Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398465.roa
File:                     AS398465.roa (raw, json)
Hash identifier:          rq2icJX4Q/ysZJYp1ShvKY8uAnBqZWvyBkteoF3tjEI=
Subject key identifier:   1E:84:A2:34:91:02:A4:C6:71:76:FB:75:D4:49:94:6C:A1:82:57:7C
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4F874E04428358D28538351F5FBFCAC2D0C59BEA
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398465.roa
Signing time:             Sat 14 Mar 2026 11:24:06 +0000
ROA not before:           Sat 14 Mar 2026 11:19:06 +0000
ROA not after:            Sat 13 Mar 2027 11:24:06 +0000
asID:                     398465
IP address blocks:        191.101.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:87:4e:04:42:83:58:d2:85:38:35:1f:5f:bf:ca:c2:d0:c5:9b:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 14 11:19:06 2026 GMT
            Not After : Mar 13 11:24:06 2027 GMT
        Subject: CN=1E84A2349102A4C67176FB75D449946CA182577C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:77:55:3a:39:88:dc:8e:fb:46:62:b2:dd:dc:
                    91:11:22:83:2c:c7:96:92:16:e3:d8:0f:d0:27:94:
                    2d:8c:54:2b:09:0a:a7:83:3e:ac:e6:e1:a1:3f:46:
                    ca:c7:36:b6:4e:4f:71:fc:12:fb:5f:5a:55:43:1b:
                    70:97:01:c5:6d:d0:f0:ba:37:e1:2e:d8:5a:7f:13:
                    d7:38:80:ef:3c:b2:13:3a:97:12:ac:22:1d:03:70:
                    02:0c:9f:22:3c:58:04:77:5f:66:10:33:22:37:18:
                    f9:d4:65:0e:72:74:e2:fe:85:ba:e2:ca:b4:27:12:
                    f4:16:27:3c:f6:05:8b:df:d4:d8:19:00:8b:85:d1:
                    92:e7:87:9a:53:a5:12:9a:05:db:6d:e3:3d:3d:42:
                    64:3e:43:dc:50:97:15:87:c2:27:49:d9:4a:c5:6e:
                    b3:52:f3:00:89:dc:0b:1c:6f:f6:c6:f0:b3:a6:c7:
                    7a:8a:bd:90:40:90:22:7f:e0:49:34:49:f2:19:cb:
                    1b:2a:ca:17:4b:3b:66:43:b1:fd:13:d3:1b:e2:a3:
                    4d:15:be:83:8b:c4:54:47:49:a0:f5:eb:ac:ce:28:
                    b4:e3:3d:c6:ea:b5:b9:fd:f4:1a:90:4a:34:26:ce:
                    f3:5d:4e:20:7b:9f:f4:9e:2b:b9:6b:02:fb:3e:c5:
                    35:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:84:A2:34:91:02:A4:C6:71:76:FB:75:D4:49:94:6C:A1:82:57:7C
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS398465.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:a3:9c:83:fe:09:82:0c:55:ec:e2:f4:87:a4:a9:f4:42:b4:
         65:b3:49:77:e3:34:8f:c3:7a:d4:6b:a3:7a:8f:9d:44:cd:bd:
         07:12:8f:76:1c:67:c5:a5:7f:6b:50:43:d6:89:87:60:ff:55:
         d9:e4:65:78:0c:2b:fe:94:1a:44:47:fe:9d:f0:1e:c4:92:1a:
         49:5d:9f:ab:61:c6:43:9b:0a:b2:2d:ba:f7:d1:ed:12:0c:ea:
         1f:96:45:44:be:45:df:ad:76:c7:a3:09:fc:3d:20:60:52:b1:
         54:0d:f9:be:92:be:85:e9:f9:93:88:c3:b4:ba:bc:9a:a0:10:
         c5:4d:f2:08:f7:14:51:7f:f2:30:5a:37:78:8a:0c:86:8e:5f:
         08:e0:43:b9:0c:65:f1:60:9b:58:64:ff:9f:4d:b0:40:75:ae:
         ba:69:92:13:f5:f4:a4:86:78:9e:ce:1b:90:6f:9b:6e:17:75:
         fb:3c:a8:32:72:99:61:1c:12:59:44:63:50:18:37:48:85:30:
         3d:c2:da:a6:e9:87:17:b6:f1:c8:ff:ab:3e:c7:0d:a5:44:8b:
         91:39:52:8d:7f:7f:ac:43:38:b9:8b:7e:25:d2:7a:78:11:20:
         9b:15:82:04:48:4e:c6:3e:eb:57:50:34:14:a2:fd:61:85:32:
         89:0c:52:34
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUT4dOBEKDWNKFODUfX7/KwtDFm+owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTQxMTE5MDZaFw0yNzAzMTMxMTI0MDZaMDMxMTAvBgNV
BAMTKDFFODRBMjM0OTEwMkE0QzY3MTc2RkI3NUQ0NDk5NDZDQTE4MjU3N0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnd1U6OYjcjvtGYrLd3JERIoMs
x5aSFuPYD9AnlC2MVCsJCqeDPqzm4aE/RsrHNrZOT3H8EvtfWlVDG3CXAcVt0PC6
N+Eu2Fp/E9c4gO88shM6lxKsIh0DcAIMnyI8WAR3X2YQMyI3GPnUZQ5ydOL+hbri
yrQnEvQWJzz2BYvf1NgZAIuF0ZLnh5pTpRKaBdtt4z09QmQ+Q9xQlxWHwidJ2UrF
brNS8wCJ3Ascb/bG8LOmx3qKvZBAkCJ/4Ek0SfIZyxsqyhdLO2ZDsf0T0xvio00V
voOLxFRHSaD166zOKLTjPcbqtbn99BqQSjQmzvNdTiB7n/SeK7lrAvs+xTW5AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHoSiNJECpMZxdvt11EmUbKGCV3wwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk4NDY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2Ub
MA0GCSqGSIb3DQEBCwUAA4IBAQCco5yD/gmCDFXs4vSHpKn0QrRls0l34zSPw3rU
a6N6j51Ezb0HEo92HGfFpX9rUEPWiYdg/1XZ5GV4DCv+lBpER/6d8B7EkhpJXZ+r
YcZDmwqyLbr30e0SDOoflkVEvkXfrXbHown8PSBgUrFUDfm+kr6F6fmTiMO0urya
oBDFTfII9xRRf/IwWjd4igyGjl8I4EO5DGXxYJtYZP+fTbBAda66aZIT9fSkhnie
zhuQb5tuF3X7PKgycplhHBJZRGNQGDdIhTA9wtqm6YcXtvHI/6s+xw2lRIuROVKN
f3+sQzi5i34l0np4ESCbFYIESE7GPutXUDQUov1hhTKJDFI0
-----END CERTIFICATE-----