Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400906.roa
File:                     AS400906.roa (raw, json)
Hash identifier:          ys0I3asGcB8CftEPC4lsgkN+MICm3RzktXA1vqJBI58=
Subject key identifier:   A6:95:A8:FF:D3:15:F9:05:F7:11:44:47:78:8B:23:C8:BF:4E:41:F9
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       056CEC864EF1AACF5CE22775B48CBBCD4AF0B148
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400906.roa
Signing time:             Fri 08 May 2026 12:28:46 +0000
ROA not before:           Fri 08 May 2026 12:23:46 +0000
ROA not after:            Fri 07 May 2027 12:28:46 +0000
asID:                     400906
IP address blocks:        181.215.62.0/24 maxlen: 24
                          191.101.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:6c:ec:86:4e:f1:aa:cf:5c:e2:27:75:b4:8c:bb:cd:4a:f0:b1:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  8 12:23:46 2026 GMT
            Not After : May  7 12:28:46 2027 GMT
        Subject: CN=A695A8FFD315F905F7114447788B23C8BF4E41F9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:28:c0:1b:59:8e:7f:77:ad:78:5e:d4:fd:1e:
                    d6:df:5b:c9:e4:4e:31:67:3b:5f:c6:20:43:1f:61:
                    e9:75:24:2b:d0:99:43:91:da:0b:4d:29:43:ac:7e:
                    bc:25:a9:13:92:94:9b:de:ce:57:8b:b5:6f:32:d2:
                    f5:ae:fc:c8:94:a4:69:8f:37:e3:7a:ec:ea:c4:da:
                    42:01:dc:e4:65:57:1a:be:f2:b6:fb:43:72:02:3c:
                    1d:48:fd:ce:ec:d0:2a:0d:ef:b2:87:46:9b:f9:42:
                    c2:6a:87:59:de:f7:71:c5:90:c5:4d:19:eb:4d:c5:
                    d7:19:8c:92:4e:68:e7:22:9c:04:a7:ac:a6:b3:8f:
                    1b:e9:21:f9:77:a6:14:6c:e6:d1:77:7c:19:13:08:
                    cc:f2:92:1e:ce:0b:e1:82:d7:ce:ce:60:5c:44:0c:
                    f6:59:5b:c9:b6:fa:c9:0c:58:8a:67:0f:99:e1:bc:
                    0c:c2:53:6f:26:33:3d:46:5b:e1:c7:73:4c:8d:e7:
                    16:64:8c:8e:15:78:29:a2:82:44:50:d9:84:bd:cd:
                    40:9d:2d:81:35:24:23:e0:c3:c7:be:42:26:8a:cd:
                    3c:45:83:3a:8d:0c:c4:40:f9:22:ff:cf:00:3d:d8:
                    9e:3b:6b:01:41:bd:87:a8:da:8a:1f:9a:46:f1:fe:
                    8b:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:95:A8:FF:D3:15:F9:05:F7:11:44:47:78:8B:23:C8:BF:4E:41:F9
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400906.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.62.0/24
                  191.101.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:24:74:22:49:6c:6f:47:2d:5a:75:09:46:51:50:e2:0e:cf:
         5d:2b:51:0f:92:1e:47:6b:a1:99:8e:56:94:3e:02:90:5a:01:
         24:20:83:2d:e8:b4:60:ac:40:1a:c7:63:8d:72:dc:6e:48:d0:
         c5:65:a7:f6:e0:ac:9c:c1:b7:eb:21:99:3c:8f:97:f1:e8:d1:
         9b:45:89:1d:e2:43:e6:29:ff:d8:09:a0:90:ee:5a:98:ae:73:
         dc:d9:a4:70:f8:77:1b:4c:7b:99:39:42:33:e9:1c:54:7b:db:
         f0:d3:d2:bb:6e:38:36:2a:17:70:ab:14:b9:81:0b:25:7d:1e:
         37:4c:c5:85:5c:f8:25:37:5c:37:0c:6e:06:e9:15:c5:26:01:
         e0:15:f0:c6:c6:e6:fa:ad:74:1e:8b:f0:63:a6:ea:af:c3:86:
         49:c1:05:a7:11:16:8d:eb:d7:b7:a7:cb:47:50:bf:81:c5:db:
         a2:52:3f:7c:73:46:5e:89:f6:1a:90:f2:62:45:bc:07:fd:a1:
         fd:ed:90:e7:2d:55:85:ec:2c:e9:0b:b7:7f:77:3b:ac:2d:a6:
         7f:4d:7b:87:fc:29:4c:43:06:7a:58:bf:85:d6:5c:22:4d:bb:
         19:5f:30:45:c6:f8:48:ba:7d:a6:5a:bb:32:d4:26:00:4c:da:
         98:a5:96:e5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUBWzshk7xqs9c4id1tIy7zUrwsUgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDgxMjIzNDZaFw0yNzA1MDcxMjI4NDZaMDMxMTAvBgNV
BAMTKEE2OTVBOEZGRDMxNUY5MDVGNzExNDQ0Nzc4OEIyM0M4QkY0RTQxRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClKMAbWY5/d614XtT9HtbfW8nk
TjFnO1/GIEMfYel1JCvQmUOR2gtNKUOsfrwlqROSlJvezleLtW8y0vWu/MiUpGmP
N+N67OrE2kIB3ORlVxq+8rb7Q3ICPB1I/c7s0CoN77KHRpv5QsJqh1ne93HFkMVN
GetNxdcZjJJOaOcinASnrKazjxvpIfl3phRs5tF3fBkTCMzykh7OC+GC187OYFxE
DPZZW8m2+skMWIpnD5nhvAzCU28mMz1GW+HHc0yN5xZkjI4VeCmigkRQ2YS9zUCd
LYE1JCPgw8e+QiaKzTxFgzqNDMRA+SL/zwA92J47awFBvYeo2oofmkbx/ovHAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUppWo/9MV+QX3EURHeIsjyL9OQfkwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwOTA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtdc+
AwQAv2UnMA0GCSqGSIb3DQEBCwUAA4IBAQBCJHQiSWxvRy1adQlGUVDiDs9dK1EP
kh5Ha6GZjlaUPgKQWgEkIIMt6LRgrEAax2ONctxuSNDFZaf24KycwbfrIZk8j5fx
6NGbRYkd4kPmKf/YCaCQ7lqYrnPc2aRw+HcbTHuZOUIz6RxUe9vw09K7bjg2Khdw
qxS5gQslfR43TMWFXPglN1w3DG4G6RXFJgHgFfDGxub6rXQei/Bjpuqvw4ZJwQWn
ERaN69e3p8tHUL+BxduiUj98c0ZeifYakPJiRbwH/aH97ZDnLVWF7CzpC7d/dzus
LaZ/TXuH/ClMQwZ6WL+F1lwiTbsZXzBFxvhIun2mWrsy1CYATNqYpZbl
-----END CERTIFICATE-----