Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS397032.roa
File:                     AS397032.roa (raw, json)
Hash identifier:          o47BglREfxaLSP2cdKv7pAIpQZqnJ1FPWJxTCDIXZnY=
Subject key identifier:   12:FF:12:E6:62:6C:FF:A9:FE:EE:B4:BB:01:BE:D9:FE:6E:17:93:D2
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1FA5D2F5203FD7200E8D50AF3F76ED3D2FA95BC4
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS397032.roa
Signing time:             Fri 15 May 2026 20:41:55 +0000
ROA not before:           Fri 15 May 2026 20:36:55 +0000
ROA not after:            Fri 14 May 2027 20:41:55 +0000
asID:                     397032
IP address blocks:        2a14:7584:e390::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 18:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:a5:d2:f5:20:3f:d7:20:0e:8d:50:af:3f:76:ed:3d:2f:a9:5b:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: May 15 20:36:55 2026 GMT
            Not After : May 14 20:41:55 2027 GMT
        Subject: CN=12FF12E6626CFFA9FEEEB4BB01BED9FE6E1793D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:ba:a8:73:82:75:68:0f:ff:74:3e:21:87:f5:
                    3e:6f:1e:90:6d:f1:14:5c:e8:b9:50:49:1f:71:1f:
                    74:66:0c:51:b7:13:77:66:11:a9:ca:9e:25:ff:f8:
                    ca:29:2d:8e:13:74:dc:6e:f2:5e:f3:a6:3f:49:c4:
                    9b:b7:4d:3e:3a:f3:44:0a:9a:38:1a:1f:cd:bd:19:
                    59:43:29:c7:0e:0c:bf:12:db:cd:95:f9:26:07:d2:
                    e2:4f:49:93:6a:0c:8a:be:ff:ef:60:20:e4:95:30:
                    f2:ae:89:0d:5a:3b:02:dd:32:b7:27:60:3e:ac:63:
                    bf:a5:c4:be:74:13:37:c9:a6:d0:db:9c:6c:53:cf:
                    c3:b3:69:76:e8:b1:b2:ac:63:e1:95:21:8d:76:20:
                    45:72:45:ce:68:c9:91:3f:fd:d4:57:12:83:07:b5:
                    66:8b:ba:df:b2:ce:f6:73:99:75:8b:bd:bf:e2:fd:
                    38:32:8d:27:f1:a1:e0:83:eb:bd:45:cb:00:f4:d0:
                    af:6a:f9:11:a2:81:d5:aa:0e:f9:3a:ac:1b:63:7e:
                    0a:47:9e:6c:6d:33:c9:fb:77:c2:3b:1e:63:26:02:
                    71:1e:01:8d:a3:e0:85:07:d8:f9:63:9d:40:06:4f:
                    f7:b5:86:84:7d:bd:65:7e:99:8e:3a:45:e6:7c:23:
                    8f:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:FF:12:E6:62:6C:FF:A9:FE:EE:B4:BB:01:BE:D9:FE:6E:17:93:D2
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS397032.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7584:e390::/44

    Signature Algorithm: sha256WithRSAEncryption
         80:7a:06:0b:2f:10:e1:3b:80:63:00:63:f4:5f:99:0e:1c:f8:
         c9:a0:1f:d3:8a:9d:c9:49:69:4c:84:35:a6:e5:de:4d:d3:81:
         02:07:47:a9:c7:cf:4a:72:53:44:43:2f:76:bd:d1:db:6d:8f:
         c4:65:14:90:c5:0a:8d:8e:98:d5:9a:cc:f8:63:8c:a4:1c:f0:
         a1:f8:58:06:96:8e:f6:7e:e8:dd:1c:6f:2b:dc:f5:92:f4:47:
         b5:c6:65:db:c6:10:1e:88:d7:8b:c4:a3:bd:aa:84:4d:89:3c:
         62:07:84:fb:0f:29:b8:7f:52:42:9f:85:9c:8d:49:c1:4f:68:
         8f:bd:75:21:c3:6f:40:73:de:11:02:cf:7d:81:3a:f2:be:2a:
         50:8b:b2:fe:40:cd:78:d7:93:ae:fd:a5:53:0b:94:23:fb:7a:
         6f:98:6d:6f:6a:0c:99:d8:82:6f:57:f1:3c:06:d6:b2:67:e5:
         7b:b2:4a:cd:79:3e:e1:b4:d8:1c:40:bb:4b:33:2c:f4:36:87:
         2f:31:cc:4f:13:e2:7b:0a:c4:78:db:90:71:c9:64:36:c5:3d:
         05:08:b1:d1:30:47:21:c8:0b:8c:5f:93:99:5a:1d:07:08:d3:
         2c:70:99:98:6e:52:ae:ee:c5:5c:ff:2d:80:2b:02:e4:44:59:
         2b:75:bf:af
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUH6XS9SA/1yAOjVCvP3btPS+pW8QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjA1MTUyMDM2NTVaFw0yNzA1MTQyMDQxNTVaMDMxMTAvBgNV
BAMTKDEyRkYxMkU2NjI2Q0ZGQTlGRUVFQjRCQjAxQkVEOUZFNkUxNzkzRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYuqhzgnVoD/90PiGH9T5vHpBt
8RRc6LlQSR9xH3RmDFG3E3dmEanKniX/+MopLY4TdNxu8l7zpj9JxJu3TT4680QK
mjgaH829GVlDKccODL8S282V+SYH0uJPSZNqDIq+/+9gIOSVMPKuiQ1aOwLdMrcn
YD6sY7+lxL50EzfJptDbnGxTz8OzaXbosbKsY+GVIY12IEVyRc5oyZE//dRXEoMH
tWaLut+yzvZzmXWLvb/i/TgyjSfxoeCD671FywD00K9q+RGigdWqDvk6rBtjfgpH
nmxtM8n7d8I7HmMmAnEeAY2j4IUH2PljnUAGT/e1hoR9vWV+mY46ReZ8I4+fAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUEv8S5mJs/6n+7rS7Ab7Z/m4Xk9IwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzk3MDMyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhR1
hOOQMA0GCSqGSIb3DQEBCwUAA4IBAQCAegYLLxDhO4BjAGP0X5kOHPjJoB/Tip3J
SWlMhDWm5d5N04ECB0epx89KclNEQy92vdHbbY/EZRSQxQqNjpjVmsz4Y4ykHPCh
+FgGlo72fujdHG8r3PWS9Ee1xmXbxhAeiNeLxKO9qoRNiTxiB4T7Dym4f1JCn4Wc
jUnBT2iPvXUhw29Ac94RAs99gTryvipQi7L+QM1415Ou/aVTC5Qj+3pvmG1vagyZ
2IJvV/E8BtayZ+V7skrNeT7htNgcQLtLMyz0NocvMcxPE+J7CsR425BxyWQ2xT0F
CLHRMEchyAuMX5OZWh0HCNMscJmYblKu7sVc/y2AKwLkRFkrdb+v
-----END CERTIFICATE-----