Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
File:                     AS399641.roa (raw, json)
Hash identifier:          kGIO641cnbLsSZ8WrC+egDU/hB74BzSbwf1/sJyYvrw=
Subject key identifier:   00:87:CF:1D:42:65:03:99:F0:49:5D:D2:EF:00:BD:36:F5:91:28:91
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       6B59FE9089CD8A9B8D19D692D966A324B9EA956D
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa
Signing time:             Tue 30 Sep 2025 15:55:07 +0000
ROA not before:           Tue 30 Sep 2025 15:50:07 +0000
ROA not after:            Tue 29 Sep 2026 15:55:07 +0000
asID:                     399641
IP address blocks:        141.11.19.0/24 maxlen: 24
                          141.11.30.0/24 maxlen: 24
                          141.11.176.0/24 maxlen: 24
                          141.11.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:59:fe:90:89:cd:8a:9b:8d:19:d6:92:d9:66:a3:24:b9:ea:95:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Sep 30 15:50:07 2025 GMT
            Not After : Sep 29 15:55:07 2026 GMT
        Subject: CN=0087CF1D42650399F0495DD2EF00BD36F5912891
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:ee:3d:da:02:82:4e:e7:19:f0:ce:11:42:24:
                    79:38:28:c3:ca:43:16:22:8c:92:9a:a8:46:78:32:
                    c5:f9:04:d6:0a:61:8f:1a:32:c2:9e:d2:f2:d8:30:
                    67:4e:5c:d3:45:7d:d4:a1:b9:66:15:74:8c:77:05:
                    c9:ba:1a:fb:11:84:f0:88:cf:ae:b7:97:c9:8e:ea:
                    d8:0d:d8:1b:91:aa:56:8d:a0:72:47:a4:23:27:9c:
                    b4:6b:55:8b:17:a3:d5:17:6d:b6:e5:a7:b7:f0:f5:
                    3c:73:02:be:da:70:47:94:7b:26:6d:88:f8:9e:55:
                    50:fe:65:ad:f1:5b:31:63:4f:53:cb:4b:f4:b5:a7:
                    dd:fb:f0:30:5a:56:b5:0c:f6:78:a6:c5:f0:47:1b:
                    66:b4:18:8a:73:21:17:04:c2:1a:97:34:a9:df:95:
                    c1:7c:cd:9d:dd:1e:09:2c:58:7d:f4:7e:b7:63:05:
                    8d:05:09:25:2d:17:23:b2:5b:d3:f4:e6:22:68:2d:
                    f4:15:15:46:53:5d:e8:30:c3:2a:e6:3d:49:73:20:
                    a9:a8:66:5d:0a:51:7f:e9:af:37:9e:c8:e4:42:7b:
                    62:09:7e:8a:48:17:17:96:08:cf:15:08:5f:18:4d:
                    cd:f6:c0:6d:77:0b:51:b9:15:28:f7:be:85:b2:99:
                    93:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:87:CF:1D:42:65:03:99:F0:49:5D:D2:EF:00:BD:36:F5:91:28:91
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399641.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.19.0/24
                  141.11.30.0/24
                  141.11.176.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:11:c1:a2:39:4b:9a:2f:69:25:43:f8:22:83:92:4c:aa:e4:
         11:20:b5:0b:ee:6d:18:ed:41:2c:1e:e7:4e:9f:33:b0:c8:51:
         3a:e0:09:ea:f7:2e:c9:ad:f0:c5:fc:d9:34:60:c5:9d:77:04:
         d7:c5:57:10:37:17:17:3b:60:0f:2b:34:98:9e:e0:40:2f:f1:
         ba:3f:93:0b:45:6f:f8:af:84:bc:12:f2:cd:bf:92:3f:b9:87:
         52:59:e7:db:1c:41:64:0f:17:15:0b:be:3a:24:a3:1f:c9:83:
         82:2a:a0:71:a1:a7:a9:86:27:02:ea:cb:6a:fe:d4:d3:7d:9e:
         d7:e2:d4:d1:8d:95:af:ba:ac:57:4d:aa:70:7b:2e:d8:b5:5b:
         66:8d:00:31:c0:14:32:68:0f:4b:cf:9e:88:70:07:a6:2f:63:
         52:a2:c3:5f:c1:99:3a:2a:91:10:34:fd:5f:6f:50:73:5f:78:
         1e:e2:8d:5c:bf:80:26:db:9c:cd:94:cb:da:89:f2:b9:57:fb:
         e7:73:4d:a8:83:25:d7:2e:35:87:49:1a:eb:12:10:80:c7:29:
         dc:82:2a:97:60:4d:0b:c0:90:c5:f7:42:c4:6f:6a:43:85:96:
         ef:1f:ed:9b:61:50:1b:93:3c:0a:38:2c:a2:e1:4a:0d:69:26:
         d5:d5:e3:b5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUa1n+kInNipuNGdaS2WajJLnqlW0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA5MzAxNTUwMDdaFw0yNjA5MjkxNTU1MDdaMDMxMTAvBgNV
BAMTKDAwODdDRjFENDI2NTAzOTlGMDQ5NUREMkVGMDBCRDM2RjU5MTI4OTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV7j3aAoJO5xnwzhFCJHk4KMPK
QxYijJKaqEZ4MsX5BNYKYY8aMsKe0vLYMGdOXNNFfdShuWYVdIx3Bcm6GvsRhPCI
z663l8mO6tgN2BuRqlaNoHJHpCMnnLRrVYsXo9UXbbblp7fw9TxzAr7acEeUeyZt
iPieVVD+Za3xWzFjT1PLS/S1p9378DBaVrUM9nimxfBHG2a0GIpzIRcEwhqXNKnf
lcF8zZ3dHgksWH30frdjBY0FCSUtFyOyW9P05iJoLfQVFUZTXegwwyrmPUlzIKmo
Zl0KUX/przeeyORCe2IJfopIFxeWCM8VCF8YTc32wG13C1G5FSj3voWymZONAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUAIfPHUJlA5nwSV3S7wC9NvWRKJEwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5NjQxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjQsT
AwQAjQseAwQBjQuwMA0GCSqGSIb3DQEBCwUAA4IBAQBtEcGiOUuaL2klQ/gig5JM
quQRILUL7m0Y7UEsHudOnzOwyFE64Anq9y7JrfDF/Nk0YMWddwTXxVcQNxcXO2AP
KzSYnuBAL/G6P5MLRW/4r4S8EvLNv5I/uYdSWefbHEFkDxcVC746JKMfyYOCKqBx
oaephicC6stq/tTTfZ7X4tTRjZWvuqxXTapwey7YtVtmjQAxwBQyaA9Lz56IcAem
L2NSosNfwZk6KpEQNP1fb1BzX3ge4o1cv4Am25zNlMvaifK5V/vnc02ogyXXLjWH
SRrrEhCAxyncgiqXYE0LwJDF90LEb2pDhZbvH+2bYVAbkzwKOCyi4UoNaSbV1eO1
-----END CERTIFICATE-----