Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          KQ+aIZomXaMrUH8I1x1+S8b65ttAHYLFosiOwhXVZTQ=
Subject key identifier:   9A:08:B9:56:9C:EA:65:ED:31:0B:7F:20:C1:99:8F:D2:96:43:4D:18
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       62344E1CCEFCE0A66F304C37B6757188EA39A2FC
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa
Signing time:             Wed 28 Jan 2026 05:19:24 +0000
ROA not before:           Wed 28 Jan 2026 05:14:24 +0000
ROA not after:            Wed 27 Jan 2027 05:19:24 +0000
asID:                     401776
IP address blocks:        143.20.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:34:4e:1c:ce:fc:e0:a6:6f:30:4c:37:b6:75:71:88:ea:39:a2:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jan 28 05:14:24 2026 GMT
            Not After : Jan 27 05:19:24 2027 GMT
        Subject: CN=9A08B9569CEA65ED310B7F20C1998FD296434D18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d7:6f:d8:2d:a0:0c:29:ce:2c:2f:2a:59:54:
                    df:a4:03:26:17:ad:0c:86:53:b3:6e:b1:b5:69:0b:
                    50:3b:07:ae:6a:d8:c3:f6:ad:a4:6d:54:f0:3a:2c:
                    17:65:21:8f:ee:37:2c:8e:71:32:2e:8d:06:66:d7:
                    26:89:60:6e:fa:70:7c:52:f9:5e:3d:05:d5:0d:3d:
                    aa:81:58:c9:d4:1d:ca:02:43:57:71:f2:41:14:54:
                    59:d1:52:82:3c:4e:73:d8:6c:8a:37:d9:7a:12:86:
                    d8:72:10:2a:6b:91:b7:99:da:48:ff:7b:fb:43:5e:
                    c5:2a:3c:9d:29:1e:04:9f:a4:35:74:24:db:da:f0:
                    f0:70:47:a9:90:be:bd:14:9f:74:1b:81:1c:7e:39:
                    ad:7b:7f:38:d2:e1:57:d7:0f:df:67:49:a9:98:71:
                    75:31:22:07:89:21:fb:4f:29:b6:33:c0:41:de:87:
                    e4:4f:94:70:c4:33:2b:f3:88:68:99:b4:ff:98:3f:
                    6b:ad:69:8e:72:d4:c6:05:60:57:f8:2d:5f:51:a0:
                    46:c7:4b:bd:ed:e8:59:ff:7b:e3:e3:a3:7d:cc:c5:
                    24:1a:37:6b:5e:92:df:5f:4b:13:7a:00:41:c6:c7:
                    81:ab:b9:7b:21:83:6c:9a:f2:9d:47:b0:49:fd:01:
                    54:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:08:B9:56:9C:EA:65:ED:31:0B:7F:20:C1:99:8F:D2:96:43:4D:18
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:fb:01:c5:5f:3c:11:a6:88:cb:5f:50:3c:0a:e4:cd:80:3e:
         7a:c3:9a:ab:da:fc:4e:61:72:af:1a:ae:f7:40:1d:24:a2:f2:
         67:f5:43:06:84:ec:93:ca:c0:6d:4b:f5:9a:5d:0d:95:d7:9f:
         99:ee:2d:81:d7:27:21:9d:0b:61:da:0d:21:a9:ca:ed:82:84:
         79:4a:a1:b6:4a:06:01:0b:a4:d6:10:c0:b6:db:a1:8a:be:2b:
         36:22:6f:b9:83:a9:fc:97:49:1d:17:40:5c:7f:06:29:e5:97:
         bc:50:c5:fa:af:c7:79:20:4e:6e:3e:06:3d:8f:0f:84:27:95:
         60:17:50:79:c7:f5:f0:2e:8e:03:a4:24:c8:03:f0:e0:e8:e8:
         f1:f4:bd:8f:00:6c:08:9d:a5:e0:68:0d:be:55:8e:17:fa:f9:
         fe:25:52:a4:0a:80:29:1c:03:ed:e5:89:5f:79:79:23:ab:12:
         ca:7c:3d:ae:88:dc:44:e8:90:5c:82:98:bb:0b:b9:20:4b:3a:
         c5:02:c4:1d:31:d2:6e:f9:24:10:13:90:87:fc:0d:7d:52:19:
         3b:2f:63:cd:2b:d8:e0:ea:bf:a2:68:85:1f:0e:6e:a4:26:5f:
         6b:a2:cf:4c:e0:6e:75:e6:6f:6d:8e:b4:3a:57:cb:22:2e:3f:
         75:2b:d4:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYjROHM784KZvMEw3tnVxiOo5ovwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjAxMjgwNTE0MjRaFw0yNzAxMjcwNTE5MjRaMDMxMTAvBgNV
BAMTKDlBMDhCOTU2OUNFQTY1RUQzMTBCN0YyMEMxOTk4RkQyOTY0MzREMTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd12/YLaAMKc4sLypZVN+kAyYX
rQyGU7NusbVpC1A7B65q2MP2raRtVPA6LBdlIY/uNyyOcTIujQZm1yaJYG76cHxS
+V49BdUNPaqBWMnUHcoCQ1dx8kEUVFnRUoI8TnPYbIo32XoShthyECprkbeZ2kj/
e/tDXsUqPJ0pHgSfpDV0JNva8PBwR6mQvr0Un3QbgRx+Oa17fzjS4VfXD99nSamY
cXUxIgeJIftPKbYzwEHeh+RPlHDEMyvziGiZtP+YP2utaY5y1MYFYFf4LV9RoEbH
S73t6Fn/e+Pjo33MxSQaN2tekt9fSxN6AEHGx4GruXshg2ya8p1HsEn9AVQ/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmgi5VpzqZe0xC38gwZmP0pZDTRgwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjxQH
MA0GCSqGSIb3DQEBCwUAA4IBAQB0+wHFXzwRpojLX1A8CuTNgD56w5qr2vxOYXKv
Gq73QB0kovJn9UMGhOyTysBtS/WaXQ2V15+Z7i2B1ychnQth2g0hqcrtgoR5SqG2
SgYBC6TWEMC226GKvis2Im+5g6n8l0kdF0BcfwYp5Ze8UMX6r8d5IE5uPgY9jw+E
J5VgF1B5x/XwLo4DpCTIA/Dg6Ojx9L2PAGwInaXgaA2+VY4X+vn+JVKkCoApHAPt
5YlfeXkjqxLKfD2uiNxE6JBcgpi7C7kgSzrFAsQdMdJu+SQQE5CH/A19Uhk7L2PN
K9jg6r+iaIUfDm6kJl9ros9M4G515m9tjrQ6V8siLj91K9RQ
-----END CERTIFICATE-----