Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS396982.roa
File:                     AS396982.roa (raw, json)
Hash identifier:          wck0Q0rqhEQ5SkcL+goIs+/wb4+g0gW+rKGQFTxR6SE=
Subject key identifier:   DD:2D:3B:FE:51:DF:8D:C5:2A:51:C0:A8:A4:82:7C:75:18:A5:AA:58
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       39CEC017D5D3E014B4A2E9973F75661EC2D5F52D
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS396982.roa
Signing time:             Tue 30 Sep 2025 10:03:13 +0000
ROA not before:           Tue 30 Sep 2025 09:58:13 +0000
ROA not after:            Tue 29 Sep 2026 10:03:13 +0000
asID:                     396982
IP address blocks:        46.236.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:ce:c0:17:d5:d3:e0:14:b4:a2:e9:97:3f:75:66:1e:c2:d5:f5:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:13 2025 GMT
            Not After : Sep 29 10:03:13 2026 GMT
        Subject: CN=DD2D3BFE51DF8DC52A51C0A8A4827C7518A5AA58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:5e:8b:c7:c1:60:15:91:cb:37:9b:6b:46:ed:
                    da:1c:41:71:32:9c:fc:88:9f:32:cf:15:4d:e4:cf:
                    14:6f:c0:52:2d:dd:d6:e3:84:21:4e:e8:6a:92:fe:
                    0c:72:c9:30:d0:52:8e:43:79:3c:08:99:47:40:b7:
                    af:81:6c:b4:a8:e8:ce:db:47:44:bc:d3:06:0c:10:
                    d5:6d:50:84:ba:b7:9f:90:52:ed:cc:76:df:ad:89:
                    e6:12:34:64:86:8e:e5:61:70:82:f3:15:b4:c3:e8:
                    90:52:93:95:ac:40:7b:9b:61:69:f5:97:3b:d0:ee:
                    5b:51:1a:12:25:69:f5:e8:54:3b:18:b3:b8:ea:35:
                    ce:67:74:86:3a:01:ce:9b:cf:6d:0b:3c:14:c7:58:
                    64:05:60:2d:00:03:01:6d:9b:17:05:ba:c2:0b:21:
                    03:44:a5:79:01:f1:89:95:41:a7:65:2f:77:3f:dc:
                    7e:bf:c5:96:30:94:a9:1d:a9:e2:64:b8:1d:e2:47:
                    28:eb:48:4e:aa:ec:6f:38:f7:11:47:c7:a7:e1:fa:
                    00:10:6a:6d:6b:db:2f:29:54:8c:80:5c:2b:82:44:
                    15:b9:e4:69:fa:3a:1b:e6:8c:43:49:cf:60:c1:9b:
                    b9:69:eb:84:c0:7b:7a:12:eb:00:52:96:21:1b:8e:
                    e9:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DD:2D:3B:FE:51:DF:8D:C5:2A:51:C0:A8:A4:82:7C:75:18:A5:AA:58
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS396982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:c4:d4:68:f5:38:0d:3a:14:2e:c5:40:7f:9d:db:d2:fc:82:
         50:8c:ad:74:ae:30:25:ba:89:45:e5:96:68:55:86:51:93:d2:
         72:47:4c:f6:ee:56:1b:b3:98:de:cc:8b:f9:51:4a:91:77:b0:
         e1:a7:d3:66:26:93:32:c3:e8:e6:5e:7a:46:07:88:59:3b:d4:
         85:29:9d:c3:f0:dc:57:c7:5a:db:21:3f:3f:40:2b:b0:e7:ad:
         f6:af:b9:c8:05:13:63:18:4b:d6:0b:0c:d2:24:d1:bb:64:14:
         4b:65:13:b5:0e:7d:53:f8:fa:ed:65:03:f1:83:7f:9e:b7:be:
         8b:be:4e:bf:be:77:87:41:b8:6a:b3:fd:65:93:ce:b3:63:63:
         80:30:3c:92:dd:e5:8a:1b:00:37:0b:f5:41:ff:de:0e:f0:a4:
         24:ae:8a:40:50:5a:51:85:34:1b:ee:38:29:83:5e:49:da:44:
         21:e7:80:5d:e3:be:a5:be:29:48:8e:8f:9d:5f:4b:f4:dc:1a:
         e7:a1:3d:a2:cc:e6:1c:2c:7b:40:cd:90:54:05:0f:01:df:8c:
         22:ac:c4:5a:93:38:87:17:5b:c4:2d:8a:a0:f3:c9:30:53:bf:
         bf:d3:ec:90:cd:c6:54:45:02:33:28:5a:77:b1:5e:f2:0e:04:
         d5:82:71:df
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOc7AF9XT4BS0oumXP3VmHsLV9S0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTNaFw0yNjA5MjkxMDAzMTNaMDMxMTAvBgNV
BAMTKEREMkQzQkZFNTFERjhEQzUyQTUxQzBBOEE0ODI3Qzc1MThBNUFBNTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbXovHwWAVkcs3m2tG7docQXEy
nPyInzLPFU3kzxRvwFIt3dbjhCFO6GqS/gxyyTDQUo5DeTwImUdAt6+BbLSo6M7b
R0S80wYMENVtUIS6t5+QUu3Mdt+tieYSNGSGjuVhcILzFbTD6JBSk5WsQHubYWn1
lzvQ7ltRGhIlafXoVDsYs7jqNc5ndIY6Ac6bz20LPBTHWGQFYC0AAwFtmxcFusIL
IQNEpXkB8YmVQadlL3c/3H6/xZYwlKkdqeJkuB3iRyjrSE6q7G849xFHx6fh+gAQ
am1r2y8pVIyAXCuCRBW55Gn6OhvmjENJz2DBm7lp64TAe3oS6wBSliEbjunnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU3S07/lHfjcUqUcCopIJ8dRilqlgwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzk2OTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzS
MA0GCSqGSIb3DQEBCwUAA4IBAQBcxNRo9TgNOhQuxUB/ndvS/IJQjK10rjAluolF
5ZZoVYZRk9JyR0z27lYbs5jezIv5UUqRd7Dhp9NmJpMyw+jmXnpGB4hZO9SFKZ3D
8NxXx1rbIT8/QCuw5632r7nIBRNjGEvWCwzSJNG7ZBRLZRO1Dn1T+PrtZQPxg3+e
t76Lvk6/vneHQbhqs/1lk86zY2OAMDyS3eWKGwA3C/VB/94O8KQkropAUFpRhTQb
7jgpg15J2kQh54Bd476lvilIjo+dX0v03BrnoT2izOYcLHtAzZBUBQ8B34wirMRa
kziHF1vELYqg88kwU7+/0+yQzcZURQIzKFp3sV7yDgTVgnHf
-----END CERTIFICATE-----