Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          LKabgyKEOOmx5R0BdEoRiKAHUzCqzl1wldwkPGHhtW4=
Subject key identifier:   2A:DC:FB:BA:4E:70:D7:06:FD:C1:0E:EC:D9:34:DC:33:59:9D:46:D2
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       4034C93781F19380171E4A5892B1175196B36851
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa
Signing time:             Mon 09 Feb 2026 00:03:56 +0000
ROA not before:           Sun 08 Feb 2026 23:58:56 +0000
ROA not after:            Mon 08 Feb 2027 00:03:56 +0000
asID:                     400909
IP address blocks:        82.29.118.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:34:c9:37:81:f1:93:80:17:1e:4a:58:92:b1:17:51:96:b3:68:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb  8 23:58:56 2026 GMT
            Not After : Feb  8 00:03:56 2027 GMT
        Subject: CN=2ADCFBBA4E70D706FDC10EECD934DC33599D46D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:61:71:22:11:99:08:cf:f0:78:a8:cd:7f:6a:
                    99:60:64:1d:4b:2d:30:c3:06:35:83:fe:fc:c7:53:
                    c3:8a:73:b2:aa:a1:dd:02:d7:1d:5b:07:1a:79:b0:
                    fd:47:46:4b:59:88:53:90:c6:53:05:89:67:e6:1b:
                    7b:59:fa:23:ab:29:c0:55:20:6c:d2:a9:b4:70:ad:
                    6a:c6:04:ac:f2:4d:83:46:91:fc:4f:f4:1e:07:0b:
                    f9:c5:3f:2c:a6:90:60:86:c8:76:d7:2f:a6:e2:27:
                    a4:a3:ff:f3:99:2b:1c:20:2c:de:77:a0:00:68:84:
                    49:40:ad:34:08:72:98:c7:ba:2e:3e:0d:b1:55:d6:
                    c8:48:dd:9d:ec:31:7e:1a:08:ee:d1:e5:f3:6b:5c:
                    59:e0:48:0d:a4:cd:87:38:34:68:3d:0d:9e:98:d9:
                    63:84:0b:14:34:32:7e:20:f2:f5:1a:13:db:48:46:
                    24:fc:d7:24:b3:00:fc:a8:06:ef:d5:bb:9e:08:46:
                    df:37:3c:cc:cb:75:30:f5:a6:26:31:33:3a:ca:bc:
                    0b:f9:ed:a7:8f:42:ac:5b:aa:aa:87:eb:8d:65:43:
                    5b:d7:f2:e8:ae:2c:de:8c:7d:08:99:7a:73:29:f4:
                    8f:e9:54:f4:8b:4c:71:3a:0e:e1:e1:a6:95:88:1c:
                    3f:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:DC:FB:BA:4E:70:D7:06:FD:C1:0E:EC:D9:34:DC:33:59:9D:46:D2
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1c:3a:d1:81:72:eb:54:ea:80:b6:6f:64:15:af:f3:a2:2b:cf:
         ac:8c:d0:09:c1:f5:41:e0:22:6f:f6:84:d5:aa:95:2e:69:02:
         08:21:53:38:b0:6e:06:0f:1a:8f:66:cb:5c:93:42:e2:ab:28:
         69:dd:3b:93:1e:75:6d:39:2a:aa:7c:c9:3c:19:dd:d2:f6:38:
         85:ba:36:c6:c4:ce:97:d7:83:19:c1:9f:6e:ce:b9:91:0d:fb:
         80:b1:cd:ce:e5:d0:cc:f8:35:b9:ed:8f:72:ba:1b:61:3f:61:
         d3:88:90:c2:97:1d:d6:d7:c8:fe:05:dc:c1:29:8b:85:e8:8d:
         20:32:56:f9:a5:11:64:bf:a9:41:35:ad:88:05:ee:42:ad:66:
         66:fe:32:5d:64:e4:d8:fa:16:3d:96:bf:ff:e9:c4:9a:5c:dc:
         33:75:94:5e:67:97:1c:f7:8a:d7:63:80:7f:b3:0c:62:4e:88:
         62:fb:cc:0b:b9:ba:63:7a:55:27:33:0b:7b:7a:f0:07:23:50:
         b6:70:73:15:4b:bf:3a:81:0c:3d:af:e7:1a:bc:a0:fb:7d:75:
         5a:21:74:4f:5f:d8:1a:33:e6:39:57:35:56:1c:f2:ef:3c:bd:
         cc:8f:b7:f4:50:df:93:d5:3f:f5:0b:1b:89:2d:f3:a6:86:5a:
         69:0a:cf:10
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQDTJN4Hxk4AXHkpYkrEXUZazaFEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMDgyMzU4NTZaFw0yNzAyMDgwMDAzNTZaMDMxMTAvBgNV
BAMTKDJBRENGQkJBNEU3MEQ3MDZGREMxMEVFQ0Q5MzREQzMzNTk5RDQ2RDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNYXEiEZkIz/B4qM1/aplgZB1L
LTDDBjWD/vzHU8OKc7Kqod0C1x1bBxp5sP1HRktZiFOQxlMFiWfmG3tZ+iOrKcBV
IGzSqbRwrWrGBKzyTYNGkfxP9B4HC/nFPyymkGCGyHbXL6biJ6Sj//OZKxwgLN53
oABohElArTQIcpjHui4+DbFV1shI3Z3sMX4aCO7R5fNrXFngSA2kzYc4NGg9DZ6Y
2WOECxQ0Mn4g8vUaE9tIRiT81ySzAPyoBu/Vu54IRt83PMzLdTD1piYxMzrKvAv5
7aePQqxbqqqH641lQ1vX8uiuLN6MfQiZenMp9I/pVPSLTHE6DuHhppWIHD8JAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKtz7uk5w1wb9wQ7s2TTcM1mdRtIwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUh12
MA0GCSqGSIb3DQEBCwUAA4IBAQAcOtGBcutU6oC2b2QVr/OiK8+sjNAJwfVB4CJv
9oTVqpUuaQIIIVM4sG4GDxqPZstck0Liqyhp3TuTHnVtOSqqfMk8Gd3S9jiFujbG
xM6X14MZwZ9uzrmRDfuAsc3O5dDM+DW57Y9yuhthP2HTiJDClx3W18j+BdzBKYuF
6I0gMlb5pRFkv6lBNa2IBe5CrWZm/jJdZOTY+hY9lr//6cSaXNwzdZReZ5cc94rX
Y4B/swxiTohi+8wLubpjelUnMwt7evAHI1C2cHMVS786gQw9r+cavKD7fXVaIXRP
X9gaM+Y5VzVWHPLvPL3Mj7f0UN+T1T/1CxuJLfOmhlppCs8Q
-----END CERTIFICATE-----