Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          NJSAEzC4UThA3h4mwAlPIKBzvUnXhbmTO6s+w9msMjA=
Subject key identifier:   E4:E0:D7:5C:95:B8:8B:30:4E:5D:CE:0F:BB:8F:77:C3:3E:E7:24:15
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       6344439FB599C412974833568F7551FA4C31886B
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS401776.roa
Signing time:             Tue 28 Oct 2025 09:06:54 +0000
ROA not before:           Tue 28 Oct 2025 09:01:54 +0000
ROA not after:            Tue 27 Oct 2026 09:06:54 +0000
asID:                     401776
IP address blocks:        46.236.223.0/24 maxlen: 24
                          82.139.233.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:44:43:9f:b5:99:c4:12:97:48:33:56:8f:75:51:fa:4c:31:88:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Oct 28 09:01:54 2025 GMT
            Not After : Oct 27 09:06:54 2026 GMT
        Subject: CN=E4E0D75C95B88B304E5DCE0FBB8F77C33EE72415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:f3:64:5b:92:51:31:50:3d:c7:18:d4:b1:a2:
                    b2:a3:3e:5b:32:f5:d2:60:6d:bf:cf:68:62:1d:9c:
                    5b:71:2b:c8:64:ea:ca:fc:f8:09:01:ad:bc:28:5d:
                    40:47:26:1d:2b:56:b4:e9:8e:30:60:20:45:e0:43:
                    42:3c:2b:01:2b:4f:7e:87:5f:2a:78:9d:09:b7:22:
                    49:36:16:70:f1:7c:2c:9b:0f:cd:d7:20:af:b1:c1:
                    80:73:4e:dc:fb:99:1e:22:5f:8e:56:28:f7:99:eb:
                    c4:35:7e:c1:e8:f6:eb:8c:42:ad:d3:81:f9:e8:67:
                    a9:ad:39:86:68:2f:c6:44:5f:f0:88:57:cc:38:2e:
                    a5:0a:03:f0:3d:77:96:93:fc:c5:c0:e6:aa:62:0d:
                    2d:e0:2a:af:8a:76:f6:57:2b:3c:42:a7:27:e7:8d:
                    46:fe:7d:db:fd:67:7c:a8:01:d2:28:51:ab:12:a9:
                    96:46:bb:2c:e3:9c:34:e2:11:75:01:7f:6f:99:cd:
                    44:38:3f:9c:70:5e:be:a1:d2:c3:23:b4:79:1b:69:
                    56:09:25:51:19:4d:4e:55:1e:fc:f3:19:66:f2:5d:
                    59:b2:af:22:98:63:e1:b3:cb:6b:c6:22:ec:84:0b:
                    46:bd:ae:29:f5:19:19:ad:27:5d:69:ec:18:9f:c2:
                    1e:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:E0:D7:5C:95:B8:8B:30:4E:5D:CE:0F:BB:8F:77:C3:3E:E7:24:15
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.223.0/24
                  82.139.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:a4:af:f7:9f:fe:09:f3:cf:8a:d2:3c:7f:dd:97:e4:d3:bb:
         3d:74:dc:b9:35:1a:bb:0a:bb:88:51:d7:e2:44:bb:8a:b0:94:
         29:df:ea:09:da:e4:dc:24:c3:6d:37:0e:09:4b:79:58:76:f3:
         e3:01:3e:1b:0c:18:9c:ce:6d:b2:f7:d1:b1:9d:4d:2e:60:86:
         01:9e:64:36:46:12:da:70:6e:56:35:1a:a5:e6:22:67:89:04:
         ef:85:ac:7f:a1:18:9a:8d:ce:53:9c:41:6b:48:af:45:10:ec:
         68:cf:1e:54:71:57:2f:3a:7b:19:00:7d:38:be:54:07:cf:8b:
         8c:b2:5c:f9:32:60:8c:64:e7:05:10:c0:de:42:11:f8:54:2d:
         aa:da:ec:e9:f8:ed:b3:56:0a:66:86:d7:94:77:16:5b:36:d2:
         84:d3:c8:02:14:43:24:f9:3f:a7:82:22:74:15:df:0e:e6:db:
         ea:0e:b8:cf:89:69:68:70:6a:b0:d3:eb:5c:41:ed:b2:84:aa:
         3b:ee:a1:ff:14:76:cc:41:a0:b8:fe:d9:68:db:02:34:a4:92:
         f5:87:94:8e:48:aa:df:a0:ac:23:1a:d2:68:2b:18:1b:0e:66:
         0e:9f:d2:57:00:d9:d0:dd:69:8e:82:dd:82:10:c1:2d:20:d8:
         87:a6:9b:d1
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUY0RDn7WZxBKXSDNWj3VR+kwxiGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTEwMjgwOTAxNTRaFw0yNjEwMjcwOTA2NTRaMDMxMTAvBgNV
BAMTKEU0RTBENzVDOTVCODhCMzA0RTVEQ0UwRkJCOEY3N0MzM0VFNzI0MTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO82RbklExUD3HGNSxorKjPlsy
9dJgbb/PaGIdnFtxK8hk6sr8+AkBrbwoXUBHJh0rVrTpjjBgIEXgQ0I8KwErT36H
Xyp4nQm3Ikk2FnDxfCybD83XIK+xwYBzTtz7mR4iX45WKPeZ68Q1fsHo9uuMQq3T
gfnoZ6mtOYZoL8ZEX/CIV8w4LqUKA/A9d5aT/MXA5qpiDS3gKq+KdvZXKzxCpyfn
jUb+fdv9Z3yoAdIoUasSqZZGuyzjnDTiEXUBf2+ZzUQ4P5xwXr6h0sMjtHkbaVYJ
JVEZTU5VHvzzGWbyXVmyryKYY+Gzy2vGIuyEC0a9rin1GRmtJ11p7Bifwh6RAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU5ODXXJW4izBOXc4Pu493wz7nJBUwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALuzf
AwQAUovpMA0GCSqGSIb3DQEBCwUAA4IBAQAopK/3n/4J88+K0jx/3Zfk07s9dNy5
NRq7CruIUdfiRLuKsJQp3+oJ2uTcJMNtNw4JS3lYdvPjAT4bDBiczm2y99GxnU0u
YIYBnmQ2RhLacG5WNRql5iJniQTvhax/oRiajc5TnEFrSK9FEOxozx5UcVcvOnsZ
AH04vlQHz4uMslz5MmCMZOcFEMDeQhH4VC2q2uzp+O2zVgpmhteUdxZbNtKE08gC
FEMk+T+ngiJ0Fd8O5tvqDrjPiWlocGqw0+tcQe2yhKo77qH/FHbMQaC4/tlo2wI0
pJL1h5SOSKrfoKwjGtJoKxgbDmYOn9JXANnQ3WmOgt2CEMEtINiHppvR
-----END CERTIFICATE-----