Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
File:                     AS396362.roa (raw, json)
Hash identifier:          NYcbw3wvsZMPxH4opuHYEAdey1gmfxqWRfyLYeZQUuc=
Subject key identifier:   F4:C0:68:E7:5A:1B:FD:7C:82:28:98:5B:23:92:2C:B4:0F:88:38:DD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7641EF5C1FC1B5EB272608A498AE5272F8D54F92
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa
Signing time:             Tue 10 Feb 2026 10:48:30 +0000
ROA not before:           Tue 10 Feb 2026 10:43:30 +0000
ROA not after:            Tue 09 Feb 2027 10:48:30 +0000
asID:                     396362
IP address blocks:        2.57.20.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:41:ef:5c:1f:c1:b5:eb:27:26:08:a4:98:ae:52:72:f8:d5:4f:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 10 10:43:30 2026 GMT
            Not After : Feb  9 10:48:30 2027 GMT
        Subject: CN=F4C068E75A1BFD7C8228985B23922CB40F8838DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d0:10:f2:e9:ad:70:45:74:e2:a0:ba:84:79:
                    c1:11:e2:70:b0:af:a4:02:23:a2:ae:77:d5:03:aa:
                    fa:65:db:71:e7:a5:e4:7e:b8:66:56:a4:45:60:7d:
                    57:65:d8:da:30:cc:78:62:65:bd:66:2c:94:77:ed:
                    5b:0b:0b:d5:06:5e:03:8a:02:40:cb:86:fe:9c:0f:
                    9e:60:4e:2d:2d:57:87:90:14:2f:c0:4c:01:99:44:
                    ca:5a:11:45:ae:44:42:75:23:09:27:3f:a3:b5:d1:
                    6f:0d:47:5d:41:5c:2a:70:95:e9:d2:a1:5d:5a:21:
                    e0:43:31:cf:68:7d:4b:c1:74:ae:a3:56:01:fb:d7:
                    a8:d2:50:f7:9e:5e:fa:1a:2e:62:21:61:b7:fc:f0:
                    9e:2f:33:ae:22:0c:73:bc:d1:7a:c5:0e:e7:03:a2:
                    c6:ad:35:a4:1c:df:be:69:10:6e:ee:a5:3c:79:b0:
                    95:44:b2:08:9a:a2:8c:ce:da:b4:8c:70:8e:73:6a:
                    77:7b:ba:44:7a:80:3e:ed:ee:cb:db:9a:d1:85:3f:
                    d7:73:b6:a9:48:f5:f7:a1:2b:df:29:89:03:e5:3c:
                    16:f1:45:e8:ce:ba:14:4a:c5:c5:81:f1:52:f8:1c:
                    b7:ca:f7:9b:35:57:6f:56:37:a3:fd:d0:4d:db:04:
                    56:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:C0:68:E7:5A:1B:FD:7C:82:28:98:5B:23:92:2C:B4:0F:88:38:DD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS396362.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.57.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:79:e0:77:7f:2c:b2:08:bd:a2:0a:cc:30:14:48:71:c0:70:
         9d:75:41:b8:e2:ec:83:a1:82:3a:84:25:af:75:dd:4a:4c:95:
         ab:88:ca:79:ba:8b:28:39:05:9c:09:7a:a3:d4:1a:72:79:97:
         bd:6c:9e:34:9c:3f:76:90:94:de:cf:0b:b2:99:84:9b:17:e5:
         72:c4:b8:2f:cc:32:f1:cc:87:7d:f0:27:c5:4e:c4:6d:a4:8e:
         ba:c5:4a:c2:8b:1f:62:f9:1b:69:00:33:61:30:f0:4c:23:dc:
         a8:fc:a6:0e:b4:65:77:ac:aa:32:cb:00:c3:9d:dd:eb:a4:0a:
         06:48:65:fa:05:98:9b:40:e8:0b:43:8d:2c:fe:e6:62:ab:36:
         52:e7:47:f4:c7:3e:eb:08:d2:19:3c:6d:d7:40:25:df:4a:6d:
         79:40:e8:13:a9:ac:c8:0b:b1:55:74:a7:88:ca:45:22:d3:46:
         b8:e6:30:7d:c8:bb:f9:a7:99:66:a5:36:5b:f6:3c:81:f8:ab:
         13:39:39:48:f5:cc:31:98:ea:bd:bb:0c:53:07:74:95:51:aa:
         28:1d:6e:d1:aa:bc:b8:45:c1:79:73:fe:af:68:c5:8c:fc:05:
         45:77:3a:57:d4:c8:b5:ce:e3:eb:64:53:17:65:1c:d9:8c:99:
         56:93:46:d8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdkHvXB/BtesnJgikmK5ScvjVT5IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTAxMDQzMzBaFw0yNzAyMDkxMDQ4MzBaMDMxMTAvBgNV
BAMTKEY0QzA2OEU3NUExQkZEN0M4MjI4OTg1QjIzOTIyQ0I0MEY4ODM4REQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV0BDy6a1wRXTioLqEecER4nCw
r6QCI6Kud9UDqvpl23HnpeR+uGZWpEVgfVdl2NowzHhiZb1mLJR37VsLC9UGXgOK
AkDLhv6cD55gTi0tV4eQFC/ATAGZRMpaEUWuREJ1IwknP6O10W8NR11BXCpwlenS
oV1aIeBDMc9ofUvBdK6jVgH716jSUPeeXvoaLmIhYbf88J4vM64iDHO80XrFDucD
osatNaQc375pEG7upTx5sJVEsgiaoozO2rSMcI5zand7ukR6gD7t7svbmtGFP9dz
tqlI9fehK98piQPlPBbxRejOuhRKxcWB8VL4HLfK95s1V29WN6P90E3bBFb/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9MBo51ob/XyCKJhbI5IstA+ION0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk2MzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAjkU
MA0GCSqGSIb3DQEBCwUAA4IBAQByeeB3fyyyCL2iCswwFEhxwHCddUG44uyDoYI6
hCWvdd1KTJWriMp5uosoOQWcCXqj1BpyeZe9bJ40nD92kJTezwuymYSbF+VyxLgv
zDLxzId98CfFTsRtpI66xUrCix9i+RtpADNhMPBMI9yo/KYOtGV3rKoyywDDnd3r
pAoGSGX6BZibQOgLQ40s/uZiqzZS50f0xz7rCNIZPG3XQCXfSm15QOgTqazIC7FV
dKeIykUi00a45jB9yLv5p5lmpTZb9jyB+KsTOTlI9cwxmOq9uwxTB3SVUaooHW7R
qry4RcF5c/6vaMWM/AVFdzpX1Mi1zuPrZFMXZRzZjJlWk0bY
-----END CERTIFICATE-----