Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          E7PNafFa+agpm5NC5UEd20rvfcVHy6VPwkJO4BZbBYc=
Subject key identifier:   7E:26:ED:B9:EC:6B:A3:78:4C:7C:BF:A5:91:7F:18:A3:B5:6D:C6:2A
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       75365C36388669D9A23E8424451F10889F5A1540
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa
Signing time:             Sat 09 May 2026 07:46:32 +0000
ROA not before:           Sat 09 May 2026 07:41:32 +0000
ROA not after:            Sat 08 May 2027 07:46:32 +0000
asID:                     402215
IP address blocks:        212.60.152.0/24 maxlen: 24
                          212.60.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 13:47:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:36:5c:36:38:86:69:d9:a2:3e:84:24:45:1f:10:88:9f:5a:15:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: May  9 07:41:32 2026 GMT
            Not After : May  8 07:46:32 2027 GMT
        Subject: CN=7E26EDB9EC6BA3784C7CBFA5917F18A3B56DC62A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c7:2c:ed:4e:23:19:85:69:4d:30:72:db:0c:
                    d3:18:82:56:5b:d5:3b:e8:9a:9d:bf:80:fa:6e:66:
                    7f:ee:f9:fb:3b:42:d7:ba:0b:0f:59:aa:02:9f:33:
                    ac:25:39:d6:6b:dc:b0:a2:07:c0:c1:58:8b:41:27:
                    b5:b4:15:7f:8b:d3:9b:92:8e:6c:4f:e5:45:1a:31:
                    22:02:73:6d:a3:5e:2e:5b:5f:b6:d2:a4:de:dd:a3:
                    f7:d5:78:45:db:e5:db:bb:f6:a8:dc:d6:f1:7a:49:
                    98:77:81:3f:fb:92:e7:38:ca:fe:e9:e3:e0:97:b1:
                    28:1f:15:0e:07:58:c3:17:af:80:66:c8:ed:03:e6:
                    f5:5e:58:76:42:a0:19:b7:c4:fc:f3:3e:61:09:fe:
                    2e:82:e7:a6:c6:a0:99:59:7a:2d:19:44:e6:56:2e:
                    e8:a3:21:1e:c6:2c:12:1d:38:a5:0b:67:8d:8c:4e:
                    e8:4e:d2:85:7c:e0:41:ba:af:84:ad:0c:a8:74:9b:
                    72:62:f5:b9:27:92:f5:94:df:46:5c:58:a0:42:69:
                    c3:27:e6:b7:39:1a:5a:fe:b5:a8:c5:74:7a:85:a9:
                    54:c5:03:16:c8:30:18:8d:00:83:32:58:ed:10:f5:
                    11:0f:1f:0b:50:46:01:4d:cb:06:6a:b0:de:1c:77:
                    27:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:26:ED:B9:EC:6B:A3:78:4C:7C:BF:A5:91:7F:18:A3:B5:6D:C6:2A
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.60.152.0/24
                  212.60.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:b1:97:09:98:74:4c:c4:2f:31:07:78:54:7f:8a:55:f3:ee:
         60:32:3b:6c:47:ef:4e:ac:40:be:7a:4c:6a:8d:f3:4b:6a:f3:
         31:64:85:26:58:b7:f8:90:a6:03:65:92:d9:38:74:2b:ce:d3:
         46:44:01:a6:c3:28:ff:84:fe:ef:94:a2:8d:92:cb:98:53:d2:
         c9:61:87:89:93:15:e6:fb:02:5c:7d:90:16:0a:ff:13:8a:4d:
         d9:f2:dc:7f:bc:52:45:5f:70:b8:f2:e6:29:f3:2f:74:26:73:
         04:1e:9d:3b:ca:eb:b5:6f:15:6d:1c:84:73:96:59:2a:b1:26:
         0a:71:91:c9:9e:3c:dc:4b:7a:18:db:b7:27:aa:59:b1:91:8b:
         ce:5c:45:07:fc:55:16:4a:ff:fd:c7:6d:87:7f:31:4e:67:7e:
         25:ec:5f:0b:47:a3:c9:00:89:64:6f:04:d2:e0:bf:4c:ea:db:
         d5:71:e9:dc:56:b4:ff:bc:cd:d7:e1:29:fe:f7:4b:6d:a3:3c:
         cb:f0:ee:07:b9:f8:72:15:fc:2b:e3:33:68:06:d9:dd:bf:c9:
         67:03:95:6e:71:2e:6c:dd:7a:4c:56:a2:8f:be:55:77:46:63:
         29:85:e9:f7:08:cd:80:c7:0f:f4:33:a2:6c:b9:82:69:4c:59:
         18:70:0d:9c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdTZcNjiGadmiPoQkRR8QiJ9aFUAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNjA1MDkwNzQxMzJaFw0yNzA1MDgwNzQ2MzJaMDMxMTAvBgNV
BAMTKDdFMjZFREI5RUM2QkEzNzg0QzdDQkZBNTkxN0YxOEEzQjU2REM2MkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsxyztTiMZhWlNMHLbDNMYglZb
1Tvomp2/gPpuZn/u+fs7Qte6Cw9ZqgKfM6wlOdZr3LCiB8DBWItBJ7W0FX+L05uS
jmxP5UUaMSICc22jXi5bX7bSpN7do/fVeEXb5du79qjc1vF6SZh3gT/7kuc4yv7p
4+CXsSgfFQ4HWMMXr4BmyO0D5vVeWHZCoBm3xPzzPmEJ/i6C56bGoJlZei0ZROZW
LuijIR7GLBIdOKULZ42MTuhO0oV84EG6r4StDKh0m3Ji9bknkvWU30ZcWKBCacMn
5rc5Glr+tajFdHqFqVTFAxbIMBiNAIMyWO0Q9REPHwtQRgFNywZqsN4cdycPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfibtuexro3hMfL+lkX8Yo7VtxiowHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA1DyY
AwQA1DyaMA0GCSqGSIb3DQEBCwUAA4IBAQABsZcJmHRMxC8xB3hUf4pV8+5gMjts
R+9OrEC+ekxqjfNLavMxZIUmWLf4kKYDZZLZOHQrztNGRAGmwyj/hP7vlKKNksuY
U9LJYYeJkxXm+wJcfZAWCv8Tik3Z8tx/vFJFX3C48uYp8y90JnMEHp07yuu1bxVt
HIRzllkqsSYKcZHJnjzcS3oY27cnqlmxkYvOXEUH/FUWSv/9x22HfzFOZ34l7F8L
R6PJAIlkbwTS4L9M6tvVcencVrT/vM3X4Sn+90ttozzL8O4HufhyFfwr4zNoBtnd
v8lnA5VucS5s3XpMVqKPvlV3RmMphen3CM2Axw/0M6JsuYJpTFkYcA2c
-----END CERTIFICATE-----