Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          7KiC6+ZiUCIr0Twuc/O3EcLxGIvxYh8ifHqUangt8nQ=
Subject key identifier:   6C:E0:A1:CB:1C:D6:6C:6F:E6:61:82:88:5F:D2:32:8A:86:5E:64:6C
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       4415FA79D9AF869592EF65F70A5972C540084CA3
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3320.roa
Signing time:             Tue 28 Apr 2026 00:04:20 +0000
ROA not before:           Mon 27 Apr 2026 23:59:20 +0000
ROA not after:            Tue 27 Apr 2027 00:04:20 +0000
asID:                     3320
IP address blocks:        78.41.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:15:fa:79:d9:af:86:95:92:ef:65:f7:0a:59:72:c5:40:08:4c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Apr 27 23:59:20 2026 GMT
            Not After : Apr 27 00:04:20 2027 GMT
        Subject: CN=6CE0A1CB1CD66C6FE66182885FD2328A865E646C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b5:6b:c7:a2:55:e4:79:c5:0a:39:e4:6d:78:
                    e5:5c:73:38:a3:31:39:a2:fc:c6:a4:44:1a:be:3c:
                    0a:ef:e5:b2:1a:cf:84:15:bb:80:ae:68:98:bc:cd:
                    26:2e:e6:a1:e9:c7:7a:82:15:9a:83:49:e7:e4:93:
                    40:3b:55:b3:b2:7b:a2:79:90:62:e3:02:9e:93:0a:
                    e3:f8:f5:df:3a:17:7b:0c:89:85:72:8a:4e:97:9e:
                    51:45:6d:0d:6e:b8:2c:68:6a:04:00:b5:69:5d:f7:
                    40:22:b8:5d:0e:66:b7:36:15:47:bf:74:b0:82:80:
                    59:f9:87:22:7e:9b:6b:d4:05:1c:2a:1f:87:5a:58:
                    aa:86:8c:b9:c5:2c:80:9a:b9:fc:37:3a:8a:59:33:
                    fb:f9:07:af:08:35:24:01:4f:f0:88:6e:53:b1:b2:
                    5a:81:85:22:3e:b8:8e:3f:80:95:14:57:b9:97:19:
                    0c:a1:1a:01:08:2b:dd:31:ac:97:b3:3d:e7:58:a2:
                    21:35:d9:a1:be:44:c9:ce:e9:5a:c1:88:a9:7d:0f:
                    68:1e:ac:47:7a:e7:66:b8:05:10:46:1e:7e:09:78:
                    a4:c7:86:52:1a:9b:85:a5:74:2c:ce:62:7d:de:2e:
                    50:bd:f8:e2:24:ab:c8:86:e6:3f:8f:15:35:9a:df:
                    f8:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:E0:A1:CB:1C:D6:6C:6F:E6:61:82:88:5F:D2:32:8A:86:5E:64:6C
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.41.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:c6:f1:b7:36:1a:7c:53:f4:9e:45:f1:01:c8:8e:43:86:44:
         73:d8:62:ed:cb:b6:d5:eb:65:b1:f3:03:99:a4:54:94:6b:83:
         ca:79:92:56:35:ef:0d:42:ff:07:94:3b:1a:9e:48:c1:b1:b6:
         e9:5b:ca:e1:f1:e8:70:b3:62:14:7f:23:d0:94:dc:07:fe:ea:
         4a:d0:5c:48:56:1d:53:95:66:21:e2:11:10:e1:6d:2a:90:87:
         00:e3:54:d9:55:a5:4b:46:dd:c3:0f:dc:b8:ad:59:4f:59:1f:
         1c:18:c1:f5:60:24:50:f9:64:f6:c6:a3:f4:aa:47:98:44:84:
         9c:90:00:fe:60:7d:1f:ad:7c:2c:73:39:d3:ad:91:06:0d:4e:
         4f:a6:a0:09:24:15:bb:b8:aa:26:59:5a:e8:f0:15:31:4c:5c:
         22:4c:68:89:19:91:1e:8e:17:55:67:66:80:7a:d9:dd:e0:1b:
         7a:88:f2:ae:62:7f:e4:2f:9b:3d:40:6a:e3:af:2f:0d:68:9d:
         d9:9e:b5:3b:93:1a:dd:50:e4:ab:cd:fb:f1:45:34:2c:bf:be:
         44:20:59:2e:8d:78:04:ea:b5:54:df:e1:9e:9b:1a:86:9d:32:
         28:55:1b:af:0a:8c:fd:59:aa:0e:18:c0:78:4a:ff:44:43:34:
         20:81:8c:95
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIURBX6edmvhpWS72X3CllyxUAITKMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA0MjcyMzU5MjBaFw0yNzA0MjcwMDA0MjBaMDMxMTAvBgNV
BAMTKDZDRTBBMUNCMUNENjZDNkZFNjYxODI4ODVGRDIzMjhBODY1RTY0NkMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxtWvHolXkecUKOeRteOVcczij
MTmi/MakRBq+PArv5bIaz4QVu4CuaJi8zSYu5qHpx3qCFZqDSefkk0A7VbOye6J5
kGLjAp6TCuP49d86F3sMiYVyik6XnlFFbQ1uuCxoagQAtWld90AiuF0OZrc2FUe/
dLCCgFn5hyJ+m2vUBRwqH4daWKqGjLnFLICaufw3OopZM/v5B68INSQBT/CIblOx
slqBhSI+uI4/gJUUV7mXGQyhGgEIK90xrJezPedYoiE12aG+RMnO6VrBiKl9D2ge
rEd652a4BRBGHn4JeKTHhlIam4WldCzOYn3eLlC9+OIkq8iG5j+PFTWa3/hrAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUbOChyxzWbG/mYYKIX9IyioZeZGwwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzMyMC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAE4pMDAN
BgkqhkiG9w0BAQsFAAOCAQEAHcbxtzYafFP0nkXxAciOQ4ZEc9hi7cu21etlsfMD
maRUlGuDynmSVjXvDUL/B5Q7Gp5IwbG26VvK4fHocLNiFH8j0JTcB/7qStBcSFYd
U5VmIeIREOFtKpCHAONU2VWlS0bdww/cuK1ZT1kfHBjB9WAkUPlk9saj9KpHmESE
nJAA/mB9H618LHM5062RBg1OT6agCSQVu7iqJlla6PAVMUxcIkxoiRmRHo4XVWdm
gHrZ3eAbeojyrmJ/5C+bPUBq468vDWid2Z61O5Ma3VDkq8378UU0LL++RCBZLo14
BOq1VN/hnpsahp0yKFUbrwqM/VmqDhjAeEr/REM0IIGMlQ==
-----END CERTIFICATE-----