Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          tj3mQncdxQzcdIsGRjwK7566PiIdjv0zDpa8bQrwvEI=
Subject key identifier:   87:8A:EE:EF:8B:65:FA:78:DB:7A:83:83:12:4B:92:06:C0:C9:9E:28
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       07977EB9ED5AD694A9CEADDE5CDA06031E7F1CC0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa
Signing time:             Thu 16 Apr 2026 08:41:34 +0000
ROA not before:           Thu 16 Apr 2026 08:36:34 +0000
ROA not after:            Thu 15 Apr 2027 08:41:34 +0000
asID:                     400909
IP address blocks:        193.7.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 15:58:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:97:7e:b9:ed:5a:d6:94:a9:ce:ad:de:5c:da:06:03:1e:7f:1c:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr 16 08:36:34 2026 GMT
            Not After : Apr 15 08:41:34 2027 GMT
        Subject: CN=878AEEEF8B65FA78DB7A8383124B9206C0C99E28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:81:02:c6:c4:df:0d:c2:20:6e:fb:06:c1:50:
                    90:cd:31:58:50:be:22:9c:10:b8:81:37:e2:76:86:
                    f0:a0:48:0d:dc:a5:08:af:ff:b0:85:c7:dd:d6:28:
                    8e:ec:72:a5:1a:af:f2:60:d9:50:05:95:3a:18:d5:
                    82:50:aa:3d:83:57:40:99:53:f6:da:08:d5:b6:34:
                    98:65:3a:52:82:9a:78:60:24:8a:b4:cf:c7:21:20:
                    17:5a:ef:17:d3:20:99:58:52:95:82:03:0b:72:f6:
                    16:0c:12:ad:fb:5c:a3:0a:6d:92:ab:d8:63:6b:b0:
                    a9:b1:6e:7f:82:3c:27:00:66:18:9b:5b:35:3f:da:
                    d2:7e:3a:67:60:71:4e:bc:23:21:a7:61:81:0d:d6:
                    23:ac:d9:c3:f7:c5:c3:28:e2:3e:0e:f6:6a:6c:3a:
                    92:0f:3d:23:1b:d6:91:19:33:c8:a9:7a:bf:3a:0f:
                    63:3f:94:01:b4:c4:fb:d7:a1:db:2a:50:63:9c:70:
                    c1:cf:c9:a4:64:12:40:71:40:28:12:29:88:57:a7:
                    e6:f5:45:1b:60:12:9d:a0:43:0f:38:10:e0:e9:f2:
                    ba:72:4d:0a:88:79:83:ee:f9:7a:0b:b3:a5:2b:56:
                    90:30:fb:5e:76:1f:92:f1:19:e0:2b:36:fb:04:97:
                    e7:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:8A:EE:EF:8B:65:FA:78:DB:7A:83:83:12:4B:92:06:C0:C9:9E:28
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.7.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:76:35:2b:34:a6:cb:fc:1c:00:a3:0c:3a:67:7a:cc:48:67:
         09:eb:d8:6a:34:0f:35:2c:c0:31:f6:0d:16:6a:ed:a9:12:98:
         00:4e:ef:89:33:0e:d7:24:73:84:84:0c:53:24:88:28:2d:78:
         19:71:17:70:4a:84:de:40:31:84:19:38:06:4a:f6:5c:5e:39:
         6f:4d:2f:65:d4:0f:39:e7:00:0d:2c:01:50:8c:c5:73:d5:fd:
         d0:c0:9d:c5:9c:54:e4:8d:d7:9a:8c:f4:87:4a:44:67:79:4b:
         db:d9:19:78:24:0d:fe:43:ee:86:65:21:52:3e:64:32:09:59:
         d2:5f:c0:10:48:81:75:f7:a6:6e:3e:91:6c:39:8e:8c:d2:d1:
         fe:cb:de:3f:e8:e3:5a:e1:ec:9c:0c:27:80:4a:63:6c:c4:cc:
         52:33:db:55:77:e7:09:99:63:1c:25:e6:96:c7:8e:c5:03:fb:
         89:d7:f8:e7:bf:3a:5f:6a:b4:1e:e9:ef:cf:b5:37:8c:87:65:
         87:b4:bd:e9:d9:8e:56:82:7c:16:a3:2d:51:ff:22:9c:c4:5c:
         17:ca:8d:00:2e:6c:f0:de:e5:07:ef:7f:8d:d5:e2:db:f2:79:
         b0:38:a0:a7:e1:69:bf:aa:59:6b:c8:b5:20:c7:85:e3:2d:6b:
         cb:42:8f:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUB5d+ue1a1pSpzq3eXNoGAx5/HMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MTYwODM2MzRaFw0yNzA0MTUwODQxMzRaMDMxMTAvBgNV
BAMTKDg3OEFFRUVGOEI2NUZBNzhEQjdBODM4MzEyNEI5MjA2QzBDOTlFMjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmgQLGxN8NwiBu+wbBUJDNMVhQ
viKcELiBN+J2hvCgSA3cpQiv/7CFx93WKI7scqUar/Jg2VAFlToY1YJQqj2DV0CZ
U/baCNW2NJhlOlKCmnhgJIq0z8chIBda7xfTIJlYUpWCAwty9hYMEq37XKMKbZKr
2GNrsKmxbn+CPCcAZhibWzU/2tJ+OmdgcU68IyGnYYEN1iOs2cP3xcMo4j4O9mps
OpIPPSMb1pEZM8iper86D2M/lAG0xPvXodsqUGOccMHPyaRkEkBxQCgSKYhXp+b1
RRtgEp2gQw84EODp8rpyTQqIeYPu+XoLs6UrVpAw+152H5LxGeArNvsEl+f9AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUh4ru74tl+njbeoODEkuSBsDJnigwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQfL
MA0GCSqGSIb3DQEBCwUAA4IBAQAjdjUrNKbL/BwAoww6Z3rMSGcJ69hqNA81LMAx
9g0Wau2pEpgATu+JMw7XJHOEhAxTJIgoLXgZcRdwSoTeQDGEGTgGSvZcXjlvTS9l
1A855wANLAFQjMVz1f3QwJ3FnFTkjdeajPSHSkRneUvb2Rl4JA3+Q+6GZSFSPmQy
CVnSX8AQSIF196ZuPpFsOY6M0tH+y94/6ONa4eycDCeASmNsxMxSM9tVd+cJmWMc
JeaWx47FA/uJ1/jnvzpfarQe6e/PtTeMh2WHtL3p2Y5WgnwWoy1R/yKcxFwXyo0A
Lmzw3uUH73+N1eLb8nmwOKCn4Wm/qllryLUgx4XjLWvLQo8O
-----END CERTIFICATE-----