Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402047.roa
File:                     AS402047.roa (raw, json)
Hash identifier:          kDpEc/Mv6MVbpX0TtNEUs1x0Fql1p3DOMvkh2qSS8pw=
Subject key identifier:   72:A0:65:FB:D6:80:67:C1:1B:D6:30:9E:66:AB:9B:91:EF:E3:71:F4
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       37F98F56DF9E63D9D9CEC5CD088376DEC173A4
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402047.roa
Signing time:             Fri 27 Mar 2026 09:13:11 +0000
ROA not before:           Fri 27 Mar 2026 09:08:11 +0000
ROA not after:            Fri 26 Mar 2027 09:13:11 +0000
asID:                     402047
IP address blocks:        212.60.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 03:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            37:f9:8f:56:df:9e:63:d9:d9:ce:c5:cd:08:83:76:de:c1:73:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Mar 27 09:08:11 2026 GMT
            Not After : Mar 26 09:13:11 2027 GMT
        Subject: CN=72A065FBD68067C11BD6309E66AB9B91EFE371F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:18:cc:24:ab:c7:42:4c:a6:1e:f4:aa:44:64:
                    67:f9:a3:4b:dd:52:60:f1:b6:7a:36:ce:e5:89:e9:
                    4b:00:95:8d:e3:79:0a:91:d5:25:75:29:48:de:07:
                    05:09:4a:9c:aa:54:db:22:52:67:e6:38:e6:74:fc:
                    21:83:52:d6:a9:7e:52:0a:8d:2e:77:3b:ef:ae:b9:
                    e1:9f:b4:21:d4:7d:cd:1f:b6:24:34:e2:6d:b7:69:
                    3f:8c:ff:d7:3b:c3:3c:c1:0d:76:c2:9c:81:a4:9f:
                    a7:10:39:f9:1f:23:62:20:66:da:e1:23:0a:aa:2b:
                    96:d8:c0:6b:13:ee:71:51:e1:37:63:56:b1:be:77:
                    a1:c9:c8:2c:90:38:a7:fb:ac:b4:a8:e4:c2:4a:86:
                    55:e0:1b:e2:9c:99:14:12:31:c8:f3:4e:50:37:a0:
                    61:bf:39:bb:c1:51:22:bf:0e:34:0e:00:21:57:8c:
                    50:23:ac:2d:eb:82:b4:3f:05:a7:2a:c1:7c:43:19:
                    72:23:38:5c:60:bf:2b:df:50:c3:1c:1e:97:8a:c5:
                    3b:b8:0d:c1:a4:f0:f2:78:ca:99:cd:58:35:15:8f:
                    36:79:14:46:cc:d0:2a:d5:63:7e:43:75:a9:45:50:
                    0a:56:69:b5:00:c7:93:0a:85:08:6f:66:1e:f4:ad:
                    f4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:A0:65:FB:D6:80:67:C1:1B:D6:30:9E:66:AB:9B:91:EF:E3:71:F4
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402047.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:96:46:78:2a:16:5b:5a:e3:22:18:98:98:0d:ca:3e:23:fc:
         ba:f8:b3:02:f2:e0:67:6f:cf:23:17:4a:7b:10:55:c5:73:af:
