Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
File:                     AS984.roa (raw, json)
Hash identifier:          k8ac/rjdeSSOV/07E1OiWkTLWSQx5za4E7988ZyZsp8=
Subject key identifier:   06:F6:87:2C:D2:E6:FF:D3:3B:C4:5F:35:43:F5:07:D4:F9:7C:7F:77
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       39DE804C876C7191D85438F84E739D4DB5D9E54D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
Signing time:             Tue 17 Feb 2026 02:27:44 +0000
ROA not before:           Tue 17 Feb 2026 02:22:44 +0000
ROA not after:            Tue 16 Feb 2027 02:27:44 +0000
asID:                     984
IP address blocks:        140.150.152.0/24 maxlen: 24
                          162.141.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:de:80:4c:87:6c:71:91:d8:54:38:f8:4e:73:9d:4d:b5:d9:e5:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Feb 17 02:22:44 2026 GMT
            Not After : Feb 16 02:27:44 2027 GMT
        Subject: CN=06F6872CD2E6FFD33BC45F3543F507D4F97C7F77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:bd:52:67:df:22:13:9d:0f:f8:ee:c7:40:2b:
                    8e:c3:a2:95:59:85:33:6c:7f:5e:90:9c:24:39:23:
                    d6:ec:ec:0f:9d:8d:0e:4a:0c:71:f3:33:5e:d3:c5:
                    cc:b6:51:25:c5:f3:36:ef:63:0c:2b:b6:d2:84:72:
                    29:15:8b:31:86:54:34:58:6d:c1:5d:a8:3f:af:c4:
                    7f:f1:ec:f1:49:fa:bb:72:87:b4:c6:0b:73:8c:e0:
                    e6:da:1f:a3:2c:f3:fe:87:fe:3f:00:58:39:82:74:
                    44:ed:54:60:69:67:72:50:22:3d:0e:6e:63:75:65:
                    16:72:9b:1e:62:d1:ee:76:86:5d:bc:37:e8:4c:7f:
                    86:a9:26:34:f5:29:31:d4:b1:60:44:9c:9e:a9:1c:
                    13:35:7a:73:c1:dc:86:24:1a:6a:df:a7:ac:70:2a:
                    8a:3f:0a:c0:4d:b1:4f:9e:75:0b:68:a7:b8:47:52:
                    52:bc:1e:8f:7e:5a:3f:24:a5:1d:6a:1d:75:e5:b0:
                    b5:bc:85:8f:8b:b6:fa:5a:28:36:69:79:91:3c:ea:
                    64:b3:23:ab:ae:05:40:d8:f1:56:a3:92:3a:ef:f0:
                    56:a4:7b:7a:cc:ff:44:82:d9:f5:24:0a:8d:d7:a8:
                    a1:37:b6:f6:94:ad:32:25:10:ea:93:d0:af:72:a2:
                    00:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:F6:87:2C:D2:E6:FF:D3:3B:C4:5F:35:43:F5:07:D4:F9:7C:7F:77
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.152.0/24
                  162.141.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:7f:b7:21:e6:b1:82:e8:07:8c:0a:5b:99:42:2c:f4:d5:bb:
         7a:a4:bc:c0:d8:9e:03:20:5d:89:dc:79:19:ca:9f:15:cf:54:
         97:eb:70:ce:3d:4f:97:00:96:56:0b:e7:2b:c3:6c:8e:ce:44:
         ac:d8:08:c1:c3:6f:7f:05:bc:41:76:bf:39:de:1a:57:a5:71:
         48:be:8a:2d:4b:a8:7b:d3:42:36:93:3e:f8:69:54:9e:c7:3d:
         86:18:63:69:67:95:b3:27:4e:a4:9a:23:37:f3:a8:1c:a1:10:
         d7:d5:da:f0:a1:a8:cb:73:8d:2f:a3:c3:fc:1d:01:aa:12:32:
         ce:0a:8b:33:6f:32:ad:70:7e:c2:b5:65:a9:95:15:dd:b3:2c:
         83:67:08:de:24:b6:c7:df:71:51:a2:08:cc:f5:28:b6:84:62:
         cc:69:a6:24:45:58:49:85:40:c0:98:eb:10:1a:fd:61:43:26:
         2a:c1:c4:af:8f:11:7f:be:45:eb:86:dc:ba:89:ff:05:b0:0b:
         64:e6:1d:d3:f6:d7:65:f0:c8:7d:50:32:76:ea:16:52:b1:97:
         b8:cf:69:79:f3:f7:ff:7e:3b:a4:ff:a6:46:e6:4c:d7:2a:62:
         ae:b3:26:bc:b0:e1:98:6e:7c:68:11:eb:e5:df:08:a1:4a:af:
         0b:e3:8a:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUOd6ATIdscZHYVDj4TnOdTbXZ5U0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAyMTcwMjIyNDRaFw0yNzAyMTYwMjI3NDRaMDMxMTAvBgNV
BAMTKDA2RjY4NzJDRDJFNkZGRDMzQkM0NUYzNTQzRjUwN0Q0Rjk3QzdGNzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrvVJn3yITnQ/47sdAK47DopVZ
hTNsf16QnCQ5I9bs7A+djQ5KDHHzM17Txcy2USXF8zbvYwwrttKEcikVizGGVDRY
bcFdqD+vxH/x7PFJ+rtyh7TGC3OM4ObaH6Ms8/6H/j8AWDmCdETtVGBpZ3JQIj0O
bmN1ZRZymx5i0e52hl28N+hMf4apJjT1KTHUsWBEnJ6pHBM1enPB3IYkGmrfp6xw
Koo/CsBNsU+edQtop7hHUlK8Ho9+Wj8kpR1qHXXlsLW8hY+LtvpaKDZpeZE86mSz
I6uuBUDY8Vajkjrv8Fake3rM/0SC2fUkCo3XqKE3tvaUrTIlEOqT0K9yogAlAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUBvaHLNLm/9M7xF81Q/UH1Pl8f3cwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTg0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjJaYAwQA
oo1gMA0GCSqGSIb3DQEBCwUAA4IBAQC8f7ch5rGC6AeMCluZQiz01bt6pLzA2J4D
IF2J3HkZyp8Vz1SX63DOPU+XAJZWC+crw2yOzkSs2AjBw29/BbxBdr853hpXpXFI
vootS6h700I2kz74aVSexz2GGGNpZ5WzJ06kmiM386gcoRDX1drwoajLc40vo8P8
HQGqEjLOCoszbzKtcH7CtWWplRXdsyyDZwjeJLbH33FRogjM9Si2hGLMaaYkRVhJ
hUDAmOsQGv1hQyYqwcSvjxF/vkXrhty6if8FsAtk5h3T9tdl8Mh9UDJ26hZSsZe4
z2l58/f/fjuk/6ZG5kzXKmKusya8sOGYbnxoEevl3wihSq8L44o5
-----END CERTIFICATE-----