Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          RFvxCsevrwxa4dp8bFkYcrpLCArF0Q49cVRdtn6rT7k=
Subject key identifier:   0A:B8:89:F5:D0:DB:E5:3E:D6:D7:1E:C5:A3:E2:C5:C3:1F:ED:5D:5E
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       5578F5F4F270E270BBE8FA07F18E86827B97F69C
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS402215.roa
Signing time:             Thu 11 Jun 2026 12:58:49 +0000
ROA not before:           Thu 11 Jun 2026 12:53:49 +0000
ROA not after:            Thu 10 Jun 2027 12:58:49 +0000
asID:                     402215
IP address blocks:        78.105.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:78:f5:f4:f2:70:e2:70:bb:e8:fa:07:f1:8e:86:82:7b:97:f6:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 11 12:53:49 2026 GMT
            Not After : Jun 10 12:58:49 2027 GMT
        Subject: CN=0AB889F5D0DBE53ED6D71EC5A3E2C5C31FED5D5E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:91:57:36:9d:88:ad:dd:3e:e5:d6:58:f0:d1:
                    26:6d:9a:93:dc:51:9b:69:2d:31:2f:6a:c0:5b:ea:
                    87:76:6a:e2:09:52:45:96:01:13:d1:69:6e:86:8a:
                    68:d2:6f:28:9d:5c:5c:a5:fe:a7:d8:e4:95:8b:ff:
                    a1:3f:9a:67:1e:c0:53:0c:aa:57:d8:6d:11:29:1f:
                    94:b3:2e:5a:ad:af:e6:e9:6e:bd:fd:57:94:7b:32:
                    31:42:42:04:37:fe:5a:e6:14:94:bf:09:f4:91:c0:
                    70:e0:55:07:d0:ac:1b:ff:bf:72:8d:59:ca:5a:42:
                    6b:9c:86:2f:ea:61:9f:1c:e5:cf:ed:93:c8:89:10:
                    4e:8d:72:73:49:57:30:c0:ae:78:fe:10:af:6d:95:
                    f5:b4:1b:85:a5:f1:fd:28:6e:e3:d2:ce:c2:73:cf:
                    fc:34:28:27:72:b0:e0:7c:ee:ea:a9:30:84:19:b9:
                    7b:4c:9e:9d:84:6d:17:d1:4b:de:89:29:1a:ef:11:
                    32:af:d5:91:0a:50:a9:95:96:12:8c:ea:77:9f:c1:
                    f7:f8:4f:72:94:7f:c1:a7:43:cb:99:04:cd:c8:08:
                    93:c5:11:3f:60:cb:69:d3:46:d0:d5:2c:96:e9:00:
                    5f:f1:b2:d9:8f:3e:8a:8d:71:8c:48:d6:67:09:d0:
                    b8:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:B8:89:F5:D0:DB:E5:3E:D6:D7:1E:C5:A3:E2:C5:C3:1F:ED:5D:5E
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.105.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:65:23:61:e2:c1:fc:49:50:ad:5f:6d:78:db:4c:3f:3c:8b:
         64:9f:fc:5d:a2:4b:ef:9c:9c:24:bc:ef:ba:32:22:72:57:4c:
         42:1c:d9:05:92:50:6c:21:5e:20:a7:f8:fe:a8:68:00:d6:d5:
         fd:fe:c3:89:59:33:10:32:c4:dc:11:a6:26:dc:c7:ba:bc:88:
         08:c8:ae:3b:34:7d:ce:83:82:67:b3:6f:c4:a1:ba:89:67:1a:
         f4:42:d2:0b:16:71:56:ba:68:0f:a4:b6:35:f6:07:e1:39:cb:
         83:69:65:ca:d1:c9:c3:b5:d6:44:cc:83:24:1c:12:08:53:df:
         64:8c:04:df:34:91:43:b4:bd:da:6d:35:12:7d:d3:5c:8b:4a:
         b7:b8:f2:c3:2c:f3:ba:a2:d1:70:26:a0:0d:a5:09:42:f5:4a:
         7b:04:a7:63:39:3d:b0:60:e4:a5:c2:5a:13:34:10:d7:45:05:
         82:e5:3a:bd:1b:35:48:38:6f:df:f0:0f:64:48:6e:3f:5d:02:
         93:4e:56:fe:50:35:36:55:4f:c4:7e:3d:ad:fd:f9:58:c6:33:
         32:28:50:b4:97:f5:ff:8a:10:e8:ba:db:63:57:30:5a:7c:e3:
         65:48:62:73:4b:8d:ae:55:55:e2:c0:36:bd:82:64:39:8e:d7:
         d9:3f:c7:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVXj19PJw4nC76PoH8Y6GgnuX9pwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTExMjUzNDlaFw0yNzA2MTAxMjU4NDlaMDMxMTAvBgNV
BAMTKDBBQjg4OUY1RDBEQkU1M0VENkQ3MUVDNUEzRTJDNUMzMUZFRDVENUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD7kVc2nYit3T7l1ljw0SZtmpPc
UZtpLTEvasBb6od2auIJUkWWARPRaW6GimjSbyidXFyl/qfY5JWL/6E/mmcewFMM
qlfYbREpH5SzLlqtr+bpbr39V5R7MjFCQgQ3/lrmFJS/CfSRwHDgVQfQrBv/v3KN
WcpaQmuchi/qYZ8c5c/tk8iJEE6NcnNJVzDArnj+EK9tlfW0G4Wl8f0obuPSzsJz
z/w0KCdysOB87uqpMIQZuXtMnp2EbRfRS96JKRrvETKv1ZEKUKmVlhKM6nefwff4
T3KUf8GnQ8uZBM3ICJPFET9gy2nTRtDVLJbpAF/xstmPPoqNcYxI1mcJ0LglAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCriJ9dDb5T7W1x7Fo+LFwx/tXV4wHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATmly
MA0GCSqGSIb3DQEBCwUAA4IBAQBfZSNh4sH8SVCtX21420w/PItkn/xdokvvnJwk
vO+6MiJyV0xCHNkFklBsIV4gp/j+qGgA1tX9/sOJWTMQMsTcEaYm3Me6vIgIyK47
NH3Og4Jns2/EobqJZxr0QtILFnFWumgPpLY19gfhOcuDaWXK0cnDtdZEzIMkHBII
U99kjATfNJFDtL3abTUSfdNci0q3uPLDLPO6otFwJqANpQlC9Up7BKdjOT2wYOSl
wloTNBDXRQWC5Tq9GzVIOG/f8A9kSG4/XQKTTlb+UDU2VU/Efj2t/flYxjMyKFC0
l/X/ihDouttjVzBafONlSGJzS42uVVXiwDa9gmQ5jtfZP8eO
-----END CERTIFICATE-----