         29:6f:70:02:5a:1d:ce:ef:fd:f0:9c:05:81:c6:5c:25:1d:d4:
         1c:f2:9a:63:a8:98:81:09:b5:80:38:b2:8b:67:d0:dd:d9:a3:
         4f:d4:00:35:60:1a:a1:e6:29:3d:75:d6:dd:b7:a3:ea:87:48:
         2d:8b:7e:09:a6:3a:74:64:20:d2:56:44:ea:93:5a:11:78:42:
         c0:1b:a6:03:81:64:1b:8f:cc:cc:6f:f2:2e:07:a2:ee:3f:f8:
         7b:06:24:84:44:1d:ef:ab:d8:bd:dd:20:d3:ca:24:c2:64:63:
         96:f9:09:bc:6d:04:74:d2:93:9c:b7:8e:0d:2c:f7:8a:37:7e:
         c1:06:97:f8:f9:53:a2:d8:6b:04:1f:93:4c:e4:5a:b1:c3:aa:
         80:73:58:9b:49:6e:03:de:41:e5:51:ca:3f:68:21:e1:c6:fa:
         b1:c4:51:9c:cc:51:5f:23:90:2f:fa:7d:29:e4:d0:9d:9b:7a:
         61:e6:d9:f5:b2:4e:d0:50:b3:08:de:b7:d7:9a:4c:e9:b7:18:
         a4:50:02:30:c1:f9:0b:fd:d8:99:54:b8:00:b7:43:6a:03:03:
         71:08:2a:68
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgITN/mPVt+eY9nZzsXNCIN23sFzpDANBgkqhkiG9w0BAQsF
ADAzMTEwLwYDVQQDEygzZmVjY2IxN2JlNTFlZTU5ZWM3NGQ2NGVlZDkxN2UyMjFl
ZTI4YTFiMB4XDTI2MDMyNzA5MDgxMVoXDTI3MDMyNjA5MTMxMVowMzExMC8GA1UE
AxMoNzJBMDY1RkJENjgwNjdDMTFCRDYzMDlFNjZBQjlCOTFFRkUzNzFGNDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM0YzCSrx0JMph70qkRkZ/mjS91S
YPG2ejbO5YnpSwCVjeN5CpHVJXUpSN4HBQlKnKpU2yJSZ+Y45nT8IYNS1ql+UgqN
Lnc776654Z+0IdR9zR+2JDTibbdpP4z/1zvDPMENdsKcgaSfpxA5+R8jYiBm2uEj
CqorltjAaxPucVHhN2NWsb53ocnILJA4p/ustKjkwkqGVeAb4pyZFBIxyPNOUDeg
Yb85u8FRIr8ONA4AIVeMUCOsLeuCtD8FpyrBfEMZciM4XGC/K99Qwxwel4rFO7gN
waTw8njKmc1YNRWPNnkURszQKtVjfkN1qUVQClZptQDHkwqFCG9mHvSt9HMCAwEA
AaOCAgowggIGMB0GA1UdDgQWBBRyoGX71oBnwRvWMJ5mq5uR7+Nx9DAfBgNVHSME
GDAWgBQ/7MsXvlHuWex01k7tkX4iHuKKGzAOBgNVHQ8BAf8EBAMCB4AwgZUGA1Ud
HwSBjTCBijCBh6CBhKCBgYZ/cnN5bmM6Ly9yc3luYy5wYWFzLnJwa2kucmlwZS5u
ZXQvcmVwb3NpdG9yeS8yMmRiNzU1NS05YWE0LTQ5ODMtOTMxNi03MzgwOWRkMzU0
YmMvMC8zRkVDQ0IxN0JFNTFFRTU5RUM3NEQ2NEVFRDkxN0UyMjFFRTI4QTFCLmNy
bDBkBggrBgEFBQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvUC16TEY3NVI3bG5zZE5aTzdaRi1JaDdp
aWhzLmNlcjB7BggrBgEFBQcBCwRvMG0wawYIKwYBBQUHMAuGX3JzeW5jOi8vcnN5
bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00
OTgzLTkzMTYtNzM4MDlkZDM1NGJjLzAvQVM0MDIwNDcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADUPJIw
DQYJKoZIhvcNAQELBQADggEBAGmWRngqFlta4yIYmJgNyj4j/Lr4swLy4GdvzyMX
SnsQVcVzrylvcAJaHc7v/fCcBYHGXCUd1BzymmOomIEJtYA4sotn0N3Zo0/UADVg
GqHmKT111t23o+qHSC2LfgmmOnRkINJWROqTWhF4QsAbpgOBZBuPzMxv8i4Hou4/
+HsGJIREHe+r2L3dINPKJMJkY5b5CbxtBHTSk5y3jg0s94o3fsEGl/j5U6LYawQf
k0zkWrHDqoBzWJtJbgPeQeVRyj9oIeHG+rHEUZzMUV8jkC/6fSnk0J2bemHm2fWy
TtBQswjet9eaTOm3GKRQAjDB+Qv92JlUuAC3Q2oDA3EIKmg=
-----END CERTIFICATE-----