Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396993.roa
File:                     AS396993.roa (raw, json)
Hash identifier:          EK9anfpy8vvffsBGuSVD6SRYg9+LBgudpzxBsrCZXXA=
Subject key identifier:   43:81:08:FB:F8:EF:02:45:95:32:10:25:31:57:0B:76:8A:0E:01:A0
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2BB7E2E68B929F6B14192350F9033F74479C9FE5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396993.roa
Signing time:             Wed 08 Apr 2026 02:08:30 +0000
ROA not before:           Wed 08 Apr 2026 02:03:30 +0000
ROA not after:            Wed 07 Apr 2027 02:08:30 +0000
asID:                     396993
IP address blocks:        2a0f:85c1:84e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:b7:e2:e6:8b:92:9f:6b:14:19:23:50:f9:03:3f:74:47:9c:9f:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr  8 02:03:30 2026 GMT
            Not After : Apr  7 02:08:30 2027 GMT
        Subject: CN=438108FBF8EF02459532102531570B768A0E01A0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:40:33:61:ca:e3:fc:aa:52:a5:1a:90:0e:02:
                    e0:04:a3:64:d9:5d:f5:f3:23:c1:d4:cb:ac:34:ea:
                    06:13:7b:85:3f:4b:1e:ce:8f:f6:e8:2e:d3:ef:7f:
                    48:84:7e:9c:4a:c7:94:9b:33:f8:d1:ac:ff:a2:de:
                    25:c9:89:1c:46:43:18:0d:88:67:3f:14:00:ae:73:
                    0c:5c:9e:b8:94:7e:89:ee:be:35:d4:bf:43:0d:be:
                    f0:9c:89:03:e7:8a:21:56:4a:35:1e:e7:29:9f:c1:
                    a7:48:b4:fd:29:b7:66:bc:ea:77:b3:ed:1e:ad:1a:
                    fc:9f:e0:cc:c8:75:91:1d:57:fd:84:39:64:6e:74:
                    7b:a1:8c:9d:f7:b7:05:77:cc:f3:65:08:fd:f9:27:
                    52:2f:bd:d8:5f:f3:7d:28:5c:25:d6:99:ca:34:55:
                    1d:f4:96:88:21:cb:a9:c0:ed:59:2e:da:0a:61:03:
                    d7:5f:ca:e9:4b:e0:8f:8b:52:5a:4a:36:15:ed:42:
                    71:37:82:ac:26:20:04:1a:1e:aa:46:1d:71:76:ee:
                    1e:28:05:2e:92:da:2c:c3:b2:a3:b7:cd:c2:f3:26:
                    74:46:2d:e3:b2:51:0d:f9:86:7f:e5:3a:75:b5:2d:
                    2a:f1:20:7e:fe:76:9b:cb:cb:97:a8:46:37:c8:59:
                    8b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:81:08:FB:F8:EF:02:45:95:32:10:25:31:57:0B:76:8A:0E:01:A0
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS396993.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:84e::/48

    Signature Algorithm: sha256WithRSAEncryption
         eb:a0:92:c7:59:92:4b:77:19:2d:29:73:10:28:32:4b:d9:c4:
         85:c0:08:09:f9:e7:18:e5:8a:a2:c9:a5:a5:36:2a:df:3c:ce:
         87:56:b3:b0:ad:1a:6f:e8:5d:c8:75:7f:bd:be:de:a8:fb:f5:
         24:ba:3e:a0:5b:f0:76:03:b6:92:0e:e3:b7:11:58:b0:21:3a:
         54:f2:64:ea:d3:ff:da:dd:ab:77:2b:41:0b:66:e6:e1:97:53:
         09:20:57:a2:00:b0:00:e5:a6:6e:5b:87:7b:97:d8:3b:c8:0b:
         5b:9c:2e:78:49:4d:8f:c0:aa:e7:53:08:fa:fb:d4:8b:77:ab:
         21:9b:64:be:6d:67:07:02:ed:4a:59:cc:e4:bb:3f:22:68:1a:
         15:4c:7c:d2:00:66:1b:a9:56:39:c7:5e:96:8d:23:84:94:8f:
         ac:9d:ed:ab:ac:3c:d1:d2:af:65:e1:70:83:00:23:d7:6a:4d:
         ae:92:43:87:19:e3:70:fa:0d:81:7a:66:99:3e:27:09:bb:27:
         3d:30:0c:8f:9d:9e:a7:37:a3:70:ff:ba:65:8d:fa:d1:3f:19:
         57:d2:6e:25:29:47:0f:33:ba:2d:b9:98:cb:7c:de:57:ca:dd:
         de:59:32:84:1d:65:56:c6:d4:19:81:e1:3f:d7:b1:b3:3b:a9:
         b9:2b:61:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUK7fi5ouSn2sUGSNQ+QM/dEecn+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA0MDgwMjAzMzBaFw0yNzA0MDcwMjA4MzBaMDMxMTAvBgNV
BAMTKDQzODEwOEZCRjhFRjAyNDU5NTMyMTAyNTMxNTcwQjc2OEEwRTAxQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbQDNhyuP8qlKlGpAOAuAEo2TZ
XfXzI8HUy6w06gYTe4U/Sx7Oj/boLtPvf0iEfpxKx5SbM/jRrP+i3iXJiRxGQxgN
iGc/FACucwxcnriUfonuvjXUv0MNvvCciQPniiFWSjUe5ymfwadItP0pt2a86nez
7R6tGvyf4MzIdZEdV/2EOWRudHuhjJ33twV3zPNlCP35J1Ivvdhf830oXCXWmco0
VR30loghy6nA7Vku2gphA9dfyulL4I+LUlpKNhXtQnE3gqwmIAQaHqpGHXF27h4o
BS6S2izDsqO3zcLzJnRGLeOyUQ35hn/lOnW1LSrxIH7+dpvLy5eoRjfIWYvzAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUQ4EI+/jvAkWVMhAlMVcLdooOAaAwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzk2OTkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhOMA0GCSqGSIb3DQEBCwUAA4IBAQDroJLHWZJLdxktKXMQKDJL2cSFwAgJ+ecY
5YqiyaWlNirfPM6HVrOwrRpv6F3IdX+9vt6o+/Ukuj6gW/B2A7aSDuO3EViwITpU
8mTq0//a3at3K0ELZubhl1MJIFeiALAA5aZuW4d7l9g7yAtbnC54SU2PwKrnUwj6
+9SLd6shm2S+bWcHAu1KWczkuz8iaBoVTHzSAGYbqVY5x16WjSOElI+sne2rrDzR
0q9l4XCDACPXak2ukkOHGeNw+g2BemaZPicJuyc9MAyPnZ6nN6Nw/7pljfrRPxlX
0m4lKUcPM7otuZjLfN5Xyt3eWTKEHWVWxtQZgeE/17GzO6m5K2Ga
-----END CERTIFICATE-----