Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          94Ya5Z+xxs9AmfxZDUChKA0O3LqCOD3HQRH3C/TUNss=
Subject key identifier:   47:D8:39:E2:64:80:13:E7:31:83:61:0B:16:46:57:30:77:DC:DB:AA
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6DC343614F12205AAD07948F6CEE3A92778F746F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa
Signing time:             Sun 01 Mar 2026 07:40:32 +0000
ROA not before:           Sun 01 Mar 2026 07:35:32 +0000
ROA not after:            Sun 28 Feb 2027 07:40:32 +0000
asID:                     401776
IP address blocks:        46.202.32.0/24 maxlen: 24
                          92.112.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:c3:43:61:4f:12:20:5a:ad:07:94:8f:6c:ee:3a:92:77:8f:74:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  1 07:35:32 2026 GMT
            Not After : Feb 28 07:40:32 2027 GMT
        Subject: CN=47D839E2648013E73183610B1646573077DCDBAA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:4f:1c:cc:f3:fa:a6:44:9e:db:f0:63:89:b1:
                    08:e5:32:f7:71:58:1e:2d:0a:1a:64:f7:b6:ac:eb:
                    76:d5:17:c4:47:90:8d:88:3d:7e:ac:9c:fa:c8:b9:
                    c1:49:4c:5d:0f:b2:d4:43:24:9a:51:29:53:c3:05:
                    f8:82:21:27:ca:4f:01:33:9e:cc:b1:65:9e:dd:08:
                    fc:26:1b:16:b6:13:4a:16:ce:29:24:75:b1:9e:6f:
                    de:ef:09:4c:44:6b:4a:5f:c0:40:49:4b:02:be:22:
                    f8:59:dd:3f:08:27:d8:d2:00:d6:07:0a:ed:09:ee:
                    70:2a:43:66:fe:15:60:e6:9f:86:16:02:3e:06:e1:
                    ce:14:f8:33:f8:aa:d6:28:fd:ab:cc:56:ac:ac:82:
                    c2:59:74:f2:9f:85:b4:f4:1d:0b:ab:94:28:b2:97:
                    76:fb:09:2d:f3:23:0a:24:a9:08:33:fc:3c:c4:55:
                    24:c1:b1:03:da:25:54:af:31:72:84:ef:9e:65:76:
                    e3:f4:11:c5:f1:f0:31:d7:9d:ea:eb:3a:84:8b:e1:
                    9d:04:e9:76:d5:f8:74:ab:b0:8a:05:c7:3d:4a:8e:
                    8c:52:ba:96:35:22:04:99:0c:b6:6e:04:b4:ed:46:
                    69:5d:e4:64:bb:88:40:a0:91:49:78:85:38:cb:d7:
                    54:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D8:39:E2:64:80:13:E7:31:83:61:0B:16:46:57:30:77:DC:DB:AA
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.32.0/24
                  92.112.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:82:03:83:47:ed:6d:8d:c1:b7:5e:73:9a:d6:ba:a6:c8:56:
         1c:61:23:1d:9e:d7:b2:af:16:8b:bc:d3:23:b8:bf:df:ff:e9:
         91:5d:61:ca:37:7a:92:70:60:f0:76:26:a8:82:5e:bd:0b:6e:
         8a:ce:14:e2:fe:b2:5d:cd:38:3c:7f:d1:71:24:c2:c1:13:62:
         63:36:fa:fc:28:67:9d:a5:51:37:fd:a5:08:72:45:b1:b2:e6:
         11:f9:16:44:02:db:8e:97:55:d2:f9:d1:20:bf:c3:d1:ba:b3:
         df:8f:1a:23:66:ed:36:f8:da:ce:37:a3:c9:d0:f7:5c:95:cd:
         a5:49:e5:ea:47:1f:4a:fd:74:16:e4:58:d7:75:4b:fa:36:15:
         f6:0a:b6:53:f6:f6:ce:0d:aa:13:70:71:4d:b5:45:21:44:0a:
         21:dd:7e:c5:57:f0:7e:97:40:d6:d2:00:d9:2e:bb:65:b0:a8:
         66:a8:2f:97:77:d8:01:6d:89:ee:61:b6:50:ff:6e:dd:58:0a:
         a9:db:3a:c9:25:1b:6d:3d:ab:ee:45:ed:cb:78:d7:31:85:b6:
         c4:89:1d:44:bc:10:22:c2:ac:42:ca:85:51:f7:5a:1e:05:82:
         87:fb:d2:34:29:0a:6c:4d:fe:ea:13:14:c1:8e:24:b0:8a:27:
         bc:58:ff:3d
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUbcNDYU8SIFqtB5SPbO46knePdG8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDEwNzM1MzJaFw0yNzAyMjgwNzQwMzJaMDMxMTAvBgNV
BAMTKDQ3RDgzOUUyNjQ4MDEzRTczMTgzNjEwQjE2NDY1NzMwNzdEQ0RCQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwTxzM8/qmRJ7b8GOJsQjlMvdx
WB4tChpk97as63bVF8RHkI2IPX6snPrIucFJTF0PstRDJJpRKVPDBfiCISfKTwEz
nsyxZZ7dCPwmGxa2E0oWzikkdbGeb97vCUxEa0pfwEBJSwK+IvhZ3T8IJ9jSANYH
Cu0J7nAqQ2b+FWDmn4YWAj4G4c4U+DP4qtYo/avMVqysgsJZdPKfhbT0HQurlCiy
l3b7CS3zIwokqQgz/DzEVSTBsQPaJVSvMXKE755lduP0EcXx8DHXnerrOoSL4Z0E
6XbV+HSrsIoFxz1KjoxSupY1IgSZDLZuBLTtRmld5GS7iECgkUl4hTjL11SPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUR9g54mSAE+cxg2ELFkZXMHfc26owHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsog
AwQAXHA4MA0GCSqGSIb3DQEBCwUAA4IBAQBsggODR+1tjcG3XnOa1rqmyFYcYSMd
nteyrxaLvNMjuL/f/+mRXWHKN3qScGDwdiaogl69C26KzhTi/rJdzTg8f9FxJMLB
E2JjNvr8KGedpVE3/aUIckWxsuYR+RZEAtuOl1XS+dEgv8PRurPfjxojZu02+NrO
N6PJ0Pdclc2lSeXqRx9K/XQW5FjXdUv6NhX2CrZT9vbODaoTcHFNtUUhRAoh3X7F
V/B+l0DW0gDZLrtlsKhmqC+Xd9gBbYnuYbZQ/27dWAqp2zrJJRttPavuRe3LeNcx
hbbEiR1EvBAiwqxCyoVR91oeBYKH+9I0KQpsTf7qExTBjiSwiie8WP89
-----END CERTIFICATE-----