Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400909.roa
File:                     AS400909.roa (raw, json)
Hash identifier:          acw2paIAeVs5Bvqyxja02omUOt8dxf0M7faxGjXAERk=
Subject key identifier:   F5:13:1C:1E:91:AB:2B:EC:06:8C:E0:E3:2D:26:D1:12:C9:0E:59:A4
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       22A4B7FBE5F08E5D56A73CBDB52AEF2ED1E77D98
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400909.roa
Signing time:             Mon 28 Jul 2025 07:14:38 +0000
ROA not before:           Mon 28 Jul 2025 07:09:38 +0000
ROA not after:            Mon 27 Jul 2026 07:14:38 +0000
asID:                     400909
IP address blocks:        147.78.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 00:02:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:a4:b7:fb:e5:f0:8e:5d:56:a7:3c:bd:b5:2a:ef:2e:d1:e7:7d:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Jul 28 07:09:38 2025 GMT
            Not After : Jul 27 07:14:38 2026 GMT
        Subject: CN=F5131C1E91AB2BEC068CE0E32D26D112C90E59A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:1a:3f:4b:e7:ca:18:6b:d0:a2:f9:52:46:93:
                    6f:e6:45:37:c6:eb:ba:dc:e2:0c:1f:84:0d:d2:fd:
                    40:69:fe:78:c0:d1:8b:ec:06:0a:a7:08:51:39:18:
                    9e:05:47:a4:2a:4b:c8:eb:0a:e6:30:29:ce:17:4b:
                    78:09:fd:48:c1:3b:fc:41:99:f5:11:5b:bc:e4:d5:
                    45:22:81:b8:00:f8:34:b9:0a:f4:4b:bf:3f:52:c1:
                    5c:a4:15:8d:81:06:53:e4:7a:21:42:f0:90:74:b2:
                    3f:f8:68:66:01:90:6c:c9:37:1a:e4:93:66:4b:25:
                    ef:1f:28:66:2c:fc:bd:24:68:88:09:28:46:43:8d:
                    d8:d2:e8:4b:b8:24:ac:92:86:42:30:98:ab:0a:91:
                    7f:db:5c:e4:84:3e:3b:7c:60:79:77:71:33:5b:a8:
                    89:60:c8:46:c6:ef:9a:2d:4f:76:2c:95:33:fe:93:
                    4f:56:4a:d1:94:0b:72:62:c5:7e:ec:59:7f:7c:19:
                    47:b5:57:0d:d5:d8:1f:8d:bd:b9:9f:eb:8c:08:2b:
                    f0:89:1d:0f:1b:1e:cb:f0:19:c3:20:85:93:7c:a3:
                    7c:ad:ba:f4:21:40:35:89:d4:85:a7:92:e0:e4:41:
                    34:05:7c:91:1e:f3:85:27:b1:cc:44:6b:f7:b1:bb:
                    25:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:13:1C:1E:91:AB:2B:EC:06:8C:E0:E3:2D:26:D1:12:C9:0E:59:A4
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS400909.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:fc:4a:94:e2:86:dd:a4:a3:78:b5:99:f9:cb:fd:49:cc:5b:
         7f:52:ff:77:94:fd:d9:29:a9:ea:b2:f6:bf:1f:be:0c:ea:bf:
         22:d2:d0:4d:44:d8:41:2b:b9:f3:2f:1f:9e:8f:53:b6:1a:81:
         18:66:c3:76:7b:f6:32:3c:27:70:b7:b0:ea:9f:7e:cc:cc:cb:
         39:ee:bd:bd:6c:16:b8:8a:8c:43:e6:19:4b:3b:97:81:85:cd:
         9a:72:d4:98:bb:5b:44:99:52:3e:47:5f:62:08:b4:60:ca:67:
         37:e7:a4:f7:d6:6f:3a:9f:a7:c5:53:f0:ae:51:ea:38:c9:c9:
         cd:7b:73:a2:72:b7:b4:08:8d:9a:e7:64:ed:33:a6:4e:9e:40:
         79:3a:ec:c2:f4:b8:92:46:18:48:3b:35:7c:9a:9c:cf:40:7e:
         d9:bd:d9:d8:1b:25:83:4a:da:62:f7:49:8c:fc:cc:ef:4e:e8:
         12:4b:bd:c9:ea:72:51:17:47:88:28:a4:e5:23:48:6e:d8:ff:
         f1:ed:dd:75:30:13:a9:25:6e:da:72:db:2c:5f:3c:cf:d2:02:
         40:3a:64:be:48:16:32:a0:4e:5b:f3:ee:24:7c:77:22:41:71:
         02:1a:6a:71:f4:7b:c4:15:11:ec:3d:9a:cf:59:fd:a8:74:04:
         a1:73:15:e5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIqS3++Xwjl1Wpzy9tSrvLtHnfZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA3MjgwNzA5MzhaFw0yNjA3MjcwNzE0MzhaMDMxMTAvBgNV
BAMTKEY1MTMxQzFFOTFBQjJCRUMwNjhDRTBFMzJEMjZEMTEyQzkwRTU5QTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Gj9L58oYa9Ci+VJGk2/mRTfG
67rc4gwfhA3S/UBp/njA0YvsBgqnCFE5GJ4FR6QqS8jrCuYwKc4XS3gJ/UjBO/xB
mfURW7zk1UUigbgA+DS5CvRLvz9SwVykFY2BBlPkeiFC8JB0sj/4aGYBkGzJNxrk
k2ZLJe8fKGYs/L0kaIgJKEZDjdjS6Eu4JKyShkIwmKsKkX/bXOSEPjt8YHl3cTNb
qIlgyEbG75otT3YslTP+k09WStGUC3JixX7sWX98GUe1Vw3V2B+Nvbmf64wIK/CJ
HQ8bHsvwGcMghZN8o3ytuvQhQDWJ1IWnkuDkQTQFfJEe84UnscxEa/exuyW3AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9RMcHpGrK+wGjODjLSbREskOWaQwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAwOTA5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk055
MA0GCSqGSIb3DQEBCwUAA4IBAQBr/EqU4obdpKN4tZn5y/1JzFt/Uv93lP3ZKanq
sva/H74M6r8i0tBNRNhBK7nzLx+ej1O2GoEYZsN2e/YyPCdwt7Dqn37MzMs57r29
bBa4ioxD5hlLO5eBhc2actSYu1tEmVI+R19iCLRgymc356T31m86n6fFU/CuUeo4
ycnNe3Oicre0CI2a52TtM6ZOnkB5OuzC9LiSRhhIOzV8mpzPQH7ZvdnYGyWDStpi
90mM/MzvTugSS73J6nJRF0eIKKTlI0hu2P/x7d11MBOpJW7actssXzzP0gJAOmS+
SBYyoE5b8+4kfHciQXECGmpx9HvEFRHsPZrPWf2odAShcxXl
-----END CERTIFICATE-----