Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
File:                     AS984.roa (raw, json)
Hash identifier:          Mypve2qqxyXZh8YzNEPzH11L9xECrgve7qJIf6kdcHo=
Subject key identifier:   37:8B:DD:BF:0E:02:F7:FD:86:76:AF:FF:31:F4:B5:F4:96:7E:94:9A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4EACAA1FB166C537751F6D15213E8EDF767DFA20
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa
Signing time:             Wed 18 Mar 2026 07:34:24 +0000
ROA not before:           Wed 18 Mar 2026 07:29:24 +0000
ROA not after:            Wed 17 Mar 2027 07:34:24 +0000
asID:                     984
IP address blocks:        162.141.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 00:55:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:ac:aa:1f:b1:66:c5:37:75:1f:6d:15:21:3e:8e:df:76:7d:fa:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 18 07:29:24 2026 GMT
            Not After : Mar 17 07:34:24 2027 GMT
        Subject: CN=378BDDBF0E02F7FD8676AFFF31F4B5F4967E949A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:53:b6:cb:3c:cb:70:c2:65:7f:a0:c4:c5:6a:
                    ba:36:fd:ea:db:33:de:5b:f2:93:42:27:90:8a:98:
                    5b:fd:f9:0f:5c:02:1a:f3:2d:01:fa:44:06:c1:f7:
                    54:0d:e8:be:32:a2:77:76:6c:c2:97:97:df:2a:ac:
                    25:a5:f7:69:05:db:a4:44:36:21:35:c6:ec:52:96:
                    9c:99:75:85:f5:27:b6:7d:75:ff:c0:a8:82:07:43:
                    58:5c:2f:a8:57:d0:52:b2:42:42:81:c1:9e:aa:ce:
                    0e:bd:f5:ac:3c:f7:e7:2a:c5:70:1e:7b:11:8b:c3:
                    72:4b:ac:e8:4a:80:49:e6:2c:72:87:bd:3a:99:c1:
                    cf:9b:f0:2b:ed:b2:c9:27:ad:ff:5e:b0:80:ff:ee:
                    f8:f8:40:b5:47:24:d0:9a:7a:9f:c9:9b:9a:d4:99:
                    10:ce:b3:87:b9:6b:62:5c:11:f7:59:c3:5e:e0:7e:
                    ff:58:e5:6d:6a:7a:6e:46:cf:6c:00:b7:cc:94:9a:
                    2b:a6:dd:09:d1:ab:5e:ef:80:3b:09:64:8d:8e:f8:
                    a7:4c:d3:d5:d5:90:fe:aa:83:f2:56:3e:d6:a3:71:
                    f8:31:fb:91:ec:e1:65:47:36:7d:30:27:56:a1:07:
                    2b:6a:8b:11:97:5c:8c:f0:87:3d:ff:49:9f:ef:81:
                    88:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:8B:DD:BF:0E:02:F7:FD:86:76:AF:FF:31:F4:B5:F4:96:7E:94:9A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS984.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:6e:47:74:b0:f2:f1:16:b0:8f:7e:20:41:03:57:28:c3:a1:
         36:ae:b4:b1:4f:8b:12:dc:b6:d1:ee:60:d6:9f:a9:23:68:4c:
         a2:42:42:71:7a:d6:e6:bd:87:16:c3:ab:99:3f:fc:8e:89:a1:
         21:92:36:79:15:54:01:36:c4:06:61:52:f6:75:49:17:96:18:
         45:3e:b0:0c:07:f1:1b:ac:a0:66:58:5b:ea:35:a5:09:b4:42:
         8d:25:57:00:28:e6:ee:52:18:35:12:93:d0:73:60:ee:ea:0d:
         a4:24:bd:8e:cb:3f:67:be:1b:bc:7d:4f:01:bd:9c:94:ae:c9:
         8b:ec:1b:ce:95:55:92:fd:e4:a1:51:28:e3:8d:81:95:9b:70:
         c1:11:72:56:3c:4f:8b:d7:ad:2e:b6:7e:0b:c4:d1:47:9f:0e:
         3d:ee:2b:5d:99:bc:ab:1b:8b:29:bb:70:75:d9:90:68:6c:eb:
         b3:a1:04:72:d7:26:b8:67:02:ae:3c:ed:df:21:d5:eb:c8:95:
         03:b1:80:d4:bc:b8:50:b2:11:ed:3a:7d:dd:9d:d2:6e:8c:29:
         b5:5c:68:69:fa:f2:f0:e8:97:ad:25:ce:13:30:91:34:8c:a4:
         a5:99:ce:e2:8c:b7:88:16:70:f7:13:d6:e5:26:8f:06:c6:a9:
         8a:12:3e:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUTqyqH7FmxTd1H20VIT6O33Z9+iAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTgwNzI5MjRaFw0yNzAzMTcwNzM0MjRaMDMxMTAvBgNV
BAMTKDM3OEJEREJGMEUwMkY3RkQ4Njc2QUZGRjMxRjRCNUY0OTY3RTk0OUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDeU7bLPMtwwmV/oMTFaro2/erb
M95b8pNCJ5CKmFv9+Q9cAhrzLQH6RAbB91QN6L4yond2bMKXl98qrCWl92kF26RE
NiE1xuxSlpyZdYX1J7Z9df/AqIIHQ1hcL6hX0FKyQkKBwZ6qzg699aw89+cqxXAe
exGLw3JLrOhKgEnmLHKHvTqZwc+b8Cvtssknrf9esID/7vj4QLVHJNCaep/Jm5rU
mRDOs4e5a2JcEfdZw17gfv9Y5W1qem5Gz2wAt8yUmium3QnRq17vgDsJZI2O+KdM
09XVkP6qg/JWPtajcfgx+5Hs4WVHNn0wJ1ahBytqixGXXIzwhz3/SZ/vgYhpAgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUN4vdvw4C9/2Gdq//MfS19JZ+lJowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTg0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo1gMA0G
CSqGSIb3DQEBCwUAA4IBAQBibkd0sPLxFrCPfiBBA1cow6E2rrSxT4sS3LbR7mDW
n6kjaEyiQkJxetbmvYcWw6uZP/yOiaEhkjZ5FVQBNsQGYVL2dUkXlhhFPrAMB/Eb
rKBmWFvqNaUJtEKNJVcAKObuUhg1EpPQc2Du6g2kJL2Oyz9nvhu8fU8BvZyUrsmL
7BvOlVWS/eShUSjjjYGVm3DBEXJWPE+L160utn4LxNFHnw497itdmbyrG4spu3B1
2ZBobOuzoQRy1ya4ZwKuPO3fIdXryJUDsYDUvLhQshHtOn3dndJujCm1XGhp+vLw
6JetJc4TMJE0jKSlmc7ijLeIFnD3E9blJo8GxqmKEj5I
-----END CERTIFICATE-----