Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
File:                     AS984.roa (raw, json)
Hash identifier:          4jxMWclE/gz/5osSOtdCNkalTTDHtkMmYldEc0dbo1Y=
Subject key identifier:   67:44:9D:55:8D:D1:2D:05:60:59:87:0F:0C:A9:90:D9:4A:90:2C:31
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       41ED4E18BF50C91E002199B35069E940C34A9BA2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
Signing time:             Sat 06 Jun 2026 13:12:52 +0000
ROA not before:           Sat 06 Jun 2026 13:07:52 +0000
ROA not after:            Sat 05 Jun 2027 13:12:52 +0000
asID:                     984
IP address blocks:        150.241.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:ed:4e:18:bf:50:c9:1e:00:21:99:b3:50:69:e9:40:c3:4a:9b:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  6 13:07:52 2026 GMT
            Not After : Jun  5 13:12:52 2027 GMT
        Subject: CN=67449D558DD12D056059870F0CA990D94A902C31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5d:62:36:64:84:0a:0b:13:b6:48:da:bc:31:
                    40:71:c8:85:1d:17:5d:b5:d5:54:45:e5:75:9c:87:
                    01:c7:4d:42:21:45:11:fc:30:86:7b:54:b9:6c:6a:
                    00:01:60:3b:d7:ea:7a:f1:a8:8a:31:a8:c8:e6:4d:
                    e0:90:54:38:04:a4:2e:c2:35:2b:b6:a4:90:38:cf:
                    fb:c9:fc:a6:e1:83:74:30:fe:62:4c:0f:48:17:f8:
                    73:a1:8b:d6:34:ac:65:7a:b4:09:44:3e:f9:51:8e:
                    53:8c:64:cb:18:54:cd:7b:94:ce:4f:72:c4:a3:ae:
                    73:3d:41:29:99:87:83:2b:88:67:81:c6:2f:c8:7e:
                    7e:41:a0:bc:18:e1:f3:de:3d:1f:eb:da:42:ab:3a:
                    92:1e:01:01:94:5e:4e:a8:ec:a5:70:ad:da:dd:3d:
                    33:77:74:06:fe:65:07:e8:b5:8e:ce:65:59:50:ed:
                    f9:3f:1d:d7:9a:e5:c9:23:82:86:50:b0:8b:10:21:
                    af:d6:31:df:3b:0e:ca:e9:af:4e:a9:62:58:1e:34:
                    db:70:6f:be:7c:ce:e6:62:f5:ff:27:50:da:b0:5b:
                    a1:cb:db:a7:58:20:5b:cc:88:19:84:79:ca:e6:06:
                    30:1f:e3:38:95:4b:6b:b9:8b:c8:f6:84:d2:04:ad:
                    d0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:44:9D:55:8D:D1:2D:05:60:59:87:0F:0C:A9:90:D9:4A:90:2C:31
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:87:ec:44:6c:fa:7f:0c:5a:7c:d3:24:dc:ee:48:b5:ff:29:
         3b:cf:09:af:fd:f3:a2:a3:a6:b9:8e:07:4c:91:2e:67:2d:04:
         5b:8a:2e:99:69:ce:19:87:74:7b:97:22:c8:92:93:08:f9:6c:
         07:f1:bb:10:f3:7a:af:42:86:19:9e:7f:16:ba:72:ca:78:b1:
         65:5f:9e:1c:7c:f2:7c:49:24:ac:3c:8c:b3:84:39:a9:48:ee:
         4f:03:3e:4f:b0:99:cb:d6:4e:e1:b7:8f:f3:40:db:fe:9d:0d:
         60:62:8c:09:9f:3a:89:cb:4e:e2:3b:ef:39:56:0d:dc:63:7b:
         a4:83:27:ad:ce:5e:1b:66:96:01:03:10:89:39:97:6d:71:4a:
         db:fe:f5:26:f2:da:33:af:3a:68:36:94:1e:19:b0:12:91:49:
         75:53:c7:8c:d3:65:4c:53:c3:62:bc:68:89:8e:02:c2:c7:7f:
         00:c6:94:40:31:0d:e3:65:f2:fb:ef:72:9b:ae:ce:6e:26:39:
         e8:50:38:05:07:8b:d1:34:df:7f:24:e3:8b:6d:1d:ea:73:17:
         9a:9b:ba:ea:0f:82:58:2e:23:e6:ff:2f:51:b3:5d:b9:14:f1:
         3b:9b:1d:d7:19:21:c3:ab:f8:c2:60:45:68:a0:40:f7:0d:5a:
         b7:97:54:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUQe1OGL9QyR4AIZmzUGnpQMNKm6IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDYxMzA3NTJaFw0yNzA2MDUxMzEyNTJaMDMxMTAvBgNV
BAMTKDY3NDQ5RDU1OEREMTJEMDU2MDU5ODcwRjBDQTk5MEQ5NEE5MDJDMzEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoXWI2ZIQKCxO2SNq8MUBxyIUd
F1211VRF5XWchwHHTUIhRRH8MIZ7VLlsagABYDvX6nrxqIoxqMjmTeCQVDgEpC7C
NSu2pJA4z/vJ/Kbhg3Qw/mJMD0gX+HOhi9Y0rGV6tAlEPvlRjlOMZMsYVM17lM5P
csSjrnM9QSmZh4MriGeBxi/Ifn5BoLwY4fPePR/r2kKrOpIeAQGUXk6o7KVwrdrd
PTN3dAb+ZQfotY7OZVlQ7fk/Hdea5ckjgoZQsIsQIa/WMd87Dsrpr06pYlgeNNtw
b758zuZi9f8nUNqwW6HL26dYIFvMiBmEecrmBjAf4ziVS2u5i8j2hNIErdBJAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUZ0SdVY3RLQVgWYcPDKmQ2UqQLDEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTg0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlvHRMA0G
CSqGSIb3DQEBCwUAA4IBAQCLh+xEbPp/DFp80yTc7ki1/yk7zwmv/fOio6a5jgdM
kS5nLQRbii6Zac4Zh3R7lyLIkpMI+WwH8bsQ83qvQoYZnn8WunLKeLFlX54cfPJ8
SSSsPIyzhDmpSO5PAz5PsJnL1k7ht4/zQNv+nQ1gYowJnzqJy07iO+85Vg3cY3uk
gyetzl4bZpYBAxCJOZdtcUrb/vUm8tozrzpoNpQeGbASkUl1U8eM02VMU8NivGiJ
jgLCx38AxpRAMQ3jZfL773Kbrs5uJjnoUDgFB4vRNN9/JOOLbR3qcxeam7rqD4JY
LiPm/y9Rs125FPE7mx3XGSHDq/jCYEVooED3DVq3l1Qj
-----END CERTIFICATE-----