Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402203.roa
File:                     AS402203.roa (raw, json)
Hash identifier:          umSiYFooeNE6OfXjnMAJQPowbS6Hv+Kdva150HK971E=
Subject key identifier:   86:D5:3E:4E:75:A5:0F:EA:92:DB:3B:CE:8B:E2:26:79:28:6D:19:53
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       20B833B503D1F54931DC67FE98E19A8ED855DE7E
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402203.roa
Signing time:             Tue 24 Mar 2026 07:28:45 +0000
ROA not before:           Tue 24 Mar 2026 07:23:45 +0000
ROA not after:            Tue 23 Mar 2027 07:28:45 +0000
asID:                     402203
IP address blocks:        185.158.135.0/24 maxlen: 24
                          191.101.22.0/24 maxlen: 24
                          193.107.210.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:b8:33:b5:03:d1:f5:49:31:dc:67:fe:98:e1:9a:8e:d8:55:de:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 24 07:23:45 2026 GMT
            Not After : Mar 23 07:28:45 2027 GMT
        Subject: CN=86D53E4E75A50FEA92DB3BCE8BE22679286D1953
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d9:ef:94:b6:3e:aa:32:b7:f2:8c:50:1d:ac:
                    80:8a:ca:47:f9:7b:a5:c6:2d:f8:32:35:59:bf:4e:
                    3b:ed:4a:c2:ff:d1:e9:fe:39:e1:f2:62:11:4a:db:
                    da:77:3c:d9:54:8e:0b:47:0e:0e:39:46:48:0a:17:
                    a6:a7:2e:d1:82:f3:1a:7c:4e:92:dd:8e:e7:db:b8:
                    cf:dc:d4:ce:70:3d:b1:5c:06:53:26:41:91:84:06:
                    46:72:3d:4b:19:1a:b6:6e:2f:a2:85:6d:5a:c1:97:
                    68:37:38:98:b0:08:7c:f8:04:0a:05:77:cb:4f:a0:
                    54:46:54:bf:74:7d:f0:f4:bf:bb:53:cc:86:29:f0:
                    60:16:ee:c4:a8:19:7e:86:18:d7:7f:7c:04:c4:0d:
                    f5:ac:58:d3:b8:55:b3:89:be:d2:e0:68:e0:86:6e:
                    13:d7:34:38:62:34:c6:f5:74:c1:09:4f:7b:1d:49:
                    2c:1c:47:78:1f:f1:74:c4:a5:b5:f3:54:8c:aa:2b:
                    d8:4c:4b:5d:eb:b9:2d:1e:09:d3:f1:22:95:b9:55:
                    56:67:be:8a:7a:b4:32:15:93:e9:ba:8f:01:6a:b6:
                    f2:8f:d7:33:73:b4:f2:a9:f7:11:57:af:3b:9c:d7:
                    0b:dd:91:02:d3:2c:33:0c:1c:26:a6:e4:4f:0d:f7:
                    a4:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:D5:3E:4E:75:A5:0F:EA:92:DB:3B:CE:8B:E2:26:79:28:6D:19:53
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.158.135.0/24
                  191.101.22.0/24
                  193.107.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:bd:76:58:73:0c:c9:66:1c:b0:89:21:e6:de:19:9c:30:ba:
         4d:54:f6:e2:23:b6:e2:cd:3d:80:3e:76:5f:e4:50:a6:ab:33:
         f3:17:2b:e0:92:81:54:1e:72:8c:95:38:32:f0:98:86:fd:d2:
         ec:4b:01:d8:e1:35:79:ff:38:d5:dd:ed:0b:6d:b0:64:f1:e8:
         ca:d5:de:1a:b7:1a:d4:57:7d:0a:51:76:6e:e2:c4:90:fa:b3:
         53:56:24:6e:79:7c:52:2d:8f:c1:01:aa:43:f9:64:73:c1:0e:
         ad:e7:90:8c:0a:a8:e0:6a:af:ed:6b:7d:aa:c8:d4:70:17:a3:
         50:4a:4c:42:cc:cd:ef:1c:6f:95:37:e1:c6:04:15:f3:df:24:
         17:49:a4:5f:e9:82:ee:26:9b:f4:78:c9:53:73:bd:cd:d7:c4:
         f5:d5:d7:00:5f:8d:ba:78:ac:2a:72:54:42:81:57:02:79:16:
         1f:06:9a:e7:e0:69:34:b1:3e:a7:b1:c1:b7:02:d9:61:ce:c1:
         69:be:34:28:5d:e2:ac:46:a6:7c:a2:eb:c2:1a:11:0e:7b:b7:
         16:89:4e:6c:33:c6:79:11:c0:d3:3b:eb:04:f2:1d:04:9f:27:
         df:9c:35:09:a5:8d:84:e8:23:c6:95:2c:5a:8f:b5:23:6d:e2:
         13:c1:d9:21
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUILgztQPR9Ukx3Gf+mOGajthV3n4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMjQwNzIzNDVaFw0yNzAzMjMwNzI4NDVaMDMxMTAvBgNV
BAMTKDg2RDUzRTRFNzVBNTBGRUE5MkRCM0JDRThCRTIyNjc5Mjg2RDE5NTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv2e+Utj6qMrfyjFAdrICKykf5
e6XGLfgyNVm/TjvtSsL/0en+OeHyYhFK29p3PNlUjgtHDg45RkgKF6anLtGC8xp8
TpLdjufbuM/c1M5wPbFcBlMmQZGEBkZyPUsZGrZuL6KFbVrBl2g3OJiwCHz4BAoF
d8tPoFRGVL90ffD0v7tTzIYp8GAW7sSoGX6GGNd/fATEDfWsWNO4VbOJvtLgaOCG
bhPXNDhiNMb1dMEJT3sdSSwcR3gf8XTEpbXzVIyqK9hMS13ruS0eCdPxIpW5VVZn
vop6tDIVk+m6jwFqtvKP1zNztPKp9xFXrzuc1wvdkQLTLDMMHCam5E8N96QRAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUhtU+TnWlD+qS2zvOi+ImeShtGVMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAyMjAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuZ6H
AwQAv2UWAwQAwWvSMA0GCSqGSIb3DQEBCwUAA4IBAQBNvXZYcwzJZhywiSHm3hmc
MLpNVPbiI7bizT2APnZf5FCmqzPzFyvgkoFUHnKMlTgy8JiG/dLsSwHY4TV5/zjV
3e0LbbBk8ejK1d4atxrUV30KUXZu4sSQ+rNTViRueXxSLY/BAapD+WRzwQ6t55CM
Cqjgaq/ta32qyNRwF6NQSkxCzM3vHG+VN+HGBBXz3yQXSaRf6YLuJpv0eMlTc73N
18T11dcAX426eKwqclRCgVcCeRYfBprn4Gk0sT6nscG3AtlhzsFpvjQoXeKsRqZ8
ouvCGhEOe7cWiU5sM8Z5EcDTO+sE8h0EnyffnDUJpY2E6CPGlSxaj7UjbeITwdkh
-----END CERTIFICATE-----