Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS401861.roa
File:                     AS401861.roa (raw, json)
Hash identifier:          PE45ncfjKdLhQju7tyuc1hwwBfTaBAdGs1QVK2aHIr4=
Subject key identifier:   21:93:F1:EC:A6:6C:85:00:92:83:57:B3:75:E1:AE:EA:6F:48:BB:52
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       41D6E4241834F61D04C75E641CFB7C1049E39892
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS401861.roa
Signing time:             Tue 07 Apr 2026 08:45:44 +0000
ROA not before:           Tue 07 Apr 2026 08:40:44 +0000
ROA not after:            Tue 06 Apr 2027 08:45:44 +0000
asID:                     401861
IP address blocks:        147.125.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 12:37:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:d6:e4:24:18:34:f6:1d:04:c7:5e:64:1c:fb:7c:10:49:e3:98:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr  7 08:40:44 2026 GMT
            Not After : Apr  6 08:45:44 2027 GMT
        Subject: CN=2193F1ECA66C8500928357B375E1AEEA6F48BB52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:be:65:df:5e:b8:ca:b3:46:c3:83:c3:01:95:
                    e8:6b:b2:c0:56:73:50:21:38:2b:9c:81:4c:0a:2c:
                    f2:58:c0:b0:6c:2f:e3:39:2a:46:b3:b0:1d:cc:ad:
                    36:40:19:f7:05:49:b4:d0:6b:8f:db:3f:b9:e6:41:
                    fc:11:45:5c:09:67:ef:9d:51:88:5a:ca:a9:ed:85:
                    4b:34:65:fa:88:ce:ce:33:70:c2:fe:7c:9a:6b:20:
                    b2:36:a1:97:65:dc:e7:5e:a0:e2:fa:38:e1:2a:e5:
                    e8:10:52:88:fd:db:fc:ee:9d:9c:de:80:e6:bd:90:
                    bc:0b:53:98:d0:42:55:f7:e0:1e:c9:94:86:4d:9b:
                    52:3d:b8:95:8c:52:1e:b9:3e:89:a3:e9:4f:bd:93:
                    9e:99:90:5e:ee:bf:d3:bb:ea:e1:88:2f:e3:4a:ca:
                    7b:1d:ac:97:b4:dc:48:1e:f8:34:18:40:de:61:1f:
                    2d:8b:bc:31:5c:6e:a3:99:47:f3:a0:8b:42:d2:ec:
                    71:bc:4f:27:21:44:8b:66:fa:74:8b:b2:77:fd:31:
                    3b:5c:cb:5b:d8:c7:d5:be:c5:d1:4f:36:b5:94:7c:
                    34:e3:b1:57:a2:ba:b4:b4:1a:67:bc:17:46:41:c7:
                    64:b4:21:c0:59:c0:ba:83:45:11:ad:91:c1:98:6a:
                    a9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:93:F1:EC:A6:6C:85:00:92:83:57:B3:75:E1:AE:EA:6F:48:BB:52
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS401861.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:16:e2:b8:21:20:2e:1e:63:b9:21:19:9a:21:39:83:9d:14:
         73:f8:b2:55:e2:22:f0:c5:5c:79:6d:f6:49:ee:4c:c3:8b:9d:
         ec:8a:1c:7c:f7:a8:8a:62:b9:5e:4e:7c:e0:c9:24:05:3f:de:
         90:e4:bc:e3:c7:53:71:4d:ba:22:bb:46:67:1c:81:76:2f:1d:
         18:71:06:28:a2:30:8e:c9:33:6f:20:44:24:e2:c1:cd:ee:a5:
         6d:e2:19:f9:9b:8a:7c:1d:dd:e9:a7:dd:21:2a:38:50:b5:52:
         ef:99:56:4c:79:ab:03:49:d4:d7:7a:db:59:29:9c:67:8e:cc:
         61:eb:f8:fb:c4:07:0f:4d:82:39:bb:73:9d:40:db:5d:ce:bc:
         1d:83:16:d6:e6:69:7f:1d:7a:0e:3d:31:26:c2:0d:60:3b:68:
         88:40:55:a5:6f:4e:99:49:68:9b:19:6d:07:ff:ba:6c:df:9d:
         e1:aa:f3:82:a8:fc:ae:11:21:b6:af:3d:f2:8a:61:75:b7:8b:
         b9:7e:5d:d8:6d:09:2f:60:a1:3d:e7:93:91:3e:d7:27:45:3c:
         69:bc:55:7d:cb:c5:c0:16:3d:d3:cf:6a:8e:37:c5:de:60:1f:
         ee:9f:d2:a0:89:a6:d7:39:4f:81:ac:69:43:03:38:b6:16:a9:
         27:98:1e:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUQdbkJBg09h0Ex15kHPt8EEnjmJIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MDcwODQwNDRaFw0yNzA0MDYwODQ1NDRaMDMxMTAvBgNV
BAMTKDIxOTNGMUVDQTY2Qzg1MDA5MjgzNTdCMzc1RTFBRUVBNkY0OEJCNTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFvmXfXrjKs0bDg8MBlehrssBW
c1AhOCucgUwKLPJYwLBsL+M5KkazsB3MrTZAGfcFSbTQa4/bP7nmQfwRRVwJZ++d
UYhayqnthUs0ZfqIzs4zcML+fJprILI2oZdl3OdeoOL6OOEq5egQUoj92/zunZze
gOa9kLwLU5jQQlX34B7JlIZNm1I9uJWMUh65Pomj6U+9k56ZkF7uv9O76uGIL+NK
ynsdrJe03Ege+DQYQN5hHy2LvDFcbqOZR/Ogi0LS7HG8TychRItm+nSLsnf9MTtc
y1vYx9W+xdFPNrWUfDTjsVeiurS0Gme8F0ZBx2S0IcBZwLqDRRGtkcGYaqlvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUIZPx7KZshQCSg1ezdeGu6m9Iu1IwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTNDAxODYxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk32C
MA0GCSqGSIb3DQEBCwUAA4IBAQAzFuK4ISAuHmO5IRmaITmDnRRz+LJV4iLwxVx5
bfZJ7kzDi53sihx896iKYrleTnzgySQFP96Q5Lzjx1NxTboiu0ZnHIF2Lx0YcQYo
ojCOyTNvIEQk4sHN7qVt4hn5m4p8Hd3pp90hKjhQtVLvmVZMeasDSdTXettZKZxn
jsxh6/j7xAcPTYI5u3OdQNtdzrwdgxbW5ml/HXoOPTEmwg1gO2iIQFWlb06ZSWib
GW0H/7ps353hqvOCqPyuESG2rz3yimF1t4u5fl3YbQkvYKE955ORPtcnRTxpvFV9
y8XAFj3Tz2qON8XeYB/un9KgiabXOU+BrGlDAzi2FqknmB4J
-----END CERTIFICATE-----