Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          ML7k083eoB6qy5K4JxyF9SextpPqteyqaQo7FnNBJKU=
Subject key identifier:   07:90:CE:BC:60:E6:CF:AC:77:05:0D:8B:DE:EE:9F:D6:E0:22:2D:01
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1CDEAA6D66F92C77E51936C67C4F299AE4C45130
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa
Signing time:             Fri 20 Feb 2026 12:20:03 +0000
ROA not before:           Fri 20 Feb 2026 12:15:03 +0000
ROA not after:            Fri 19 Feb 2027 12:20:03 +0000
asID:                     399486
IP address blocks:        141.11.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:de:aa:6d:66:f9:2c:77:e5:19:36:c6:7c:4f:29:9a:e4:c4:51:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 20 12:15:03 2026 GMT
            Not After : Feb 19 12:20:03 2027 GMT
        Subject: CN=0790CEBC60E6CFAC77050D8BDEEE9FD6E0222D01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ea:be:52:4d:27:07:19:d2:f1:95:33:e4:e6:
                    47:1f:2c:25:83:b9:8d:b8:a4:75:98:96:69:91:8a:
                    38:9e:fe:09:40:ee:35:9c:76:10:18:64:56:b1:53:
                    c3:eb:cf:46:1e:95:08:ba:9b:9b:44:11:ab:ab:6e:
                    17:e0:4a:bd:19:60:33:04:42:d8:ed:15:9f:45:87:
                    71:ea:3b:3c:44:45:c7:9e:54:26:6c:99:c5:61:a5:
                    6a:38:d9:ee:a3:a2:71:88:0b:79:ba:2e:02:a2:4f:
                    9e:42:02:83:aa:c5:2a:1e:34:e1:b3:b1:74:7f:e4:
                    9d:24:63:d0:b1:4d:d3:40:6c:94:24:1e:3d:28:79:
                    03:20:5d:81:aa:f5:d0:69:f3:22:bb:4e:13:81:b5:
                    1e:cc:13:41:1c:ed:c9:cc:d0:1a:39:d3:c0:be:43:
                    d3:96:f5:19:3e:b7:99:88:17:d0:f3:18:4d:69:68:
                    90:93:75:56:aa:02:7b:d8:3d:f1:e9:11:6e:56:d1:
                    3b:9e:58:3b:b4:f2:d1:84:63:4a:ad:c9:e4:3e:62:
                    c6:bf:98:0a:ed:65:61:5f:2e:4b:58:37:01:b8:8a:
                    6b:de:f6:d9:46:a8:db:d7:2a:44:8f:3a:d4:34:a5:
                    91:ef:e9:4a:fb:1d:d0:f0:62:92:ef:58:a0:56:ce:
                    e6:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:90:CE:BC:60:E6:CF:AC:77:05:0D:8B:DE:EE:9F:D6:E0:22:2D:01
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:90:30:34:a7:28:35:42:33:65:21:3f:a2:df:bf:f3:9a:9c:
         9b:4c:cd:fb:7e:6c:39:bf:be:33:26:d6:ca:56:ee:a1:6a:2f:
         12:cd:c0:b4:50:6c:1d:f5:40:fd:de:66:12:ee:53:64:d9:72:
         7e:ac:77:ec:22:03:f9:e4:6b:25:c6:c0:75:6b:25:a8:60:bc:
         13:8c:03:2e:b9:2c:04:b0:05:d2:48:17:ba:3e:62:62:e4:19:
         73:09:ac:00:7f:bb:c1:b7:57:aa:2f:c3:59:83:57:73:f6:8d:
         a7:ff:de:3e:60:9e:47:ba:28:f6:9d:10:50:68:8e:80:49:d1:
         4a:61:ca:69:a5:ee:6d:d0:fd:73:8d:de:a1:c5:f8:25:ec:5d:
         3e:7a:d2:f9:ba:6f:3f:57:55:b3:03:a9:3c:6a:9a:0a:f3:35:
         1f:e2:4c:b5:61:67:48:b7:d8:93:78:c9:ec:84:21:be:78:08:
         77:e1:e8:7b:c8:26:21:1d:3d:df:ad:d7:69:57:c3:0d:ce:c4:
         4d:30:73:03:e2:7d:6a:f9:5d:a9:14:9f:db:56:49:52:91:5c:
         74:d0:c5:71:8b:83:a2:b4:5a:7a:e4:be:e9:6c:d7:f0:86:d5:
         ed:a9:11:12:ba:85:d2:c0:43:96:8f:d6:bc:91:10:22:38:65:
         9c:8b:17:46
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHN6qbWb5LHflGTbGfE8pmuTEUTAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMjAxMjE1MDNaFw0yNzAyMTkxMjIwMDNaMDMxMTAvBgNV
BAMTKDA3OTBDRUJDNjBFNkNGQUM3NzA1MEQ4QkRFRUU5RkQ2RTAyMjJEMDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCz6r5STScHGdLxlTPk5kcfLCWD
uY24pHWYlmmRijie/glA7jWcdhAYZFaxU8Prz0YelQi6m5tEEaurbhfgSr0ZYDME
QtjtFZ9Fh3HqOzxERceeVCZsmcVhpWo42e6jonGIC3m6LgKiT55CAoOqxSoeNOGz
sXR/5J0kY9CxTdNAbJQkHj0oeQMgXYGq9dBp8yK7ThOBtR7ME0Ec7cnM0Bo508C+
Q9OW9Rk+t5mIF9DzGE1paJCTdVaqAnvYPfHpEW5W0TueWDu08tGEY0qtyeQ+Ysa/
mArtZWFfLktYNwG4imve9tlGqNvXKkSPOtQ0pZHv6Ur7HdDwYpLvWKBWzuZDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUB5DOvGDmz6x3BQ2L3u6f1uAiLQEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsX
MA0GCSqGSIb3DQEBCwUAA4IBAQBhkDA0pyg1QjNlIT+i37/zmpybTM37fmw5v74z
JtbKVu6hai8SzcC0UGwd9UD93mYS7lNk2XJ+rHfsIgP55GslxsB1ayWoYLwTjAMu
uSwEsAXSSBe6PmJi5BlzCawAf7vBt1eqL8NZg1dz9o2n/94+YJ5Huij2nRBQaI6A
SdFKYcpppe5t0P1zjd6hxfgl7F0+etL5um8/V1WzA6k8apoK8zUf4ky1YWdIt9iT
eMnshCG+eAh34eh7yCYhHT3frddpV8MNzsRNMHMD4n1q+V2pFJ/bVklSkVx00MVx
i4OitFp65L7pbNfwhtXtqRESuoXSwEOWj9a8kRAiOGWcixdG
-----END CERTIFICATE-----