Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa
File:                     AS401000.roa (raw, json)
Hash identifier:          tsS9Izlpy6fXe+RT+eSH3zINeSOlUG+ZieS0qbkuMM4=
Subject key identifier:   98:09:A2:F4:06:DF:F0:8A:20:F2:5C:55:A8:27:AE:90:10:DF:95:06
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       18A91696FF3A39B73813D51C6376AD8DABD65B40
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa
Signing time:             Mon 23 Feb 2026 21:55:39 +0000
ROA not before:           Mon 23 Feb 2026 21:50:39 +0000
ROA not after:            Mon 22 Feb 2027 21:55:39 +0000
asID:                     401000
IP address blocks:        181.214.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:a9:16:96:ff:3a:39:b7:38:13:d5:1c:63:76:ad:8d:ab:d6:5b:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 23 21:50:39 2026 GMT
            Not After : Feb 22 21:55:39 2027 GMT
        Subject: CN=9809A2F406DFF08A20F25C55A827AE9010DF9506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:41:2f:24:e5:f4:f2:8a:e4:c5:c3:bc:3a:ae:
                    ef:b1:84:26:72:20:24:0c:95:d1:da:7f:df:e3:fa:
                    96:06:a5:f7:54:22:db:f2:47:c0:14:0b:05:16:e1:
                    50:60:6f:68:24:f6:0d:d1:f8:a5:a6:e0:7a:20:6b:
                    6e:b9:44:ab:2d:43:bd:3c:63:72:7c:69:cb:28:37:
                    3a:51:08:2b:62:7e:83:9c:93:12:a7:49:f6:f6:6f:
                    56:c4:05:13:05:05:da:ba:df:97:f5:81:24:28:ee:
                    55:04:69:b6:cf:61:44:9a:9e:b9:61:5d:d6:1e:85:
                    5b:c9:a9:45:87:b6:a9:1d:a0:8b:ac:5b:b7:b7:eb:
                    cd:f7:3a:f1:0d:31:66:dd:b2:dc:7b:be:d5:9c:43:
                    a1:36:b0:82:55:d3:e4:64:18:94:b2:8e:e9:98:51:
                    71:16:00:04:59:c8:d6:f9:48:fb:08:e9:ae:81:51:
                    01:91:46:f6:fd:09:ac:7e:77:05:cf:03:5e:f9:b5:
                    9e:59:30:23:fc:91:2f:ed:93:62:0c:c8:38:9d:e3:
                    87:55:ec:a7:18:29:a7:de:38:dc:ee:1c:41:36:1a:
                    5c:c1:b3:08:1b:cf:a1:fe:3b:de:65:29:7f:62:32:
                    75:bd:35:3d:42:65:f8:6c:2b:30:62:7f:43:53:e0:
                    17:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:09:A2:F4:06:DF:F0:8A:20:F2:5C:55:A8:27:AE:90:10:DF:95:06
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401000.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:de:61:1e:45:ae:02:08:99:f1:6c:34:55:ba:b1:e1:67:fc:
         5e:5b:a7:fb:b4:a7:13:5e:d2:43:4d:3d:c5:80:5b:4c:62:8f:
         00:fb:9a:3d:e1:92:53:c9:07:b7:52:dc:b3:7f:10:4a:f1:f3:
         48:56:01:12:72:9a:0c:2c:55:f5:17:c3:94:2a:b9:09:d5:ce:
         0d:cf:0d:4b:6c:1b:97:62:ed:b0:ea:3a:41:5d:50:ef:1c:03:
         45:10:7e:e0:9b:08:cb:bf:dd:be:96:21:8c:e4:16:7a:da:ed:
         af:f8:8b:0a:79:25:99:21:da:bd:ee:80:a2:d1:36:3a:f5:6b:
         50:12:15:26:00:92:89:64:bb:b0:d6:96:ee:ff:55:8f:5b:e4:
         52:68:6e:44:ee:bf:c1:72:62:ed:c9:ba:4c:bd:ec:34:c2:c6:
         32:bb:39:69:63:07:40:de:0f:f7:95:d5:02:7b:70:57:17:a2:
         02:b8:dc:c7:ae:0e:60:1c:a2:67:de:ce:4a:42:75:c7:27:ab:
         c7:4d:c7:af:2b:ea:76:26:a4:12:64:2b:41:89:4f:59:ef:97:
         79:c3:af:97:13:83:59:f0:3e:b6:a7:45:e5:44:82:e0:be:a7:
         ef:9c:23:17:56:a7:37:b7:0f:78:a3:c6:ab:5e:8f:2f:cd:d0:
         2d:91:e4:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGKkWlv86Obc4E9UcY3atjavWW0AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMjMyMTUwMzlaFw0yNzAyMjIyMTU1MzlaMDMxMTAvBgNV
BAMTKDk4MDlBMkY0MDZERkYwOEEyMEYyNUM1NUE4MjdBRTkwMTBERjk1MDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmQS8k5fTyiuTFw7w6ru+xhCZy
ICQMldHaf9/j+pYGpfdUItvyR8AUCwUW4VBgb2gk9g3R+KWm4Hoga265RKstQ708
Y3J8acsoNzpRCCtifoOckxKnSfb2b1bEBRMFBdq635f1gSQo7lUEabbPYUSanrlh
XdYehVvJqUWHtqkdoIusW7e36833OvENMWbdstx7vtWcQ6E2sIJV0+RkGJSyjumY
UXEWAARZyNb5SPsI6a6BUQGRRvb9Cax+dwXPA175tZ5ZMCP8kS/tk2IMyDid44dV
7KcYKafeONzuHEE2GlzBswgbz6H+O95lKX9iMnW9NT1CZfhsKzBif0NT4BeLAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmAmi9Abf8Iog8lxVqCeukBDflQYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxMDAwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYs
MA0GCSqGSIb3DQEBCwUAA4IBAQCs3mEeRa4CCJnxbDRVurHhZ/xeW6f7tKcTXtJD
TT3FgFtMYo8A+5o94ZJTyQe3UtyzfxBK8fNIVgEScpoMLFX1F8OUKrkJ1c4Nzw1L
bBuXYu2w6jpBXVDvHANFEH7gmwjLv92+liGM5BZ62u2v+IsKeSWZIdq97oCi0TY6
9WtQEhUmAJKJZLuw1pbu/1WPW+RSaG5E7r/BcmLtybpMvew0wsYyuzlpYwdA3g/3
ldUCe3BXF6ICuNzHrg5gHKJn3s5KQnXHJ6vHTcevK+p2JqQSZCtBiU9Z75d5w6+X
E4NZ8D62p0XlRILgvqfvnCMXVqc3tw94o8arXo8vzdAtkeT5
-----END CERTIFICATE-----