Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402214.roa
File:                     AS402214.roa (raw, json)
Hash identifier:          9Och+PsUzb/XDZVab7ABAudcg3leLxXD5P7u5nzRY2Q=
Subject key identifier:   B7:06:2C:61:BD:1A:5A:9C:76:85:B4:06:83:A0:B1:3E:78:99:B8:64
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       6386E853648ED6D83CBE20A50523AFD1F7561608
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402214.roa
Signing time:             Wed 06 May 2026 15:45:56 +0000
ROA not before:           Wed 06 May 2026 15:40:56 +0000
ROA not after:            Wed 05 May 2027 15:45:56 +0000
asID:                     402214
IP address blocks:        82.139.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:86:e8:53:64:8e:d6:d8:3c:be:20:a5:05:23:af:d1:f7:56:16:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May  6 15:40:56 2026 GMT
            Not After : May  5 15:45:56 2027 GMT
        Subject: CN=B7062C61BD1A5A9C7685B40683A0B13E7899B864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b4:97:27:81:8a:85:61:6f:a2:e7:6e:98:88:
                    6f:f7:aa:26:5e:a9:eb:67:be:b7:f6:18:84:30:05:
                    fc:50:b2:a6:e5:b2:b0:4d:e9:10:13:af:6a:8a:7f:
                    d0:04:9b:40:f5:c2:6b:d0:26:98:9b:8e:c9:8a:92:
                    2d:38:f9:4f:ae:c3:42:a7:69:92:86:0a:42:fe:a5:
                    17:0e:71:1a:2b:f6:a1:7d:9d:a3:91:44:80:d7:af:
                    47:36:23:e6:c4:56:51:ed:15:3c:b7:0b:b0:f9:0e:
                    67:99:d7:8c:97:d1:f9:c0:ec:a8:93:c8:2b:da:70:
                    65:08:ae:8f:e3:dd:c8:02:7a:50:71:b8:44:10:f7:
                    81:5d:77:d1:72:47:8f:83:ce:d0:92:0b:7e:00:5e:
                    db:0e:2f:3d:8f:eb:f5:1f:0f:5c:c4:61:c5:8c:ae:
                    fa:ad:53:2b:bd:79:8b:04:d4:06:fa:79:1f:ab:6b:
                    cf:c1:cd:f5:4d:ce:5a:85:a7:23:d3:66:36:e3:6a:
                    34:df:d7:d7:59:94:76:25:76:4e:c7:93:45:47:dc:
                    03:7c:4f:9f:45:9e:ef:cf:ef:5b:53:6d:c8:59:65:
                    63:d5:ba:61:30:97:5e:fe:39:32:a6:a1:7b:58:49:
                    d4:77:33:44:7d:b3:30:dd:34:48:2c:ae:52:d4:d1:
                    a5:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:06:2C:61:BD:1A:5A:9C:76:85:B4:06:83:A0:B1:3E:78:99:B8:64
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402214.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:af:5a:c6:90:6e:35:e9:d3:c6:2b:87:fb:67:e3:2d:3d:8c:
         85:8c:91:1f:da:3c:3f:d4:68:89:3a:0f:04:2e:83:cd:4c:d5:
         ca:2d:91:a3:20:89:53:c7:7a:5e:b5:e2:f2:f3:8a:65:41:4c:
         63:16:49:8b:e5:52:a4:60:71:77:32:31:c7:53:68:1a:77:7b:
         20:43:64:94:09:08:24:50:f6:52:0e:a5:3a:53:d8:97:49:bc:
         c0:14:b8:d7:75:87:8e:58:00:30:62:c8:3c:79:b6:43:7e:36:
         8a:be:d8:9d:ff:e3:8b:21:3c:2e:f9:8c:64:8f:3a:4b:7e:a3:
         29:c5:81:7b:7a:9f:aa:ea:30:85:c6:d7:f1:ba:f6:48:bd:a4:
         95:0d:71:47:11:12:b2:08:fe:c4:cf:93:23:4e:15:aa:ec:1c:
         c3:66:a0:b0:63:05:21:20:5d:da:37:d9:e0:f3:2f:d9:b4:9a:
         a2:a2:13:16:5f:bf:8b:66:ee:c3:7e:af:57:4c:29:8f:82:35:
         6e:c6:63:60:03:c0:6f:dc:61:11:64:1d:a9:2e:88:f9:b4:81:
         11:78:d2:c0:bb:17:a3:41:45:b1:68:07:43:ff:17:1d:aa:4a:
         87:5e:a6:b9:cd:96:0f:d1:61:44:c8:30:bb:08:0e:1a:a4:31:
         3d:7c:b0:c5
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUY4boU2SO1tg8viClBSOv0fdWFggwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MDYxNTQwNTZaFw0yNzA1MDUxNTQ1NTZaMDMxMTAvBgNV
BAMTKEI3MDYyQzYxQkQxQTVBOUM3Njg1QjQwNjgzQTBCMTNFNzg5OUI4NjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJtJcngYqFYW+i526YiG/3qiZe
qetnvrf2GIQwBfxQsqblsrBN6RATr2qKf9AEm0D1wmvQJpibjsmKki04+U+uw0Kn
aZKGCkL+pRcOcRor9qF9naORRIDXr0c2I+bEVlHtFTy3C7D5DmeZ14yX0fnA7KiT
yCvacGUIro/j3cgCelBxuEQQ94Fdd9FyR4+DztCSC34AXtsOLz2P6/UfD1zEYcWM
rvqtUyu9eYsE1Ab6eR+ra8/BzfVNzlqFpyPTZjbjajTf19dZlHYldk7Hk0VH3AN8
T59Fnu/P71tTbchZZWPVumEwl17+OTKmoXtYSdR3M0R9szDdNEgsrlLU0aXvAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUtwYsYb0aWpx2hbQGg6CxPniZuGQwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDAyMjE0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovg
MA0GCSqGSIb3DQEBCwUAA4IBAQBQr1rGkG416dPGK4f7Z+MtPYyFjJEf2jw/1GiJ
Og8ELoPNTNXKLZGjIIlTx3peteLy84plQUxjFkmL5VKkYHF3MjHHU2gad3sgQ2SU
CQgkUPZSDqU6U9iXSbzAFLjXdYeOWAAwYsg8ebZDfjaKvtid/+OLITwu+YxkjzpL
fqMpxYF7ep+q6jCFxtfxuvZIvaSVDXFHERKyCP7Ez5MjThWq7BzDZqCwYwUhIF3a
N9ng8y/ZtJqiohMWX7+LZu7Dfq9XTCmPgjVuxmNgA8Bv3GERZB2pLoj5tIEReNLA
uxejQUWxaAdD/xcdqkqHXqa5zZYP0WFEyDC7CA4apDE9fLDF
-----END CERTIFICATE-----