Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
File:                     AS15440.roa (raw, json)
Hash identifier:          ro00dCt4108TIzqz1/To1qHVgeLAhAFif9xl9Sz8XJY=
Subject key identifier:   F2:88:F9:24:30:45:5D:EC:96:8A:D1:DE:36:8B:6C:D2:29:3B:68:00
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       75DCCB78EBB52CD5278261803D6832F7A7E9D8D1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa
Signing time:             Wed 06 May 2026 00:03:54 +0000
ROA not before:           Tue 05 May 2026 23:58:54 +0000
ROA not after:            Wed 05 May 2027 00:03:54 +0000
asID:                     15440
IP address blocks:        146.103.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 17:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:dc:cb:78:eb:b5:2c:d5:27:82:61:80:3d:68:32:f7:a7:e9:d8:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  5 23:58:54 2026 GMT
            Not After : May  5 00:03:54 2027 GMT
        Subject: CN=F288F92430455DEC968AD1DE368B6CD2293B6800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:06:67:8e:ca:ec:d7:35:57:24:bf:08:76:11:
                    df:4f:09:37:c9:5d:e8:ae:3a:ba:25:25:ad:84:6a:
                    63:74:64:4f:bb:a4:ee:34:21:82:0d:4a:33:c8:49:
                    a0:b0:d1:32:f8:ba:cc:54:86:f6:e0:3e:39:58:fe:
                    80:a5:5b:4c:08:c7:96:fb:2f:1a:41:2a:27:f4:b3:
                    ec:df:4e:6b:57:85:44:6b:b1:4c:68:fc:a9:c8:2e:
                    bf:39:5a:f2:bc:9c:73:8d:18:c2:fb:9f:cd:e2:a6:
                    1f:c6:d4:5c:b6:db:2f:b7:35:a1:82:41:2f:b4:b6:
                    79:00:4a:00:dd:7a:da:91:e6:82:91:d5:47:38:9b:
                    f6:a9:8e:00:49:93:ce:66:67:63:cb:2c:5b:32:8c:
                    85:ff:2f:e7:98:94:62:4b:bd:fe:14:53:b0:93:b4:
                    f4:7b:20:1d:d5:26:7a:ca:a0:27:23:c1:a3:a6:e0:
                    75:0f:40:5a:36:c9:5b:09:c8:70:0b:7d:cf:31:3b:
                    ee:2f:ea:83:eb:c2:87:d8:4c:8e:c2:c4:a9:f6:05:
                    44:e7:24:4a:b4:eb:3b:d6:e9:dd:70:f9:10:95:c2:
                    5a:be:83:07:b4:c1:4c:3b:0f:ea:ed:b8:45:b5:5f:
                    0b:6d:3c:e0:ea:61:55:72:f7:49:8e:c5:6a:2b:51:
                    3c:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:88:F9:24:30:45:5D:EC:96:8A:D1:DE:36:8B:6C:D2:29:3B:68:00
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS15440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:0e:1d:1c:59:44:41:48:f3:9a:2d:a8:d6:e1:12:3b:33:7c:
         91:05:30:ce:e9:53:db:d4:b3:37:6b:6e:f2:8e:4e:b0:c7:f8:
         48:17:1d:9f:fb:e6:58:6a:59:e9:43:1b:e2:16:43:73:e5:5e:
         c8:4b:76:b9:dd:46:bf:76:b5:58:95:1a:f2:81:44:80:e9:c9:
         c5:89:54:21:1b:36:fd:76:fb:ae:77:45:d8:ab:ee:d4:60:ce:
         3c:d6:9c:b0:00:47:20:7c:ca:19:2c:0d:15:47:d9:67:f9:51:
         6b:c3:53:28:0b:5a:c3:cf:e7:91:6e:5a:fe:4d:c3:96:d7:14:
         8b:5e:3e:1c:6c:75:ed:35:b8:39:06:0d:f0:d2:08:cd:36:65:
         49:ba:84:c4:47:56:5f:72:02:53:9b:cc:83:03:ef:ed:80:4a:
         a1:5d:58:d6:6c:3c:b8:81:6c:6f:bb:ac:5b:90:ff:5d:24:86:
         e2:cd:d1:17:72:29:62:02:22:5b:1a:8f:c9:2b:bd:e8:e0:29:
         47:f3:98:20:30:83:5d:77:2a:1e:ec:62:d7:29:e5:1e:1f:37:
         3d:cb:1b:55:ef:d4:e0:7f:6b:2a:a8:72:6c:25:80:68:20:f0:
         de:39:cb:b8:df:dd:eb:0f:93:d4:3a:4a:dc:fa:f2:e5:61:8e:
         a3:f4:e9:91
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUddzLeOu1LNUngmGAPWgy96fp2NEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MDUyMzU4NTRaFw0yNzA1MDUwMDAzNTRaMDMxMTAvBgNV
BAMTKEYyODhGOTI0MzA0NTVERUM5NjhBRDFERTM2OEI2Q0QyMjkzQjY4MDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxBmeOyuzXNVckvwh2Ed9PCTfJ
XeiuOrolJa2EamN0ZE+7pO40IYINSjPISaCw0TL4usxUhvbgPjlY/oClW0wIx5b7
LxpBKif0s+zfTmtXhURrsUxo/KnILr85WvK8nHONGML7n83iph/G1Fy22y+3NaGC
QS+0tnkASgDdetqR5oKR1Uc4m/apjgBJk85mZ2PLLFsyjIX/L+eYlGJLvf4UU7CT
tPR7IB3VJnrKoCcjwaOm4HUPQFo2yVsJyHALfc8xO+4v6oPrwofYTI7CxKn2BUTn
JEq06zvW6d1w+RCVwlq+gwe0wUw7D+rtuEW1XwttPODqYVVy90mOxWorUTx/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU8oj5JDBFXeyWitHeNots0ik7aAAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTU0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZyYw
DQYJKoZIhvcNAQELBQADggEBADYOHRxZREFI85otqNbhEjszfJEFMM7pU9vUszdr
bvKOTrDH+EgXHZ/75lhqWelDG+IWQ3PlXshLdrndRr92tViVGvKBRIDpycWJVCEb
Nv12+653Rdir7tRgzjzWnLAARyB8yhksDRVH2Wf5UWvDUygLWsPP55FuWv5Nw5bX
FItePhxsde01uDkGDfDSCM02ZUm6hMRHVl9yAlObzIMD7+2ASqFdWNZsPLiBbG+7
rFuQ/10khuLN0RdyKWICIlsaj8krvejgKUfzmCAwg113Kh7sYtcp5R4fNz3LG1Xv
1OB/ayqocmwlgGgg8N45y7jf3esPk9Q6Stz68uVhjqP06ZE=
-----END CERTIFICATE-----