Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401856.roa
File:                     AS401856.roa (raw, json)
Hash identifier:          jeVLZvdMpAhDl1Q6FXk+STjxmuVBh7NMsCx+KPl4JnE=
Subject key identifier:   D5:D6:2B:EE:51:0F:78:19:22:9F:81:40:A2:00:9E:CC:CE:DC:4F:BA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       287F3F7CFF3A5321B4FC29056B811AB9D7C3A415
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401856.roa
Signing time:             Thu 26 Feb 2026 10:00:25 +0000
ROA not before:           Thu 26 Feb 2026 09:55:25 +0000
ROA not after:            Thu 25 Feb 2027 10:00:25 +0000
asID:                     401856
IP address blocks:        89.19.46.0/24 maxlen: 24
                          141.98.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 01:06:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:7f:3f:7c:ff:3a:53:21:b4:fc:29:05:6b:81:1a:b9:d7:c3:a4:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 26 09:55:25 2026 GMT
            Not After : Feb 25 10:00:25 2027 GMT
        Subject: CN=D5D62BEE510F7819229F8140A2009ECCCEDC4FBA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:92:4b:ae:85:57:96:85:f3:26:9e:5a:23:aa:
                    57:4c:99:d7:19:05:1b:1d:9b:67:3d:72:e5:a9:45:
                    9c:a6:4f:7b:ae:22:b5:b4:4e:fa:60:66:14:f9:6e:
                    cd:bd:2c:ef:e6:1d:cb:06:a2:a3:df:ed:9d:94:f0:
                    24:e1:8c:65:7b:26:26:a8:51:99:fe:0f:01:6f:fd:
                    8a:39:c1:83:78:9e:fa:3b:0d:7f:bc:68:79:5d:3f:
                    c7:f1:c9:20:77:c4:7f:f2:07:71:9d:ca:37:73:d8:
                    ea:6a:7a:ac:7d:0c:50:38:b2:c0:74:0e:04:6e:1a:
                    af:82:47:b9:9e:3d:b4:aa:e1:38:92:4d:da:32:3a:
                    55:8b:f5:65:e5:45:2c:06:c8:88:84:15:67:af:83:
                    7b:ef:21:da:9c:a0:5d:40:a2:b4:e6:d5:ac:b0:55:
                    4f:5b:1f:fe:65:de:4b:85:b6:5f:29:54:75:15:3b:
                    65:7d:66:81:13:40:28:80:8f:59:92:0c:f3:bf:15:
                    a1:65:5e:b0:61:b4:de:81:27:86:9c:3d:ad:07:de:
                    52:9b:88:3a:e7:ed:61:1f:b1:a0:55:60:58:64:e6:
                    a2:9b:a9:12:91:aa:45:3c:ac:55:da:5b:56:6c:5c:
                    98:c9:e0:62:15:59:2b:e6:7a:2a:fe:09:9c:17:19:
                    81:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:D6:2B:EE:51:0F:78:19:22:9F:81:40:A2:00:9E:CC:CE:DC:4F:BA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS401856.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.46.0/24
                  141.98.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:45:71:c8:93:d7:2c:14:3e:31:cb:d9:00:9d:98:45:eb:4e:
         39:92:b0:bc:bb:9d:95:a9:d4:2d:e3:d8:32:e8:1c:de:bc:c0:
         67:56:f2:e1:8f:99:c5:64:81:15:a8:2f:f8:b3:b9:62:ea:47:
         28:ed:10:69:49:63:86:79:cb:e3:0a:cc:55:f5:d4:40:84:db:
         17:91:19:c7:59:3f:1f:54:2e:26:bb:99:6f:3d:d9:dc:26:43:
         9a:02:a7:e7:83:dc:36:2d:88:a3:44:3a:e6:06:34:7f:36:21:
         58:e3:4f:2e:9c:3f:e8:5f:df:71:c5:9b:62:2f:a2:d2:ce:56:
         b8:2d:ce:4f:90:67:a2:08:6b:c9:c9:af:b0:19:b9:6f:dc:98:
         af:9a:92:7a:65:68:ea:d4:b3:f7:36:c8:2a:20:a7:16:4c:4c:
         ec:f3:6e:c2:1e:5c:d4:2e:c6:a5:a3:81:f8:79:ae:61:21:72:
         37:8a:22:7f:9a:8f:2e:7f:da:5f:c8:81:0f:89:39:ff:0c:15:
         fa:5e:9f:ed:c6:b6:8f:85:a5:90:05:28:c5:86:f0:c8:ee:c4:
         ce:a5:66:1b:53:be:82:0b:8c:67:e9:b8:b9:83:5c:23:44:c6:
         b7:72:1a:64:95:c8:52:24:ac:f7:d6:8b:ec:c9:59:76:cc:00:
         18:e5:05:bf
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKH8/fP86UyG0/CkFa4EaudfDpBUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAyMjYwOTU1MjVaFw0yNzAyMjUxMDAwMjVaMDMxMTAvBgNV
BAMTKEQ1RDYyQkVFNTEwRjc4MTkyMjlGODE0MEEyMDA5RUNDQ0VEQzRGQkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwkkuuhVeWhfMmnlojqldMmdcZ
BRsdm2c9cuWpRZymT3uuIrW0TvpgZhT5bs29LO/mHcsGoqPf7Z2U8CThjGV7Jiao
UZn+DwFv/Yo5wYN4nvo7DX+8aHldP8fxySB3xH/yB3Gdyjdz2Opqeqx9DFA4ssB0
DgRuGq+CR7mePbSq4TiSTdoyOlWL9WXlRSwGyIiEFWevg3vvIdqcoF1AorTm1ayw
VU9bH/5l3kuFtl8pVHUVO2V9ZoETQCiAj1mSDPO/FaFlXrBhtN6BJ4acPa0H3lKb
iDrn7WEfsaBVYFhk5qKbqRKRqkU8rFXaW1ZsXJjJ4GIVWSvmeir+CZwXGYHfAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU1dYr7lEPeBkin4FAogCezM7cT7owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAxODU2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRMu
AwQAjWJZMA0GCSqGSIb3DQEBCwUAA4IBAQBiRXHIk9csFD4xy9kAnZhF6045krC8
u52VqdQt49gy6BzevMBnVvLhj5nFZIEVqC/4s7li6kco7RBpSWOGecvjCsxV9dRA
hNsXkRnHWT8fVC4mu5lvPdncJkOaAqfng9w2LYijRDrmBjR/NiFY408unD/oX99x
xZtiL6LSzla4Lc5PkGeiCGvJya+wGblv3JivmpJ6ZWjq1LP3NsgqIKcWTEzs827C
HlzULsalo4H4ea5hIXI3iiJ/mo8uf9pfyIEPiTn/DBX6Xp/txraPhaWQBSjFhvDI
7sTOpWYbU76CC4xn6bi5g1wjRMa3chpklchSJKz31ovsyVl2zAAY5QW/
-----END CERTIFICATE-----