Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS7488.roa
File:                     AS7488.roa (raw, json)
Hash identifier:          EZs2qQBwosuMvmZOC24Tl2IBCawhr1SECrg70V45c5I=
Subject key identifier:   85:D9:75:1D:B1:9E:7A:3C:12:35:45:47:30:8F:8F:98:5C:F5:77:72
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       0A100023ED7825A4A5F171F6E84B1C1A168B40F9
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS7488.roa
Signing time:             Tue 09 Jun 2026 16:57:57 +0000
ROA not before:           Tue 09 Jun 2026 16:52:57 +0000
ROA not after:            Tue 08 Jun 2027 16:57:57 +0000
asID:                     7488
IP address blocks:        141.11.44.0/24 maxlen: 24
                          141.11.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:10:00:23:ed:78:25:a4:a5:f1:71:f6:e8:4b:1c:1a:16:8b:40:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  9 16:52:57 2026 GMT
            Not After : Jun  8 16:57:57 2027 GMT
        Subject: CN=85D9751DB19E7A3C12354547308F8F985CF57772
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:18:81:8e:e4:17:9b:e0:e8:56:c9:38:0c:93:
                    bd:f2:71:d0:bb:9a:4a:a4:d1:5b:9b:52:e5:b9:65:
                    b7:bc:61:2c:1f:fb:b5:a4:c7:f5:a4:b4:43:d1:69:
                    30:82:6d:4c:b6:2a:f4:91:07:37:f0:a0:7d:4f:03:
                    c1:35:68:18:fe:4c:8b:bd:0d:24:70:87:7c:c9:1c:
                    14:44:8e:47:1c:09:22:b6:12:86:08:63:b8:47:22:
                    6b:0c:58:1b:81:53:f0:e3:e3:57:9a:4d:9f:63:5f:
                    87:28:2a:37:b5:2f:f2:1c:b3:b5:06:17:a3:c3:8d:
                    aa:05:0a:2d:fa:c2:9f:0d:9a:90:01:18:a2:c1:e2:
                    96:6d:e6:aa:4a:d7:e8:13:a5:31:9d:f0:e3:78:00:
                    bc:a7:ca:a9:40:f4:af:11:cf:54:d9:c3:a2:bb:b8:
                    3e:eb:70:a4:1e:7f:fc:d5:bd:f8:ea:b2:1d:22:3c:
                    cf:2e:70:10:80:02:aa:6b:47:6d:e2:77:0c:99:22:
                    11:9d:69:b5:36:4c:99:da:e1:cd:26:62:f9:b2:a4:
                    bc:4a:25:d8:ce:fe:24:60:17:f4:6d:d2:72:a8:00:
                    e9:58:c6:83:94:8e:04:5b:99:72:56:6c:ab:f0:ba:
                    b8:df:cd:8b:65:3c:c1:6d:41:ed:ac:62:3f:25:12:
                    44:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:D9:75:1D:B1:9E:7A:3C:12:35:45:47:30:8F:8F:98:5C:F5:77:72
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS7488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.44.0/24
                  141.11.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:0b:e6:84:a9:f2:0e:37:d5:7f:0d:04:07:ab:3c:39:1b:ac:
         0b:d7:9c:31:f2:24:67:f8:07:f5:c4:d7:a1:16:13:b6:1e:f9:
         c9:75:48:97:4b:cb:6b:4b:27:d8:ae:5e:6e:37:76:5d:cd:ba:
         80:bb:ae:08:ff:f0:dc:96:27:b0:4a:b2:a7:63:7c:ce:f6:b6:
         41:cf:97:8f:34:fc:26:e0:d7:84:62:b3:1f:35:f8:40:8d:e0:
         a3:bc:d3:5c:ad:ec:45:dc:72:89:0c:3c:97:ee:53:0e:fd:0f:
         44:01:b0:c6:5c:a7:f3:e6:0b:85:16:50:a6:07:d3:44:88:4c:
         6d:79:d9:84:f4:34:60:c9:f1:5e:98:ce:52:d1:8c:2c:bb:19:
         fe:1b:c0:ff:1c:a8:1f:f2:68:df:b9:a5:ff:e2:7f:43:d8:b5:
         f3:89:ba:b4:da:c4:4a:92:e0:27:66:7d:24:2d:13:78:0a:19:
         bc:b7:09:33:7d:44:bd:da:ef:13:4b:0f:86:06:08:12:ed:9e:
         ee:1d:9e:19:9b:38:50:40:9b:68:3c:65:a6:aa:be:d5:1c:54:
         96:44:97:f7:35:44:b1:21:bf:e1:db:86:d5:0e:60:f3:33:25:
         f5:cd:f6:f2:56:ea:ff:a5:40:df:fc:c1:51:ae:09:0c:88:08:
         4b:08:f5:b2
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUChAAI+14JaSl8XH26EscGhaLQPkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA2MDkxNjUyNTdaFw0yNzA2MDgxNjU3NTdaMDMxMTAvBgNV
BAMTKDg1RDk3NTFEQjE5RTdBM0MxMjM1NDU0NzMwOEY4Rjk4NUNGNTc3NzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaGIGO5Beb4OhWyTgMk73ycdC7
mkqk0VubUuW5Zbe8YSwf+7Wkx/WktEPRaTCCbUy2KvSRBzfwoH1PA8E1aBj+TIu9
DSRwh3zJHBREjkccCSK2EoYIY7hHImsMWBuBU/Dj41eaTZ9jX4coKje1L/Ics7UG
F6PDjaoFCi36wp8NmpABGKLB4pZt5qpK1+gTpTGd8ON4ALynyqlA9K8Rz1TZw6K7
uD7rcKQef/zVvfjqsh0iPM8ucBCAAqprR23idwyZIhGdabU2TJna4c0mYvmypLxK
JdjO/iRgF/Rt0nKoAOlYxoOUjgRbmXJWbKvwurjfzYtlPMFtQe2sYj8lEkQBAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUhdl1HbGeejwSNUVHMI+PmFz1d3IwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNzQ4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAI0LLAME
AI0LLzANBgkqhkiG9w0BAQsFAAOCAQEAfwvmhKnyDjfVfw0EB6s8ORusC9ecMfIk
Z/gH9cTXoRYTth75yXVIl0vLa0sn2K5ebjd2Xc26gLuuCP/w3JYnsEqyp2N8zva2
Qc+XjzT8JuDXhGKzHzX4QI3go7zTXK3sRdxyiQw8l+5TDv0PRAGwxlyn8+YLhRZQ
pgfTRIhMbXnZhPQ0YMnxXpjOUtGMLLsZ/hvA/xyoH/Jo37ml/+J/Q9i184m6tNrE
SpLgJ2Z9JC0TeAoZvLcJM31EvdrvE0sPhgYIEu2e7h2eGZs4UECbaDxlpqq+1RxU
lkSX9zVEsSG/4duG1Q5g8zMl9c328lbq/6VA3/zBUa4JDIgISwj1sg==
-----END CERTIFICATE-----