Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS401399.roa
File:                     AS401399.roa (raw, json)
Hash identifier:          b96WH4PhYyBOUkjP8k4RAlIJeubDqReaYKyI67J2u0Q=
Subject key identifier:   86:AD:D3:D8:3F:02:9E:4B:D8:89:AD:5C:1C:87:63:5B:BB:48:50:05
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       0BC7BA77BF1D5977076A23710A7EE0D283E101A5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS401399.roa
Signing time:             Thu 11 Sep 2025 06:07:51 +0000
ROA not before:           Thu 11 Sep 2025 06:02:51 +0000
ROA not after:            Thu 10 Sep 2026 06:07:51 +0000
asID:                     401399
IP address blocks:        2a0f:85c1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:c7:ba:77:bf:1d:59:77:07:6a:23:71:0a:7e:e0:d2:83:e1:01:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 11 06:02:51 2025 GMT
            Not After : Sep 10 06:07:51 2026 GMT
        Subject: CN=86ADD3D83F029E4BD889AD5C1C87635BBB485005
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:c8:5e:83:d5:f8:de:e3:0f:28:e9:4d:c1:31:
                    5c:88:08:8e:ef:95:c4:f6:70:0a:8c:6f:76:67:55:
                    0b:29:76:04:d4:a3:38:f1:b4:5f:1a:06:24:3b:eb:
                    07:d9:53:17:d9:05:ef:8e:97:6c:4f:05:4b:c2:ff:
                    4e:3d:d2:46:5c:b8:14:f4:bc:62:1c:aa:0d:d0:24:
                    e9:33:a6:12:88:97:84:23:b8:a1:b4:4f:59:2c:99:
                    86:ac:1e:c7:5c:18:b6:66:b7:d5:50:01:86:da:0b:
                    b7:10:a3:57:70:dd:8e:2d:14:e0:d0:29:5a:60:0f:
                    c3:51:c3:cd:7a:fa:90:e7:25:eb:f4:92:66:a5:29:
                    f1:c8:7a:6d:0e:a0:93:1f:68:b7:a6:68:04:66:62:
                    e5:74:4c:34:e3:1a:10:46:35:f3:00:99:22:c6:38:
                    73:b2:6b:1c:e9:85:06:71:a3:a5:f2:0b:3d:de:bc:
                    5c:c6:81:d4:cc:34:30:1c:b2:2b:cb:7e:18:7b:87:
                    ea:0e:95:ff:5f:14:5b:4f:0f:ca:0d:e9:e6:ed:72:
                    ef:9d:e5:cc:85:75:8a:ce:b8:cd:eb:18:32:1f:0b:
                    8e:8f:44:a6:d0:9f:3a:ff:56:88:27:c4:a8:59:50:
                    bc:32:f6:ec:33:5c:2a:59:06:e9:26:11:96:9d:86:
                    7e:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:AD:D3:D8:3F:02:9E:4B:D8:89:AD:5C:1C:87:63:5B:BB:48:50:05
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS401399.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:4b:e6:36:b1:23:c7:99:d5:6d:a1:3a:ad:1d:e8:a9:8f:d5:
         c5:13:7d:54:47:db:97:c1:19:71:aa:ba:f0:c6:4a:51:2b:6e:
         be:93:d2:ca:ae:d7:4a:00:17:68:12:9e:c2:06:dc:67:8a:03:
         14:ca:72:4f:d0:5e:0e:89:a2:9d:83:6f:18:bc:82:0e:04:30:
         0e:d1:0a:f3:9f:6a:72:d2:38:00:e0:c4:6c:b2:27:55:1a:07:
         2a:0b:e0:f5:f8:55:25:e4:16:5e:1c:8a:9f:30:e8:18:cf:83:
         05:95:29:dd:21:55:90:68:12:aa:53:43:b8:c9:ea:26:0b:64:
         ea:e9:34:09:be:0e:75:a6:ef:44:05:f7:cb:b0:04:df:13:68:
         83:e3:37:8e:57:d9:4e:48:3b:bd:c0:33:7d:0b:ee:11:22:d0:
         3d:a1:a5:4f:c0:e0:e4:a0:e8:b7:0c:a8:5a:eb:ad:53:48:04:
         84:be:5a:da:21:8a:50:13:2a:64:20:78:93:5b:3d:a9:fb:31:
         cc:f6:1c:8c:62:3e:6c:54:42:51:78:80:45:8d:ad:be:37:b2:
         03:fc:d2:5e:57:fe:b0:78:74:07:ed:18:63:9b:78:3f:4b:f3:
         e2:49:dd:55:07:26:ab:50:15:e2:3f:f4:74:28:4e:9b:0d:20:
         43:2c:de:9d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUC8e6d78dWXcHaiNxCn7g0oPhAaUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA5MTEwNjAyNTFaFw0yNjA5MTAwNjA3NTFaMDMxMTAvBgNV
BAMTKDg2QUREM0Q4M0YwMjlFNEJEODg5QUQ1QzFDODc2MzVCQkI0ODUwMDUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2yF6D1fje4w8o6U3BMVyICI7v
lcT2cAqMb3ZnVQspdgTUozjxtF8aBiQ76wfZUxfZBe+Ol2xPBUvC/0490kZcuBT0
vGIcqg3QJOkzphKIl4QjuKG0T1ksmYasHsdcGLZmt9VQAYbaC7cQo1dw3Y4tFODQ
KVpgD8NRw816+pDnJev0kmalKfHIem0OoJMfaLemaARmYuV0TDTjGhBGNfMAmSLG
OHOyaxzphQZxo6XyCz3evFzGgdTMNDAcsivLfhh7h+oOlf9fFFtPD8oN6ebtcu+d
5cyFdYrOuM3rGDIfC46PRKbQnzr/VognxKhZULwy9uwzXCpZBukmEZadhn6hAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUhq3T2D8CnkvYia1cHIdjW7tIUAUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTNDAxMzk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQAAMA0GCSqGSIb3DQEBCwUAA4IBAQBXS+Y2sSPHmdVtoTqtHeipj9XFE31UR9uX
wRlxqrrwxkpRK26+k9LKrtdKABdoEp7CBtxnigMUynJP0F4OiaKdg28YvIIOBDAO
0Qrzn2py0jgA4MRssidVGgcqC+D1+FUl5BZeHIqfMOgYz4MFlSndIVWQaBKqU0O4
yeomC2Tq6TQJvg51pu9EBffLsATfE2iD4zeOV9lOSDu9wDN9C+4RItA9oaVPwODk
oOi3DKha661TSASEvlraIYpQEypkIHiTWz2p+zHM9hyMYj5sVEJReIBFja2+N7ID
/NJeV/6weHQH7Rhjm3g/S/PiSd1VByarUBXiP/R0KE6bDSBDLN6d
-----END CERTIFICATE-----