Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          U+HuBEWrIzcwNwqvJL9Adc9ChMLNJN5RP64zmV5mdPM=
Subject key identifier:   01:35:7E:14:DC:D3:F1:EF:E4:C7:DE:9D:0D:32:8A:7A:A3:C9:5D:DF
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       462B4BF00CC835180DBE255097DB82E090001360
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402215.roa
Signing time:             Thu 07 May 2026 11:19:49 +0000
ROA not before:           Thu 07 May 2026 11:14:49 +0000
ROA not after:            Thu 06 May 2027 11:19:49 +0000
asID:                     402215
IP address blocks:        181.41.211.0/24 maxlen: 24
                          191.101.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:12:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            46:2b:4b:f0:0c:c8:35:18:0d:be:25:50:97:db:82:e0:90:00:13:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  7 11:14:49 2026 GMT
            Not After : May  6 11:19:49 2027 GMT
        Subject: CN=01357E14DCD3F1EFE4C7DE9D0D328A7AA3C95DDF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e5:15:29:f8:a5:e3:e0:8f:0d:ac:e0:8a:c7:
                    bd:be:e8:ac:97:1d:6f:3e:5f:d4:f0:bd:1e:24:59:
                    57:57:59:93:2a:5f:bd:4a:d4:ff:3f:9d:0e:63:ee:
                    88:fd:a3:e9:b3:36:79:ef:fd:1b:57:1e:31:f5:0c:
                    a9:2a:ca:2d:be:de:01:94:eb:2c:6d:5b:27:36:be:
                    73:d2:2b:9e:77:44:cd:08:0d:85:09:97:58:4f:72:
                    5d:9d:99:38:72:42:a8:b2:09:97:64:35:b2:bb:16:
                    97:fb:40:e4:80:df:a4:ef:0a:9c:23:ad:1b:d6:8d:
                    e0:cd:00:fe:49:bf:78:30:f9:4a:e5:47:05:6b:60:
                    36:af:ce:93:84:2a:51:ff:50:4c:6f:fd:e0:d6:5d:
                    fd:66:f2:f7:73:de:94:2e:f2:80:c4:19:ca:6c:3f:
                    49:be:e8:5b:e9:3b:de:ad:48:8d:47:dd:2d:65:bc:
                    6b:32:0a:0f:cc:53:cb:2c:f0:f6:e5:b5:e6:a0:4a:
                    f7:eb:ab:44:f4:3b:dc:81:9a:5f:77:f5:bd:1c:86:
                    51:88:a2:36:d7:f9:18:96:2f:59:69:18:fb:78:5c:
                    9a:dc:3d:a4:c3:fb:3b:ac:f3:d2:cb:be:8f:fa:42:
                    e9:4e:76:f9:64:25:54:d8:d4:2e:59:3a:4a:d4:df:
                    2e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:35:7E:14:DC:D3:F1:EF:E4:C7:DE:9D:0D:32:8A:7A:A3:C9:5D:DF
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.41.211.0/24
                  191.101.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:b7:7b:86:1c:e7:d3:ac:a5:2a:44:b0:fa:47:82:3b:12:01:
         ac:08:c9:eb:8d:8a:63:46:11:d9:31:bd:18:bf:f3:20:a1:d0:
         ee:be:21:d7:a5:e5:a9:a1:c3:c0:48:80:c8:2b:ea:60:29:53:
         1f:cc:a8:52:35:18:e0:f6:16:f9:c8:a8:69:c2:c5:89:df:7c:
         47:ac:4e:db:e0:83:38:22:6d:12:1e:33:f0:0f:64:4d:45:57:
         0f:30:61:53:0b:01:18:45:fd:9b:5c:09:ba:95:84:f7:e2:4a:
         f3:34:a9:f4:f8:c0:ef:08:03:ce:58:88:55:74:ff:e4:9b:20:
         a6:4b:bf:f7:e7:1f:0c:60:01:80:83:32:bf:25:36:9f:04:4f:
         1e:58:96:80:ae:c4:81:19:21:5c:ba:ec:62:f1:59:c6:3c:0c:
         aa:9e:58:97:dc:85:e1:60:02:9d:20:4e:b1:d7:54:b6:f2:55:
         ca:12:5f:55:e7:1b:27:66:27:66:47:a1:2a:3e:3a:c8:6e:39:
         c6:05:6c:c7:59:8d:0f:a2:98:79:70:a1:9e:68:64:8e:e5:94:
         73:dd:c8:f3:6c:d7:75:b3:9f:43:ce:89:fc:9e:22:b8:96:0b:
         e0:f7:c5:4a:8e:8e:c0:f9:1d:27:8c:57:b2:24:82:5d:83:84:
         dc:a7:0c:2f
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIURitL8AzINRgNviVQl9uC4JAAE2AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MDcxMTE0NDlaFw0yNzA1MDYxMTE5NDlaMDMxMTAvBgNV
BAMTKDAxMzU3RTE0RENEM0YxRUZFNEM3REU5RDBEMzI4QTdBQTNDOTVEREYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDp5RUp+KXj4I8NrOCKx72+6KyX
HW8+X9TwvR4kWVdXWZMqX71K1P8/nQ5j7oj9o+mzNnnv/RtXHjH1DKkqyi2+3gGU
6yxtWyc2vnPSK553RM0IDYUJl1hPcl2dmThyQqiyCZdkNbK7Fpf7QOSA36TvCpwj
rRvWjeDNAP5Jv3gw+UrlRwVrYDavzpOEKlH/UExv/eDWXf1m8vdz3pQu8oDEGcps
P0m+6FvpO96tSI1H3S1lvGsyCg/MU8ss8PblteagSvfrq0T0O9yBml939b0chlGI
ojbX+RiWL1lpGPt4XJrcPaTD+zus89LLvo/6QulOdvlkJVTY1C5ZOkrU3y6LAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUATV+FNzT8e/kx96dDTKKeqPJXd8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAtSnT
AwQAv2VYMA0GCSqGSIb3DQEBCwUAA4IBAQAct3uGHOfTrKUqRLD6R4I7EgGsCMnr
jYpjRhHZMb0Yv/MgodDuviHXpeWpocPASIDIK+pgKVMfzKhSNRjg9hb5yKhpwsWJ
33xHrE7b4IM4Im0SHjPwD2RNRVcPMGFTCwEYRf2bXAm6lYT34krzNKn0+MDvCAPO
WIhVdP/kmyCmS7/35x8MYAGAgzK/JTafBE8eWJaArsSBGSFcuuxi8VnGPAyqnliX
3IXhYAKdIE6x11S28lXKEl9V5xsnZidmR6EqPjrIbjnGBWzHWY0Poph5cKGeaGSO
5ZRz3cjzbNd1s59Dzon8niK4lgvg98VKjo7A+R0njFeyJIJdg4Tcpwwv
-----END CERTIFICATE-----