Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402187.roa
File:                     AS402187.roa (raw, json)
Hash identifier:          oeLmvVjs9jCbkU6FvPNm1OJ14esG2cu7p11Rsiw0H2U=
Subject key identifier:   CA:08:A6:4A:BD:C0:96:7E:6F:DC:2A:4B:C9:0B:CB:56:21:C6:75:F0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       07939001BAB612876E6C2C34A578FE2C76D9B4F9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402187.roa
Signing time:             Thu 02 Apr 2026 08:32:44 +0000
ROA not before:           Thu 02 Apr 2026 08:27:44 +0000
ROA not after:            Thu 01 Apr 2027 08:32:44 +0000
asID:                     402187
IP address blocks:        179.61.237.0/24 maxlen: 24
                          191.96.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:93:90:01:ba:b6:12:87:6e:6c:2c:34:a5:78:fe:2c:76:d9:b4:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  2 08:27:44 2026 GMT
            Not After : Apr  1 08:32:44 2027 GMT
        Subject: CN=CA08A64ABDC0967E6FDC2A4BC90BCB5621C675F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:1b:f6:d8:dc:71:f8:5b:a7:09:87:ee:67:39:
                    e6:3e:5a:6c:c6:2f:73:f1:96:dd:a1:b3:89:f5:4a:
                    18:bb:53:14:24:76:93:62:5d:27:3e:ae:d8:cf:02:
                    ca:7f:c3:f4:06:c8:c5:ec:d9:24:91:81:7a:90:bf:
                    81:95:62:19:5b:dd:a0:44:e6:3e:81:81:d0:f9:3e:
                    d7:65:5e:0d:b8:1a:b0:f1:2e:de:ae:38:21:73:b1:
                    bb:80:f0:e4:0c:2d:ac:a6:2a:73:11:4f:2b:54:0b:
                    d8:6e:24:9d:65:78:d2:b7:31:24:00:dc:f4:c4:1c:
                    ac:ba:d9:1d:5a:8c:56:55:68:af:d7:07:2e:4d:0e:
                    a4:d4:f7:36:d8:8c:00:50:ae:03:3a:1c:2f:f5:2c:
                    db:67:9c:94:d1:8a:76:44:32:a9:8d:4d:0e:d1:cb:
                    bc:94:42:89:17:e5:b4:ea:de:bb:85:8e:9f:86:3c:
                    59:53:92:5f:71:be:e2:85:04:2b:44:cd:ca:ba:69:
                    3d:43:b7:7a:16:81:a9:72:f4:10:c7:75:e0:1b:94:
                    25:8a:78:0b:c2:54:83:7a:9e:07:8e:e3:80:03:6e:
                    7e:65:03:b2:3d:60:bb:f2:4f:af:23:4c:39:24:dc:
                    72:3d:37:cc:80:a9:a1:68:89:f2:52:10:4e:fa:0e:
                    a7:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:08:A6:4A:BD:C0:96:7E:6F:DC:2A:4B:C9:0B:CB:56:21:C6:75:F0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402187.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  179.61.237.0/24
                  191.96.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:9f:ff:d8:53:90:76:89:1b:8f:83:52:ae:48:87:c1:b8:7b:
         54:5e:f8:d3:90:78:65:e2:20:9f:76:61:16:d9:e5:d9:cc:5c:
         fa:17:8d:cc:6a:0d:e7:20:b4:63:20:05:2a:94:ae:28:e0:39:
         e7:34:63:bf:b6:27:dd:71:61:03:72:2c:6f:b4:71:a3:01:2e:
         c7:fc:ec:f3:aa:f3:0f:8b:a7:dc:f2:00:7a:7b:91:c9:b6:2e:
         f5:87:a0:68:a7:fb:93:ca:9c:b8:bf:94:69:ca:2d:81:28:19:
         4d:67:df:c5:d9:7d:f7:8e:4e:9c:47:aa:1b:6e:1e:97:f3:bd:
         a8:48:f9:62:94:5a:32:8c:87:c2:86:aa:44:3c:c8:0e:42:d6:
         e4:87:c3:fa:96:c8:d9:42:21:dd:a9:20:62:ff:4c:57:db:fe:
         78:74:49:25:93:c0:f7:7d:eb:77:41:a5:c3:72:27:a7:d7:fe:
         23:bd:aa:d6:d7:41:d3:5c:74:d4:65:4b:b7:19:02:76:48:c1:
         a0:a3:23:44:a1:64:fa:70:14:53:6a:29:77:2c:7f:04:6f:b0:
         28:12:83:71:a0:e6:38:d0:3d:40:4b:fb:22:a6:ce:15:3f:a2:
         16:d7:ff:94:b2:8c:8f:0f:8a:be:5b:db:65:86:f9:01:00:8e:
         c3:39:21:76
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUB5OQAbq2EodubCw0pXj+LHbZtPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MDIwODI3NDRaFw0yNzA0MDEwODMyNDRaMDMxMTAvBgNV
BAMTKENBMDhBNjRBQkRDMDk2N0U2RkRDMkE0QkM5MEJDQjU2MjFDNjc1RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZG/bY3HH4W6cJh+5nOeY+WmzG
L3Pxlt2hs4n1Shi7UxQkdpNiXSc+rtjPAsp/w/QGyMXs2SSRgXqQv4GVYhlb3aBE
5j6BgdD5PtdlXg24GrDxLt6uOCFzsbuA8OQMLaymKnMRTytUC9huJJ1leNK3MSQA
3PTEHKy62R1ajFZVaK/XBy5NDqTU9zbYjABQrgM6HC/1LNtnnJTRinZEMqmNTQ7R
y7yUQokX5bTq3ruFjp+GPFlTkl9xvuKFBCtEzcq6aT1Dt3oWgaly9BDHdeAblCWK
eAvCVIN6ngeO44ADbn5lA7I9YLvyT68jTDkk3HI9N8yAqaFoifJSEE76DqfPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUygimSr3Aln5v3CpLyQvLViHGdfAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAyMTg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsz3t
AwQAv2BpMA0GCSqGSIb3DQEBCwUAA4IBAQCkn//YU5B2iRuPg1KuSIfBuHtUXvjT
kHhl4iCfdmEW2eXZzFz6F43Mag3nILRjIAUqlK4o4DnnNGO/tifdcWEDcixvtHGj
AS7H/OzzqvMPi6fc8gB6e5HJti71h6Bop/uTypy4v5Rpyi2BKBlNZ9/F2X33jk6c
R6obbh6X872oSPlilFoyjIfChqpEPMgOQtbkh8P6lsjZQiHdqSBi/0xX2/54dEkl
k8D3fet3QaXDcien1/4jvarW10HTXHTUZUu3GQJ2SMGgoyNEoWT6cBRTail3LH8E
b7AoEoNxoOY40D1AS/sips4VP6IW1/+UsoyPD4q+W9tlhvkBAI7DOSF2
-----END CERTIFICATE-----