Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
File:                     AS399486.roa (raw, json)
Hash identifier:          L3ZQ13caGLVLzj6IbMvYMdxo7nODBWAs8YUQqi/bhjg=
Subject key identifier:   7F:03:0B:CA:8E:17:C1:DA:EC:28:9B:67:33:15:A3:87:03:4F:F9:CD
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3FABC3D4DD25353FDF7E62A0A8F959F9D0AB3D70
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa
Signing time:             Mon 09 Mar 2026 07:43:41 +0000
ROA not before:           Mon 09 Mar 2026 07:38:41 +0000
ROA not after:            Mon 08 Mar 2027 07:43:41 +0000
asID:                     399486
IP address blocks:        85.209.176.0/24 maxlen: 24
                          179.61.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:ab:c3:d4:dd:25:35:3f:df:7e:62:a0:a8:f9:59:f9:d0:ab:3d:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  9 07:38:41 2026 GMT
            Not After : Mar  8 07:43:41 2027 GMT
        Subject: CN=7F030BCA8E17C1DAEC289B673315A387034FF9CD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:64:20:7c:2f:dd:24:06:9b:66:e2:0c:4d:2f:
                    98:ed:8b:91:1d:c1:03:9d:34:14:80:93:39:d6:77:
                    8d:d6:c0:37:34:6b:e6:d9:af:02:32:34:f5:6e:f7:
                    90:1c:ab:52:83:a6:6a:bc:f3:10:2d:4a:83:52:76:
                    09:e0:5a:d0:1b:ff:af:a1:f1:f5:dc:28:e5:94:58:
                    e7:dd:23:af:40:6c:59:72:e1:b9:1c:29:e6:dd:96:
                    75:72:49:24:9b:69:7b:21:41:ef:8d:b9:c0:f7:cc:
                    ae:78:1a:07:53:34:33:24:ef:86:37:0a:6b:c7:1b:
                    6a:b5:04:f9:d3:cc:40:c1:f7:9c:e8:0f:a2:7d:e9:
                    42:cf:6c:b3:ac:4e:b1:b2:39:7a:75:90:ea:ef:6a:
                    18:50:e5:0d:9a:5e:39:3c:f8:ea:6d:78:bd:db:10:
                    78:65:30:1c:4d:bd:71:ed:81:8b:bd:70:a3:63:67:
                    db:c8:63:00:ef:da:16:27:08:34:2e:44:7c:c7:fe:
                    68:1d:04:06:fd:3f:06:a8:c0:5e:12:1a:53:58:e1:
                    c2:d1:69:41:76:d7:cf:d7:35:7f:b5:c8:fb:39:7a:
                    b3:30:0b:72:fb:d9:e4:e4:fb:82:49:f7:e3:02:5b:
                    5f:38:cf:ac:49:91:bc:5b:32:d7:65:7c:19:be:6f:
                    19:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:03:0B:CA:8E:17:C1:DA:EC:28:9B:67:33:15:A3:87:03:4F:F9:CD
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS399486.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.209.176.0/24
                  179.61.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:ac:d5:92:53:85:3c:52:b8:fa:7e:9a:32:e8:27:35:fb:ac:
         2f:2b:eb:d5:86:a2:87:08:ad:99:54:57:1b:34:53:92:2a:82:
         d0:db:3f:db:55:5e:09:81:a3:b0:05:0d:63:55:03:13:69:08:
         0d:c6:5d:43:9f:d9:65:f3:b0:c8:75:f1:9e:f4:cc:9b:9f:05:
         13:2d:5c:c0:c3:94:1f:23:69:14:ec:49:9c:6a:a8:dd:a2:8a:
         c3:0d:13:06:35:f9:b1:aa:ee:d7:55:fe:de:e6:42:89:fb:a5:
         37:93:a2:dd:3a:f1:1a:01:ac:ad:af:ce:a8:ce:48:b6:74:28:
         88:61:43:4f:7a:89:08:9e:97:f8:48:34:54:a9:56:fb:63:e8:
         78:b2:03:91:d0:91:52:0e:45:49:17:69:02:5a:33:4f:8a:ce:
         23:82:8e:d5:99:92:c0:59:e0:c2:4e:66:c9:6b:fb:dd:b0:7b:
         ae:72:0e:0a:19:6e:dc:97:56:a4:0b:d4:2d:e7:d1:96:f4:46:
         ae:80:e7:75:b3:d7:a4:5e:8e:55:4b:d9:35:2e:ce:83:0d:00:
         44:e1:95:d3:a6:a3:28:59:b7:71:57:83:b7:7b:c7:b1:d2:8b:
         7f:5c:f4:76:71:6f:b1:14:ec:c1:55:d9:ec:23:1f:a7:1d:2e:
         bf:b8:a9:af
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUP6vD1N0lNT/ffmKgqPlZ+dCrPXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDkwNzM4NDFaFw0yNzAzMDgwNzQzNDFaMDMxMTAvBgNV
BAMTKDdGMDMwQkNBOEUxN0MxREFFQzI4OUI2NzMzMTVBMzg3MDM0RkY5Q0QwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPZCB8L90kBptm4gxNL5jti5Ed
wQOdNBSAkznWd43WwDc0a+bZrwIyNPVu95Acq1KDpmq88xAtSoNSdgngWtAb/6+h
8fXcKOWUWOfdI69AbFly4bkcKebdlnVySSSbaXshQe+NucD3zK54GgdTNDMk74Y3
CmvHG2q1BPnTzEDB95zoD6J96ULPbLOsTrGyOXp1kOrvahhQ5Q2aXjk8+OpteL3b
EHhlMBxNvXHtgYu9cKNjZ9vIYwDv2hYnCDQuRHzH/mgdBAb9PwaowF4SGlNY4cLR
aUF218/XNX+1yPs5erMwC3L72eTk+4JJ9+MCW184z6xJkbxbMtdlfBm+bxkTAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfwMLyo4XwdrsKJtnMxWjhwNP+c0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk5NDg2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVdGw
AwQAsz3jMA0GCSqGSIb3DQEBCwUAA4IBAQCBrNWSU4U8Urj6fpoy6Cc1+6wvK+vV
hqKHCK2ZVFcbNFOSKoLQ2z/bVV4JgaOwBQ1jVQMTaQgNxl1Dn9ll87DIdfGe9Myb
nwUTLVzAw5QfI2kU7EmcaqjdoorDDRMGNfmxqu7XVf7e5kKJ+6U3k6LdOvEaAayt
r86ozki2dCiIYUNPeokInpf4SDRUqVb7Y+h4sgOR0JFSDkVJF2kCWjNPis4jgo7V
mZLAWeDCTmbJa/vdsHuucg4KGW7cl1akC9Qt59GW9EaugOd1s9ekXo5VS9k1Ls6D
DQBE4ZXTpqMoWbdxV4O3e8ex0ot/XPR2cW+xFOzBVdnsIx+nHS6/uKmv
-----END CERTIFICATE-----