Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
File:                     AS400866.roa (raw, json)
Hash identifier:          FS+w02qLWSujqIMWklND5D73py6uCro6Lh1dcggkKcw=
Subject key identifier:   4F:4B:3B:C7:0E:86:41:B3:89:5E:6B:D1:65:EE:76:7B:20:BC:51:42
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       5EED04238A08D885B60FE32EB1EACCB99685D954
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa
Signing time:             Fri 10 Apr 2026 01:47:05 +0000
ROA not before:           Fri 10 Apr 2026 01:42:05 +0000
ROA not after:            Fri 09 Apr 2027 01:47:05 +0000
asID:                     400866
IP address blocks:        141.11.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:02:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5e:ed:04:23:8a:08:d8:85:b6:0f:e3:2e:b1:ea:cc:b9:96:85:d9:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 10 01:42:05 2026 GMT
            Not After : Apr  9 01:47:05 2027 GMT
        Subject: CN=4F4B3BC70E8641B3895E6BD165EE767B20BC5142
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:b1:5d:7a:a1:70:ce:bd:67:b6:17:a6:21:5d:
                    b0:a8:80:d9:2b:e5:e3:e5:ac:66:6c:06:1e:fd:74:
                    3e:3b:57:0e:37:a8:65:6c:e8:22:da:92:b8:e2:6e:
                    93:8f:d0:75:da:80:05:be:bd:cb:0f:ff:28:9e:8b:
                    60:26:d1:39:d9:85:f7:24:20:9c:4c:66:a7:2d:48:
                    0e:a5:2f:23:a7:b4:b3:ff:bc:8f:7f:21:93:1f:f9:
                    02:11:62:84:6f:a4:e9:ba:11:24:0a:cd:91:78:0a:
                    10:a5:87:65:85:68:7e:e1:4e:c5:df:e0:fb:e4:d9:
                    63:a9:c4:30:61:37:56:54:c0:ed:23:e9:1e:b4:36:
                    33:de:dc:f2:58:3f:b8:97:dc:e9:22:3f:f6:cd:67:
                    be:e5:a2:f1:f2:57:76:05:a5:dc:a8:2d:8e:cb:e0:
                    56:5b:93:6a:06:e0:e0:43:a0:0e:d8:47:16:0a:81:
                    93:a4:21:e5:e2:c8:c7:6d:3e:cc:b8:8d:ed:e8:95:
                    95:de:6b:04:eb:3c:df:c3:e7:b8:cf:5e:bc:f6:83:
                    0b:ad:0f:fb:3a:79:d6:e3:42:2e:e9:57:30:ab:f7:
                    4a:d9:b4:d2:33:5c:32:59:6a:cf:31:da:4b:2f:f8:
                    02:3e:b8:63:9e:02:a2:2c:60:c0:3b:bb:20:9f:1d:
                    ad:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:4B:3B:C7:0E:86:41:B3:89:5E:6B:D1:65:EE:76:7B:20:BC:51:42
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS400866.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:62:af:a6:34:af:c2:01:3e:cf:fd:7a:75:c5:a2:c0:54:a1:
         44:e8:11:f8:43:f9:9a:c9:70:f7:23:5e:f2:ae:78:96:70:93:
         6f:2f:1b:8d:56:e3:1b:ea:00:2a:55:96:56:38:72:29:fb:3f:
         54:c1:40:20:3d:56:32:c1:04:14:55:d4:b8:ee:6f:d8:47:7e:
         dc:50:2c:c3:47:e2:74:42:dc:ab:96:2a:d8:62:71:d4:ed:99:
         eb:a1:1b:bb:37:ed:f6:dc:a8:d6:df:a5:07:ca:64:c6:8d:43:
         c2:e4:cb:2a:5f:8b:9b:1a:e2:19:be:7b:8f:e4:25:75:f7:23:
         8e:41:81:26:ea:cd:7b:6d:d3:4b:1f:4e:06:02:d0:ad:7a:cb:
         68:ff:8a:ce:05:24:f3:0f:c9:7c:ff:02:68:2c:60:08:14:c1:
         ff:d0:10:e0:d1:1d:6f:58:56:a6:29:ef:e6:0d:f3:fd:0b:10:
         f4:b6:52:c7:32:6d:ec:e8:2e:21:d2:92:a3:40:93:bf:14:24:
         a2:57:69:3f:26:bd:dc:bd:cf:f6:f1:6e:9f:66:88:31:1d:aa:
         78:15:b1:04:9e:82:e9:7b:1d:cc:46:4e:df:ed:cb:3b:ec:a0:
         d4:a6:3d:69:01:57:3a:29:0c:62:9e:63:c1:72:57:96:b7:d3:
         a0:11:38:79
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXu0EI4oI2IW2D+MuserMuZaF2VQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MTAwMTQyMDVaFw0yNzA0MDkwMTQ3MDVaMDMxMTAvBgNV
BAMTKDRGNEIzQkM3MEU4NjQxQjM4OTVFNkJEMTY1RUU3NjdCMjBCQzUxNDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDmsV16oXDOvWe2F6YhXbCogNkr
5ePlrGZsBh79dD47Vw43qGVs6CLakrjibpOP0HXagAW+vcsP/yiei2Am0TnZhfck
IJxMZqctSA6lLyOntLP/vI9/IZMf+QIRYoRvpOm6ESQKzZF4ChClh2WFaH7hTsXf
4Pvk2WOpxDBhN1ZUwO0j6R60NjPe3PJYP7iX3OkiP/bNZ77lovHyV3YFpdyoLY7L
4FZbk2oG4OBDoA7YRxYKgZOkIeXiyMdtPsy4je3olZXeawTrPN/D57jPXrz2gwut
D/s6edbjQi7pVzCr90rZtNIzXDJZas8x2ksv+AI+uGOeAqIsYMA7uyCfHa3nAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUT0s7xw6GQbOJXmvRZe52eyC8UUIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAwODY2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsd
MA0GCSqGSIb3DQEBCwUAA4IBAQAPYq+mNK/CAT7P/Xp1xaLAVKFE6BH4Q/mayXD3
I17yrniWcJNvLxuNVuMb6gAqVZZWOHIp+z9UwUAgPVYywQQUVdS47m/YR37cUCzD
R+J0QtyrlirYYnHU7ZnroRu7N+323KjW36UHymTGjUPC5MsqX4ubGuIZvnuP5CV1
9yOOQYEm6s17bdNLH04GAtCtesto/4rOBSTzD8l8/wJoLGAIFMH/0BDg0R1vWFam
Ke/mDfP9CxD0tlLHMm3s6C4h0pKjQJO/FCSiV2k/Jr3cvc/28W6fZogxHap4FbEE
noLpex3MRk7f7cs77KDUpj1pAVc6KQxinmPBcleWt9OgETh5
-----END CERTIFICATE-----