90:44:ac:38:ce:18:12:bf:39:
         71:64:a5:bd:5f:03:f1:63:fd:36:91:88:c7:34:c5:2e:9f:ab:
         1e:f7:83:83:94:e5:9b:f9:5c:8d:d2:12:11:84:ed:9f:f2:9b:
         5d:19:d2:36:db:b9:d6:fd:bb:48:12:01:41:cb:9e:d0:e0:28:
         6b:7e:e6:c6:81:39:f9:30:7b:91:e4:ca:0c:b4:52:cc:72:29:
         00:8b:eb:ab:16:e2:9b:b8:a9:a7:f7:ca:ea:94:ad:50:15:57:
         15:8b:5b:0d:03:5f:cd:c4:c0:4b:5f:a3:30:44:27:e3:58:b8:
         f6:82:55:e6:15:a5:ed:c0:db:bf:90:4f:2b:46:81:3c:9b:6f:
         d7:a8:7c:39:22:d0:10:5f:e1:b4:e4:62:fc:8e:18:1c:62:f5:
         de:1b:de:7d:8d:40:26:f1:e6:80:ad:f6:c6:db:e2:e5:08:83:
         c8:37:8f:27:75:6d:3d:41:b5:01:8b:43:ff:4a:97:27:b6:4a:
         ea:f4:56:a7:7d:6d:f9:70:64:19:f8:fa:20:bb:58:e7:df:00:
         24:bf:55:77:1f:9d:53:62:0f:6b:18:9e:55:7d:1d:4c:21:e3:
         c3:4c:75:d4:79:b6:fe:39:8d:0b:39:00:2f:dd:9a:25:07:03:
         30:7e:d0:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUS1Pa0HNNCnP7c52CWVbTUth9gbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDYxNTMwNTZaFw0yNzA2MDUxNTM1NTZaMDMxMTAvBgNV
BAMTKENDMTkzMzhCNkUyOTYyMjQ0QTQxNDcwODhFNTUyMTUxQThGOTZDNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSKtANJ1ey/T7sCaDwzMSEp+AT
0gWjk0Wyn5bj1+1smXTgdSIITIFjqcfztErVNenf5LT46yxWVpAVYCyyj7D1nbBi
k0x+MGz+04pNvbcqfx8cQXf8H4L+R/4oX8ZgMYj35nxqIASWW6ItLzNxpFf95dFg
Zz3PQe9INK4s/9HuF0YPLRUVcftQY6e6Yms1czUkDXDb2HaUdj8jzGQJtI3sywlO
Z1kz9Gx7cO9wy7Wx8emfVXkQ6ApLdyAvLNNotiXxwzf2ywn8kYSRUQGVCjYf3dvD
m/lPFcN16igY4F0llSLf6bHIlk9akXd7gSl67zFhq6WvBgzoyF+BytxUJWFBAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUzBkzi24pYiRKQUcIjlUhUaj5bFgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyNTA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw7R
AwQAm3XeAwQAp5TXMA0GCSqGSIb3DQEBCwUAA4IBAQC7md5/Qblv4OKQRKw4zhgS
vzlxZKW9XwPxY/02kYjHNMUun6se94ODlOWb+VyN0hIRhO2f8ptdGdI227nW/btI
EgFBy57Q4ChrfubGgTn5MHuR5MoMtFLMcikAi+urFuKbuKmn98rqlK1QFVcVi1sN
A1/NxMBLX6MwRCfjWLj2glXmFaXtwNu/kE8rRoE8m2/XqHw5ItAQX+G05GL8jhgc
YvXeG959jUAm8eaArfbG2+LlCIPIN48ndW09QbUBi0P/Spcntkrq9FanfW35cGQZ
+Pogu1jn3wAkv1V3H51TYg9rGJ5VfR1MIePDTHXUebb+OY0LOQAv3ZolBwMwftA5
-----END CERTIFICATE-----