Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS402203.roa
File:                     AS402203.roa (raw, json)
Hash identifier:          PvsVRTxCi+DdJbz5qS6Zo3OTqNqNSdeRt2sGGwthZ3g=
Subject key identifier:   1A:94:63:17:1A:1D:AF:8D:32:C7:E9:0D:55:D9:B1:18:0D:C1:B6:AF
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       4B548032BEA453C1322D39BA7EED4E6915104E05
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS402203.roa
Signing time:             Mon 23 Mar 2026 05:54:50 +0000
ROA not before:           Mon 23 Mar 2026 05:49:50 +0000
ROA not after:            Mon 22 Mar 2027 05:54:50 +0000
asID:                     402203
IP address blocks:        193.111.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:43:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:54:80:32:be:a4:53:c1:32:2d:39:ba:7e:ed:4e:69:15:10:4e:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar 23 05:49:50 2026 GMT
            Not After : Mar 22 05:54:50 2027 GMT
        Subject: CN=1A9463171A1DAF8D32C7E90D55D9B1180DC1B6AF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:55:ee:19:89:1b:5b:9f:c3:4d:31:95:81:f1:
                    92:36:1f:93:47:9b:37:46:88:fb:41:dd:05:cd:e6:
                    69:4d:67:b0:9f:8f:17:b3:32:77:db:43:25:bb:49:
                    bb:50:cb:da:bf:a7:f1:4d:fc:d5:fe:5e:16:1c:54:
                    c6:d2:e9:90:a1:01:90:31:50:75:8f:16:03:e1:e1:
                    58:24:76:30:da:8f:f3:e8:0c:ff:41:75:18:42:95:
                    c4:b5:82:d2:c2:25:ca:3c:ad:6b:d8:bf:33:67:dc:
                    85:0b:4a:5c:30:ee:d4:5b:dc:9c:3c:7f:83:d1:d6:
                    86:bd:07:d9:f3:2f:49:26:60:41:20:4f:c1:e4:82:
                    ee:70:d6:76:24:2d:07:00:73:23:1e:f2:37:c8:3f:
                    1a:fb:5b:df:c4:1a:c3:c2:6a:51:2c:d0:d3:a5:e0:
                    4a:ce:3c:a5:08:40:cc:1e:0c:0c:06:79:1b:c9:10:
                    7d:47:45:b6:2b:35:a7:18:45:27:53:11:e4:d2:5c:
                    e7:33:eb:a9:d6:77:c1:7f:7e:1a:8c:63:fb:37:53:
                    fb:1f:e5:da:f2:e5:b5:c2:68:c4:70:f9:72:d9:6d:
                    f7:20:a3:02:ea:4c:9b:f8:99:4e:d6:cd:dc:03:76:
                    30:dd:3c:f8:2d:b1:30:ae:3d:75:ce:f7:87:75:6d:
                    e5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:94:63:17:1A:1D:AF:8D:32:C7:E9:0D:55:D9:B1:18:0D:C1:B6:AF
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS402203.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:90:cc:9c:2b:3f:a8:48:1b:33:7e:64:09:0b:a0:e7:6a:7b:
         cf:ed:49:d9:27:98:1c:3f:41:f7:52:35:29:62:ae:c1:9a:68:
         33:4f:ce:5c:3d:39:4f:34:b1:6d:92:39:dc:55:d4:3d:b2:8e:
         30:79:fd:34:b9:5c:6f:87:ff:3e:37:c0:2a:0a:54:39:2e:5e:
         ac:f2:08:27:08:81:4c:eb:bf:1a:ea:f7:23:86:cd:56:e0:bd:
         82:d4:4d:bf:92:d4:5f:68:5a:46:10:24:36:6f:09:78:84:77:
         ff:1c:6e:70:43:4b:88:c8:3f:14:86:1e:82:76:3d:91:f0:88:
         3e:60:1d:30:74:a7:e4:89:a9:51:14:f1:2b:bc:50:3f:a1:65:
         49:f9:f6:75:3c:9a:8f:54:42:f6:fe:c9:20:82:c2:2c:34:80:
         50:e8:bd:17:2b:d1:d1:88:54:d6:e7:a2:8c:45:e6:85:89:8a:
         a7:51:b1:62:43:a7:bc:d2:5d:ce:4f:e0:a6:aa:aa:39:4d:e0:
         44:c4:53:0e:fa:a4:da:2c:e3:b4:7c:8f:79:52:ff:8e:2a:db:
         92:ba:8b:0f:02:9b:b1:0f:d7:c1:99:21:fc:86:9d:92:3b:35:
         20:15:90:90:42:31:cd:7a:46:b1:08:48:18:6f:38:e4:fe:4b:
         8d:df:0a:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS1SAMr6kU8EyLTm6fu1OaRUQTgUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAzMjMwNTQ5NTBaFw0yNzAzMjIwNTU0NTBaMDMxMTAvBgNV
BAMTKDFBOTQ2MzE3MUExREFGOEQzMkM3RTkwRDU1RDlCMTE4MERDMUI2QUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRVe4ZiRtbn8NNMZWB8ZI2H5NH
mzdGiPtB3QXN5mlNZ7CfjxezMnfbQyW7SbtQy9q/p/FN/NX+XhYcVMbS6ZChAZAx
UHWPFgPh4VgkdjDaj/PoDP9BdRhClcS1gtLCJco8rWvYvzNn3IULSlww7tRb3Jw8
f4PR1oa9B9nzL0kmYEEgT8Hkgu5w1nYkLQcAcyMe8jfIPxr7W9/EGsPCalEs0NOl
4ErOPKUIQMweDAwGeRvJEH1HRbYrNacYRSdTEeTSXOcz66nWd8F/fhqMY/s3U/sf
5dry5bXCaMRw+XLZbfcgowLqTJv4mU7WzdwDdjDdPPgtsTCuPXXO94d1beWpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUGpRjFxodr40yx+kNVdmxGA3Btq8wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDAyMjAzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW90
MA0GCSqGSIb3DQEBCwUAA4IBAQDFkMycKz+oSBszfmQJC6DnanvP7UnZJ5gcP0H3
UjUpYq7BmmgzT85cPTlPNLFtkjncVdQ9so4wef00uVxvh/8+N8AqClQ5Ll6s8ggn
CIFM678a6vcjhs1W4L2C1E2/ktRfaFpGECQ2bwl4hHf/HG5wQ0uIyD8Uhh6Cdj2R
8Ig+YB0wdKfkialRFPErvFA/oWVJ+fZ1PJqPVEL2/skggsIsNIBQ6L0XK9HRiFTW
56KMReaFiYqnUbFiQ6e80l3OT+Cmqqo5TeBExFMO+qTaLOO0fI95Uv+OKtuSuosP
ApuxD9fBmSH8hp2SOzUgFZCQQjHNekaxCEgYbzjk/kuN3wrg
-----END CERTIFICATE-----