Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          oxSKW9pwH4s3YkOHsYWIvJJ6PceI1v5rSAmUzGflAA4=
Subject key identifier:   8E:1F:95:0F:7C:4C:7E:8A:AE:D2:E4:AF:61:14:92:9D:82:DB:0A:80
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       53A9340316EC1F46138B215D614600A07F42D93E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa
Signing time:             Tue 17 Feb 2026 00:56:36 +0000
ROA not before:           Tue 17 Feb 2026 00:51:36 +0000
ROA not after:            Tue 16 Feb 2027 00:56:36 +0000
asID:                     398704
IP address blocks:        191.101.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:a9:34:03:16:ec:1f:46:13:8b:21:5d:61:46:00:a0:7f:42:d9:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 17 00:51:36 2026 GMT
            Not After : Feb 16 00:56:36 2027 GMT
        Subject: CN=8E1F950F7C4C7E8AAED2E4AF6114929D82DB0A80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:41:03:86:5f:ea:50:3d:0d:6d:21:cb:21:10:
                    18:12:d8:08:e4:97:c0:99:4a:5b:21:4a:f5:02:6d:
                    4e:80:70:54:6b:3d:36:9e:34:67:57:46:44:0f:a2:
                    bb:9d:66:fe:86:54:b0:91:67:ee:7e:b4:34:56:c4:
                    16:d7:3c:d3:13:3e:04:b8:ea:c2:51:1b:b7:f5:5c:
                    3c:64:ba:ac:a3:76:61:9f:00:c9:7c:e4:51:f7:8c:
                    4d:91:b0:e2:e0:2e:f9:7a:e6:1f:7b:7b:5c:50:53:
                    e1:e5:eb:52:41:ba:e8:8c:c8:52:9a:25:65:43:f8:
                    df:44:7d:fd:35:68:52:cc:2c:f8:e9:fe:76:02:33:
                    4b:87:48:8a:82:f0:45:09:11:e1:0d:be:a4:c2:a6:
                    31:40:ce:a7:d2:f0:85:6e:49:c3:54:9c:f7:0b:3b:
                    7f:d5:54:b6:91:32:3e:94:e4:bb:8a:f6:a7:06:79:
                    4e:2a:05:f0:ce:48:6b:0e:2e:16:84:a6:03:3c:d7:
                    82:bb:19:90:c8:71:26:79:65:55:64:db:46:05:e8:
                    e9:3d:c2:a2:19:25:00:65:e9:b5:45:9e:9b:82:86:
                    67:49:82:4f:5f:1a:a4:c1:c5:53:6e:58:8f:98:ad:
                    a9:89:d3:7e:d7:dc:12:de:b7:76:e1:68:19:12:c9:
                    f2:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:1F:95:0F:7C:4C:7E:8A:AE:D2:E4:AF:61:14:92:9D:82:DB:0A:80
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:39:9f:c3:20:a8:dc:24:cf:47:bd:a1:0f:63:34:05:23:59:
         a5:51:89:eb:68:97:e4:69:f4:e9:55:b9:ad:c3:0c:99:cc:6f:
         56:17:14:ef:96:3d:49:73:6c:f6:8a:7f:51:9e:17:e7:0b:16:
         1b:be:7a:a3:8c:49:50:77:22:b3:aa:6f:a2:93:f1:40:80:85:
         62:6d:4e:f7:4a:0d:83:b9:62:5f:0b:28:fa:52:2f:ef:13:40:
         6a:f5:56:0a:e7:22:a6:45:a0:f7:5a:5e:15:85:ac:3e:56:47:
         84:cf:27:33:e1:08:bd:02:34:a4:cf:12:ed:1c:69:de:69:c7:
         a7:e1:e3:df:9c:3d:49:85:a2:bf:7b:11:a5:6c:ae:1d:c1:19:
         eb:0f:c6:e5:ca:ce:61:87:5d:0e:3c:79:5f:ce:f5:b6:9b:a9:
         81:e9:62:f4:27:17:2e:37:47:dc:f4:30:cb:d6:42:9e:2a:7e:
         1f:ae:ff:fe:d9:b2:86:ac:0e:5a:eb:99:4e:aa:b8:d5:f6:3a:
         08:b5:7a:4b:7f:1c:bf:93:51:73:c7:6e:6b:55:b2:c4:32:66:
         a0:bd:8f:49:65:8d:db:76:01:01:96:94:73:bb:fb:26:04:de:
         02:36:7d:6e:d8:bf:2b:9d:1a:d9:52:df:a3:79:5e:53:03:a4:
         6c:89:66:e3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUU6k0AxbsH0YTiyFdYUYAoH9C2T4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMTcwMDUxMzZaFw0yNzAyMTYwMDU2MzZaMDMxMTAvBgNV
BAMTKDhFMUY5NTBGN0M0QzdFOEFBRUQyRTRBRjYxMTQ5MjlEODJEQjBBODAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqQQOGX+pQPQ1tIcshEBgS2Ajk
l8CZSlshSvUCbU6AcFRrPTaeNGdXRkQPorudZv6GVLCRZ+5+tDRWxBbXPNMTPgS4
6sJRG7f1XDxkuqyjdmGfAMl85FH3jE2RsOLgLvl65h97e1xQU+Hl61JBuuiMyFKa
JWVD+N9Eff01aFLMLPjp/nYCM0uHSIqC8EUJEeENvqTCpjFAzqfS8IVuScNUnPcL
O3/VVLaRMj6U5LuK9qcGeU4qBfDOSGsOLhaEpgM814K7GZDIcSZ5ZVVk20YF6Ok9
wqIZJQBl6bVFnpuChmdJgk9fGqTBxVNuWI+YramJ037X3BLet3bhaBkSyfLjAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjh+VD3xMfoqu0uSvYRSSnYLbCoAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Xu
MA0GCSqGSIb3DQEBCwUAA4IBAQCfOZ/DIKjcJM9HvaEPYzQFI1mlUYnraJfkafTp
VbmtwwyZzG9WFxTvlj1Jc2z2in9RnhfnCxYbvnqjjElQdyKzqm+ik/FAgIVibU73
Sg2DuWJfCyj6Ui/vE0Bq9VYK5yKmRaD3Wl4Vhaw+VkeEzycz4Qi9AjSkzxLtHGne
acen4ePfnD1JhaK/exGlbK4dwRnrD8blys5hh10OPHlfzvW2m6mB6WL0JxcuN0fc
9DDL1kKeKn4frv/+2bKGrA5a65lOqrjV9joItXpLfxy/k1Fzx25rVbLEMmagvY9J
ZY3bdgEBlpRzu/smBN4CNn1u2L8rnRrZUt+jeV5TA6RsiWbj
-----END CERTIFICATE-----