Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          B5lDS4GsThMmdLrdEmEp6iBKG4dPJPEgGA0sbIqh5zo=
Subject key identifier:   35:2D:56:1B:7C:27:DE:7C:DE:AA:EC:C0:A0:8D:2A:61:AA:BA:75:35
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       7524289AFB5EBF4CC4084CF811E849B3116B91CA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa
Signing time:             Thu 05 Feb 2026 14:45:52 +0000
ROA not before:           Thu 05 Feb 2026 14:40:52 +0000
ROA not after:            Thu 04 Feb 2027 14:45:52 +0000
asID:                     397630
IP address blocks:        185.139.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:24:28:9a:fb:5e:bf:4c:c4:08:4c:f8:11:e8:49:b3:11:6b:91:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb  5 14:40:52 2026 GMT
            Not After : Feb  4 14:45:52 2027 GMT
        Subject: CN=352D561B7C27DE7CDEAAECC0A08D2A61AABA7535
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:96:da:a0:6d:7c:b7:9c:09:bc:b7:2f:30:36:
                    b9:27:26:fb:28:64:f1:b4:68:ec:c5:0b:34:df:01:
                    00:97:62:6a:86:a5:cc:84:fc:b3:d4:71:1f:f8:10:
                    38:63:ea:e8:bc:8d:95:62:63:ef:5a:99:7f:6d:16:
                    0a:5d:25:dd:d6:90:6b:76:36:bb:40:64:de:60:fb:
                    d6:6a:0f:46:3b:c1:8b:99:a5:6d:33:0c:f0:43:35:
                    a9:ef:11:1d:5d:58:b4:b2:2c:a8:a2:c8:48:56:ff:
                    93:46:99:2f:aa:23:a4:af:d2:1e:e3:b3:1c:d0:fe:
                    de:eb:76:27:39:dc:9a:bc:ab:4e:bc:74:ad:da:c8:
                    e4:14:1d:a3:8f:7e:bf:18:b8:df:77:bf:d0:d4:3b:
                    d2:a9:29:4b:2b:8f:50:4b:6e:ed:b9:51:ae:57:c3:
                    e4:06:60:4b:f0:6d:3c:54:12:e8:f7:cd:8d:30:24:
                    55:73:70:16:c1:d5:70:89:be:98:a5:b7:8d:e2:e0:
                    13:4e:45:de:6a:12:7c:cd:26:37:52:02:06:df:0b:
                    38:b4:67:23:50:cb:1e:bc:8c:74:cf:ab:7b:fd:31:
                    1f:40:4f:e9:e9:e4:49:fe:db:50:25:af:35:01:04:
                    58:f3:6c:94:eb:29:70:59:c2:69:1d:55:17:a1:6c:
                    8b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:2D:56:1B:7C:27:DE:7C:DE:AA:EC:C0:A0:8D:2A:61:AA:BA:75:35
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:97:d6:6e:46:48:ca:c8:69:ec:d3:50:59:dc:07:e2:15:a0:
         2e:69:d4:d3:0e:7d:c2:0c:ed:11:b0:6c:bd:ca:d3:16:40:20:
         bc:a6:29:68:d3:22:c1:2d:ba:76:44:17:69:a7:7c:e3:74:f0:
         ff:46:30:a3:ec:d6:e0:b0:61:bb:5d:47:1e:08:7d:fe:93:96:
         2d:ff:f6:2b:b8:8c:57:7e:be:bb:18:d9:17:b4:04:0f:25:8b:
         14:aa:a5:d8:66:81:15:12:c7:4c:62:bc:5f:d0:2c:0f:58:7a:
         87:ec:17:d9:89:22:b9:80:ef:ca:fc:f1:20:49:d1:54:3c:b0:
         ea:55:fb:c9:83:5d:d1:fe:45:a9:2f:62:e9:66:86:1d:f9:53:
         d6:3f:22:fb:dc:4b:52:5c:4d:7c:9e:f7:2e:0b:09:a1:99:93:
         13:e4:d2:d5:93:24:dd:be:61:c6:bc:54:05:1b:17:9b:36:55:
         43:62:50:a1:ca:99:4c:38:78:6f:78:0d:98:26:cb:29:59:70:
         c8:ad:07:ea:eb:31:8f:5e:b7:65:c8:3c:a3:62:cb:4e:ac:95:
         c8:66:a7:ff:ab:05:a0:d0:59:6a:eb:2e:ab:3c:2a:f6:66:81:
         de:db:a4:d7:30:4f:9f:b4:c8:21:ea:c2:f1:89:7b:d0:22:0c:
         45:6e:c8:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdSQomvtev0zECEz4EehJsxFrkcowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMDUxNDQwNTJaFw0yNzAyMDQxNDQ1NTJaMDMxMTAvBgNV
BAMTKDM1MkQ1NjFCN0MyN0RFN0NERUFBRUNDMEEwOEQyQTYxQUFCQTc1MzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDultqgbXy3nAm8ty8wNrknJvso
ZPG0aOzFCzTfAQCXYmqGpcyE/LPUcR/4EDhj6ui8jZViY+9amX9tFgpdJd3WkGt2
NrtAZN5g+9ZqD0Y7wYuZpW0zDPBDNanvER1dWLSyLKiiyEhW/5NGmS+qI6Sv0h7j
sxzQ/t7rdic53Jq8q068dK3ayOQUHaOPfr8YuN93v9DUO9KpKUsrj1BLbu25Ua5X
w+QGYEvwbTxUEuj3zY0wJFVzcBbB1XCJvpilt43i4BNORd5qEnzNJjdSAgbfCzi0
ZyNQyx68jHTPq3v9MR9AT+np5En+21AlrzUBBFjzbJTrKXBZwmkdVRehbItDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNS1WG3wn3nzequzAoI0qYaq6dTUwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYvu
MA0GCSqGSIb3DQEBCwUAA4IBAQCXl9ZuRkjKyGns01BZ3AfiFaAuadTTDn3CDO0R
sGy9ytMWQCC8pilo0yLBLbp2RBdpp3zjdPD/RjCj7NbgsGG7XUceCH3+k5Yt//Yr
uIxXfr67GNkXtAQPJYsUqqXYZoEVEsdMYrxf0CwPWHqH7BfZiSK5gO/K/PEgSdFU
PLDqVfvJg13R/kWpL2LpZoYd+VPWPyL73EtSXE18nvcuCwmhmZMT5NLVkyTdvmHG
vFQFGxebNlVDYlChyplMOHhveA2YJsspWXDIrQfq6zGPXrdlyDyjYstOrJXIZqf/
qwWg0Flq6y6rPCr2ZoHe26TXME+ftMgh6sLxiXvQIgxFbsj+
-----END CERTIFICATE-----