Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS400308.roa
File:                     AS400308.roa (raw, json)
Hash identifier:          KryS1tMyGhDnZn30Vs8BCTeo8yJ/TxTn1x8emCsIGGo=
Subject key identifier:   A9:3E:6C:01:9B:71:0E:72:A9:F1:B7:B9:2F:7D:7C:EE:5B:9A:BC:F4
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       2F14DB306FCD589ACA266C751BF35B300235CEE1
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS400308.roa
Signing time:             Thu 04 Jun 2026 11:34:38 +0000
ROA not before:           Thu 04 Jun 2026 11:29:38 +0000
ROA not after:            Thu 03 Jun 2027 11:34:38 +0000
asID:                     400308
IP address blocks:        188.221.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2f:14:db:30:6f:cd:58:9a:ca:26:6c:75:1b:f3:5b:30:02:35:ce:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun  4 11:29:38 2026 GMT
            Not After : Jun  3 11:34:38 2027 GMT
        Subject: CN=A93E6C019B710E72A9F1B7B92F7D7CEE5B9ABCF4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b4:9d:d3:6e:fa:4e:8a:6a:d7:d4:92:a0:23:
                    5d:61:7f:41:5a:e7:62:32:ea:ff:57:3f:62:77:12:
                    b3:05:f3:0a:58:23:87:2e:f2:f4:bd:e0:2d:86:90:
                    2a:40:e8:7c:c9:1c:66:d4:b8:d4:4a:0e:73:ea:c8:
                    a9:04:10:62:2b:d6:1b:bd:f7:f7:4d:fb:5e:cc:d2:
                    f9:69:07:93:02:08:09:56:3d:d2:1e:1f:c5:e9:05:
                    5f:e3:6e:f6:ee:f8:29:d5:f5:dc:0d:18:f0:6d:6d:
                    74:e7:3c:96:51:40:4f:25:ce:5b:31:69:d9:47:f5:
                    4f:c7:d8:f2:e1:0c:0a:7b:1e:62:9c:ab:cb:19:5b:
                    cf:3d:4a:6a:2f:f8:0c:4c:e4:32:93:f8:59:71:4e:
                    bf:71:6c:88:44:93:79:38:cc:56:e9:51:50:c3:ac:
                    e6:d6:51:2f:4f:55:77:6e:1c:66:a2:82:c7:25:52:
                    26:78:84:b0:3f:e5:6a:6a:a2:e9:50:b5:24:d4:31:
                    22:cd:96:16:05:53:a6:79:ea:25:32:bd:24:b1:04:
                    d0:17:14:29:ec:d6:22:d3:31:90:76:93:13:d5:a8:
                    3e:c4:16:f3:3b:73:2e:9d:66:77:a4:32:23:f9:22:
                    20:69:ed:b1:6d:35:c2:54:dd:36:da:61:29:8c:a9:
                    ca:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:3E:6C:01:9B:71:0E:72:A9:F1:B7:B9:2F:7D:7C:EE:5B:9A:BC:F4
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS400308.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.221.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:ad:8b:9f:2d:cb:a3:6e:a5:93:c9:e7:72:76:1b:04:28:70:
         1b:f4:2c:f4:f8:78:79:0e:70:06:10:78:e3:15:bc:b6:b4:a4:
         d9:1d:fc:28:ad:54:78:49:fd:ba:86:c9:05:59:22:d0:be:29:
         d6:dc:a5:1d:63:d5:d5:b8:33:73:bc:0d:5e:3c:51:f7:ab:00:
         ab:ea:f3:70:a8:c6:ec:17:26:e5:ae:55:aa:71:9d:a2:b3:0a:
         38:b8:43:4e:5a:33:5f:0c:af:74:de:21:6d:1a:15:17:d0:c6:
         ed:b3:38:14:e3:ea:e5:10:59:16:ae:34:36:c2:6a:92:b2:67:
         43:b6:89:67:b9:ae:09:68:d9:53:01:b9:58:32:51:4e:5e:5a:
         a9:69:ac:7f:49:bb:9c:99:1d:d7:ae:89:99:63:1f:b1:d5:84:
         d4:70:95:98:bf:6b:3e:ab:b8:06:b5:64:a7:83:6b:cc:69:87:
         46:7c:68:06:ab:d5:e5:1f:b5:9c:7b:5e:06:84:0b:b5:b1:e5:
         1c:c8:e3:20:a3:5f:08:84:e3:63:63:26:6e:4a:0e:01:5d:9e:
         1e:ac:a9:5c:70:ee:88:ed:40:bc:26:f8:cf:f3:36:ed:4c:cd:
         ce:91:91:f3:66:bc:96:d5:7c:39:9d:42:8b:34:03:c2:7f:4e:
         cf:b1:90:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIULxTbMG/NWJrKJmx1G/NbMAI1zuEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MDQxMTI5MzhaFw0yNzA2MDMxMTM0MzhaMDMxMTAvBgNV
BAMTKEE5M0U2QzAxOUI3MTBFNzJBOUYxQjdCOTJGN0Q3Q0VFNUI5QUJDRjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCotJ3TbvpOimrX1JKgI11hf0Fa
52Iy6v9XP2J3ErMF8wpYI4cu8vS94C2GkCpA6HzJHGbUuNRKDnPqyKkEEGIr1hu9
9/dN+17M0vlpB5MCCAlWPdIeH8XpBV/jbvbu+CnV9dwNGPBtbXTnPJZRQE8lzlsx
adlH9U/H2PLhDAp7HmKcq8sZW889Smov+AxM5DKT+FlxTr9xbIhEk3k4zFbpUVDD
rObWUS9PVXduHGaigsclUiZ4hLA/5WpqoulQtSTUMSLNlhYFU6Z56iUyvSSxBNAX
FCns1iLTMZB2kxPVqD7EFvM7cy6dZnekMiP5IiBp7bFtNcJU3TbaYSmMqcr/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqT5sAZtxDnKp8be5L3187luavPQwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTNDAwMzA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvN1U
MA0GCSqGSIb3DQEBCwUAA4IBAQBgrYufLcujbqWTyedydhsEKHAb9Cz0+Hh5DnAG
EHjjFby2tKTZHfworVR4Sf26hskFWSLQvinW3KUdY9XVuDNzvA1ePFH3qwCr6vNw
qMbsFyblrlWqcZ2iswo4uENOWjNfDK903iFtGhUX0MbtszgU4+rlEFkWrjQ2wmqS
smdDtolnua4JaNlTAblYMlFOXlqpaax/SbucmR3XromZYx+x1YTUcJWYv2s+q7gG
tWSng2vMaYdGfGgGq9XlH7Wce14GhAu1seUcyOMgo18IhONjYyZuSg4BXZ4erKlc
cO6I7UC8JvjP8zbtTM3OkZHzZryW1Xw5nUKLNAPCf07PsZB6
-----END CERTIFICATE-----