Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa
File:                     AS397630.roa (raw, json)
Hash identifier:          6Rm0KUi644vkN0aNJzNDejATD21NE5RFggC4zYHuP9U=
Subject key identifier:   E9:D7:E0:83:99:43:68:57:EF:67:22:89:CD:8C:31:61:6A:39:82:AA
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7D1D1CCFEB86884DC9E0391EC6A7A2C16ACBC529
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa
Signing time:             Fri 10 Oct 2025 12:26:56 +0000
ROA not before:           Fri 10 Oct 2025 12:21:56 +0000
ROA not after:            Fri 09 Oct 2026 12:26:56 +0000
asID:                     397630
IP address blocks:        143.14.188.0/24 maxlen: 24
                          150.241.136.0/24 maxlen: 24
                          155.117.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 09:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7d:1d:1c:cf:eb:86:88:4d:c9:e0:39:1e:c6:a7:a2:c1:6a:cb:c5:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 10 12:21:56 2025 GMT
            Not After : Oct  9 12:26:56 2026 GMT
        Subject: CN=E9D7E08399436857EF672289CD8C31616A3982AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d9:a0:0b:89:94:af:a9:3f:c0:9e:6e:33:8f:
                    00:22:de:aa:f6:97:dc:62:52:22:44:e4:35:93:83:
                    4f:bc:44:71:f5:d0:2f:b6:77:c2:3a:31:2f:08:56:
                    0f:50:3f:c8:0f:4e:a0:1e:01:ca:5e:3b:0c:14:8f:
                    cf:f3:41:2a:1a:b3:1c:02:17:05:04:92:f1:73:24:
                    91:7d:71:fe:4c:8c:e4:4e:df:38:37:46:e3:fd:e6:
                    63:e0:4b:ec:e2:57:b5:a3:ff:37:39:4a:07:dd:3f:
                    06:f1:1f:01:67:c0:a8:7a:a0:eb:f4:b0:46:01:35:
                    68:a2:db:fa:ce:84:a0:29:47:9e:9e:d9:fb:49:4f:
                    33:94:40:fc:eb:b2:1a:11:3c:7a:16:15:f7:46:98:
                    aa:2b:46:de:78:2b:48:4f:ea:a4:bb:a0:47:a8:2e:
                    b8:0b:98:14:7e:8e:05:68:f6:ca:04:14:ee:81:fb:
                    6c:9e:83:2b:68:83:84:af:09:40:e8:9f:a9:2e:cf:
                    2e:75:d1:48:5f:fa:63:a4:31:47:55:be:42:b7:fd:
                    cb:4f:6a:01:0e:4d:92:cb:3c:d1:ab:29:58:2a:7e:
                    72:a3:8e:fb:4e:77:f7:12:39:b9:77:d5:af:3a:03:
                    f0:88:d7:83:4c:ca:19:42:74:6f:38:26:ec:ae:66:
                    b7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:D7:E0:83:99:43:68:57:EF:67:22:89:CD:8C:31:61:6A:39:82:AA
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS397630.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.188.0/24
                  150.241.136.0/24
                  155.117.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:09:ac:08:d2:b4:ed:94:17:82:bf:ae:ed:91:61:13:fd:33:
         63:dd:30:b7:c3:79:72:83:ad:c3:83:35:f6:cd:6e:f2:95:13:
         27:af:1e:1a:15:0c:23:2e:94:48:f8:6e:84:3c:3d:64:f1:a1:
         9f:61:e2:32:9f:c8:02:53:52:c0:75:43:70:6d:09:7b:51:85:
         1c:d9:5d:81:2f:4e:d9:b6:51:a0:3f:5f:f5:7a:a4:2a:07:9f:
         d9:e0:5f:75:a7:e6:5b:f7:14:ed:7d:dd:b1:8c:78:69:b3:81:
         b3:ed:d3:0b:27:ff:5b:ca:bb:62:16:de:cc:f3:21:5d:89:84:
         a0:a5:8f:86:1f:3d:b3:e9:97:0b:db:18:8a:51:e0:c3:f8:19:
         13:01:9c:69:7a:bf:91:81:0c:30:7a:92:83:ae:4d:c5:b4:59:
         ff:da:ec:88:c7:58:95:86:1e:d9:72:23:9a:fa:61:11:84:13:
         a6:d5:d5:bd:d5:19:23:6d:c7:85:14:5d:c9:1a:d8:95:f9:1d:
         a4:d4:d8:cb:e6:4d:89:6c:41:a4:92:0e:a7:b3:20:a2:7a:55:
         02:d8:7a:e9:66:4f:83:49:9c:b7:c1:8d:53:44:8b:d3:91:b0:
         32:12:3b:07:26:db:94:90:5e:76:3a:eb:fc:bf:0b:47:4c:e8:
         25:c8:6f:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUfR0cz+uGiE3J4DkexqeiwWrLxSkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTAxMjIxNTZaFw0yNjEwMDkxMjI2NTZaMDMxMTAvBgNV
BAMTKEU5RDdFMDgzOTk0MzY4NTdFRjY3MjI4OUNEOEMzMTYxNkEzOTgyQUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJ2aALiZSvqT/Anm4zjwAi3qr2
l9xiUiJE5DWTg0+8RHH10C+2d8I6MS8IVg9QP8gPTqAeAcpeOwwUj8/zQSoasxwC
FwUEkvFzJJF9cf5MjORO3zg3RuP95mPgS+ziV7Wj/zc5SgfdPwbxHwFnwKh6oOv0
sEYBNWii2/rOhKApR56e2ftJTzOUQPzrshoRPHoWFfdGmKorRt54K0hP6qS7oEeo
LrgLmBR+jgVo9soEFO6B+2yegytog4SvCUDon6kuzy510Uhf+mOkMUdVvkK3/ctP
agEOTZLLPNGrKVgqfnKjjvtOd/cSObl31a86A/CI14NMyhlCdG84JuyuZreRAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU6dfgg5lDaFfvZyKJzYwxYWo5gqowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk3NjMwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw68
AwQAlvGIAwQAm3VRMA0GCSqGSIb3DQEBCwUAA4IBAQA2CawI0rTtlBeCv67tkWET
/TNj3TC3w3lyg63DgzX2zW7ylRMnrx4aFQwjLpRI+G6EPD1k8aGfYeIyn8gCU1LA
dUNwbQl7UYUc2V2BL07ZtlGgP1/1eqQqB5/Z4F91p+Zb9xTtfd2xjHhps4Gz7dML
J/9byrtiFt7M8yFdiYSgpY+GHz2z6ZcL2xiKUeDD+BkTAZxper+RgQwwepKDrk3F
tFn/2uyIx1iVhh7ZciOa+mERhBOm1dW91RkjbceFFF3JGtiV+R2k1NjL5k2JbEGk
kg6nsyCielUC2HrpZk+DSZy3wY1TRIvTkbAyEjsHJtuUkF52Ouv8vwtHTOglyG/C
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:52:57 2025 by rpki-client