Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
File:                     AS402276.roa (raw, json)
Hash identifier:          u+BdcvHuGCLsRKj3/sI7gvkh1H6qN/sJiKn8yu4q/ZU=
Subject key identifier:   9F:2B:00:0A:96:C5:0C:98:D3:E7:E1:E3:41:B4:AF:87:D7:A0:F2:A9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       77EC65527B24A696FE1C1173CF0A56D2F8B6F2A0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
Signing time:             Wed 25 Mar 2026 02:25:49 +0000
ROA not before:           Wed 25 Mar 2026 02:20:49 +0000
ROA not after:            Wed 24 Mar 2027 02:25:49 +0000
asID:                     402276
IP address blocks:        155.117.105.0/24 maxlen: 24
                          167.148.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:ec:65:52:7b:24:a6:96:fe:1c:11:73:cf:0a:56:d2:f8:b6:f2:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 25 02:20:49 2026 GMT
            Not After : Mar 24 02:25:49 2027 GMT
        Subject: CN=9F2B000A96C50C98D3E7E1E341B4AF87D7A0F2A9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:e9:54:73:10:a1:c5:6a:7f:f7:7c:04:15:81:
                    93:20:ec:ba:80:0f:b1:6d:97:00:27:83:71:ba:bb:
                    9a:31:d2:ed:8a:71:39:51:9f:12:99:8b:98:53:f5:
                    05:38:1b:64:fb:f4:a4:ab:10:96:92:fd:d4:2b:1b:
                    5e:31:39:15:dc:fb:9e:c5:29:6b:f7:1b:8a:53:cb:
                    61:8a:e0:75:e0:57:9b:6f:f9:b4:ca:e2:78:da:7b:
                    46:f9:36:19:b0:73:77:bf:7d:5f:0b:38:8c:56:12:
                    d2:80:45:b0:1b:68:1a:e3:54:94:53:de:25:7e:e7:
                    c2:28:64:77:60:08:30:1f:4a:c1:38:cf:27:09:bc:
                    53:18:b0:07:a5:d0:26:2a:7a:be:90:36:43:5f:e0:
                    6d:f8:75:b6:a0:dd:f6:58:21:e6:0e:ba:e4:aa:42:
                    38:8a:fb:d6:16:d4:60:9f:66:13:65:26:23:18:87:
                    22:60:f1:2c:fc:d1:d5:fb:4d:a5:31:c5:81:7a:6c:
                    a2:02:30:33:d9:96:ea:b2:0b:46:d0:a0:c3:32:c6:
                    e8:2a:d3:9e:c2:a0:ae:b0:62:cc:e2:58:c6:73:ab:
                    30:df:75:00:b2:3b:f0:64:51:6f:80:57:19:63:f2:
                    82:9e:d9:44:b6:f2:a2:86:a5:68:62:08:16:4c:4d:
                    01:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:2B:00:0A:96:C5:0C:98:D3:E7:E1:E3:41:B4:AF:87:D7:A0:F2:A9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.105.0/24
                  167.148.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:db:9e:0b:7d:4b:1a:12:bb:28:3b:16:46:0a:8e:b8:01:c5:
         3f:8d:64:21:a7:08:40:a0:49:f7:b3:6c:f2:39:0b:0b:b2:84:
         a1:67:59:49:22:0b:ed:4b:c4:5b:5f:72:5f:d0:12:11:a7:d5:
         e9:14:b5:77:d6:ea:a9:61:82:c9:1f:72:6a:81:03:b5:70:0d:
         07:24:3e:43:f8:92:e0:75:56:6d:e3:6a:88:9c:13:67:26:d7:
         16:d0:4b:06:6b:87:2f:4f:ec:90:6f:79:11:8e:05:41:d5:0e:
         2c:9d:e4:cd:a3:12:ae:7e:76:22:2d:91:9f:7e:56:e8:7f:a3:
         4e:0f:e4:d5:32:99:ae:93:44:68:3b:e8:4f:3a:f2:56:f3:a0:
         a0:f7:17:5b:0f:f7:1e:4c:69:59:55:e6:1c:46:b7:0b:43:1f:
         64:72:ea:50:35:3a:75:89:4c:65:6e:5e:1b:dc:b1:46:d1:b7:
         dc:f5:1c:e8:39:d1:b3:a5:ef:d0:67:7e:9e:ad:64:1e:b8:59:
         8c:3f:8c:4f:a2:ec:ae:90:75:03:ad:5c:45:8b:be:c8:c1:cb:
         29:84:48:b5:39:2f:41:5e:19:b1:01:59:37:e2:99:6b:b6:d3:
         8b:26:9f:51:7a:ad:cf:2f:bc:6c:80:bc:9d:89:7f:92:ac:ff:
         1b:4e:4e:ec
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUd+xlUnskppb+HBFzzwpW0vi28qAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjUwMjIwNDlaFw0yNzAzMjQwMjI1NDlaMDMxMTAvBgNV
BAMTKDlGMkIwMDBBOTZDNTBDOThEM0U3RTFFMzQxQjRBRjg3RDdBMEYyQTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDC6VRzEKHFan/3fAQVgZMg7LqA
D7FtlwAng3G6u5ox0u2KcTlRnxKZi5hT9QU4G2T79KSrEJaS/dQrG14xORXc+57F
KWv3G4pTy2GK4HXgV5tv+bTK4njae0b5Nhmwc3e/fV8LOIxWEtKARbAbaBrjVJRT
3iV+58IoZHdgCDAfSsE4zycJvFMYsAel0CYqer6QNkNf4G34dbag3fZYIeYOuuSq
QjiK+9YW1GCfZhNlJiMYhyJg8Sz80dX7TaUxxYF6bKICMDPZluqyC0bQoMMyxugq
057CoK6wYsziWMZzqzDfdQCyO/BkUW+AVxlj8oKe2US28qKGpWhiCBZMTQFNAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUnysACpbFDJjT5+HjQbSvh9eg8qkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAm3Vp
AwQAp5SVMA0GCSqGSIb3DQEBCwUAA4IBAQBa254LfUsaErsoOxZGCo64AcU/jWQh
pwhAoEn3s2zyOQsLsoShZ1lJIgvtS8RbX3Jf0BIRp9XpFLV31uqpYYLJH3JqgQO1
cA0HJD5D+JLgdVZt42qInBNnJtcW0EsGa4cvT+yQb3kRjgVB1Q4sneTNoxKufnYi
LZGfflbof6NOD+TVMpmuk0RoO+hPOvJW86Cg9xdbD/ceTGlZVeYcRrcLQx9kcupQ
NTp1iUxlbl4b3LFG0bfc9RzoOdGzpe/QZ36erWQeuFmMP4xPouyukHUDrVxFi77I
wcsphEi1OS9BXhmxAVk34plrttOLJp9Req3PL7xsgLydiX+SrP8bTk7s
-----END CERTIFICATE-----