Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401322.roa
File:                     AS401322.roa (raw, json)
Hash identifier:          /Po2lLuFuJyjO1YghO2T0mKMiHozzeCEebVrNFyS88U=
Subject key identifier:   59:6A:27:39:D1:04:FB:89:C4:3C:D9:70:7D:42:A7:E9:2E:06:DE:62
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       1069ED4A99613DB4630DB7E75BB060EEAA3A45FB
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401322.roa
Signing time:             Thu 26 Mar 2026 04:33:30 +0000
ROA not before:           Thu 26 Mar 2026 04:28:30 +0000
ROA not after:            Thu 25 Mar 2027 04:33:30 +0000
asID:                     401322
IP address blocks:        141.11.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 04:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:69:ed:4a:99:61:3d:b4:63:0d:b7:e7:5b:b0:60:ee:aa:3a:45:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Mar 26 04:28:30 2026 GMT
            Not After : Mar 25 04:33:30 2027 GMT
        Subject: CN=596A2739D104FB89C43CD9707D42A7E92E06DE62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:53:2d:10:e7:95:54:8d:9b:1d:f7:61:3b:66:
                    5e:fe:b0:13:4d:ae:bc:50:1d:b5:33:52:24:d3:a5:
                    21:80:d5:07:63:8e:72:9f:b9:81:70:9c:69:22:07:
                    bc:da:4d:fe:04:22:48:33:0d:33:f1:5b:e1:21:4b:
                    ef:fb:a4:42:be:6f:25:3d:ec:50:37:90:2f:d2:34:
                    71:1d:4f:e4:df:e5:9b:7c:1e:09:a5:35:f6:d0:1c:
                    3e:60:1c:af:da:fc:6b:55:a4:46:70:f1:e8:da:c8:
                    1e:54:74:8c:d3:6d:94:19:f8:c7:38:b6:2b:67:68:
                    e6:99:e5:38:d3:12:8b:e1:cc:4d:85:f3:d2:3d:46:
                    1d:b5:1a:88:7d:81:59:9b:c9:7e:58:70:98:08:61:
                    c9:3c:3e:9b:57:2b:57:18:c5:4d:5c:25:b9:11:67:
                    48:c9:e0:3f:60:50:5c:b1:cd:06:ce:c2:d8:74:d3:
                    b1:7e:09:de:e6:64:bd:6f:ad:0f:4a:6c:f1:9b:7e:
                    35:9e:12:83:ac:9a:b7:aa:b3:f7:e4:ea:e6:f8:e8:
                    20:c5:df:ef:64:a2:10:1c:09:a2:54:95:e8:57:dd:
                    71:bc:31:6e:f4:12:1c:3d:ef:13:d1:1c:25:f5:26:
                    e3:a7:79:8c:ce:60:f9:b4:ba:7d:e6:15:35:42:d6:
                    6e:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:6A:27:39:D1:04:FB:89:C4:3C:D9:70:7D:42:A7:E9:2E:06:DE:62
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:d3:53:ae:60:fc:37:68:f2:c5:c3:2c:31:ac:1b:71:29:74:
         d5:e3:f3:b4:0e:d7:33:18:70:8c:3d:f1:f2:e9:ac:d1:a6:2d:
         c9:23:7f:07:15:82:0a:fe:45:e2:da:43:df:e1:04:ba:75:87:
         d7:86:d4:60:94:20:d8:65:dd:0d:f3:bd:e7:a0:c3:07:d5:4c:
         21:a7:f6:19:2e:59:ce:05:25:b2:0f:85:1a:b7:ab:8a:bd:ce:
         e5:6e:5d:a8:73:ce:06:43:c3:f1:de:eb:57:d7:10:1d:70:5c:
         b6:b1:47:31:59:d3:0c:d7:fb:bc:bc:88:1e:98:85:8e:64:d7:
         e9:bc:b1:5a:fa:8e:83:a5:51:2c:21:a2:d9:4b:b9:5d:c2:3a:
         74:c1:37:08:4a:57:65:8c:01:f4:90:1f:d8:f4:12:4d:d4:4a:
         d2:e0:4a:06:d8:50:13:3e:46:36:c0:26:96:74:3c:60:bb:76:
         8f:4a:55:9a:01:53:0d:1b:9c:ac:3d:9b:fb:c5:11:1d:f4:bf:
         1f:c0:25:c2:17:e1:1c:16:29:24:10:3f:b0:fc:37:ea:d1:0f:
         21:b8:2e:ee:de:63:ed:ba:77:fc:c9:06:20:73:94:0c:f9:ad:
         45:e0:19:0b:96:24:81:29:07:42:98:d5:3e:04:d4:a9:80:18:
         e8:ed:8b:16
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEGntSplhPbRjDbfnW7Bg7qo6RfswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAzMjYwNDI4MzBaFw0yNzAzMjUwNDMzMzBaMDMxMTAvBgNV
BAMTKDU5NkEyNzM5RDEwNEZCODlDNDNDRDk3MDdENDJBN0U5MkUwNkRFNjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDlUy0Q55VUjZsd92E7Zl7+sBNN
rrxQHbUzUiTTpSGA1QdjjnKfuYFwnGkiB7zaTf4EIkgzDTPxW+EhS+/7pEK+byU9
7FA3kC/SNHEdT+Tf5Zt8HgmlNfbQHD5gHK/a/GtVpEZw8ejayB5UdIzTbZQZ+Mc4
titnaOaZ5TjTEovhzE2F89I9Rh21Goh9gVmbyX5YcJgIYck8PptXK1cYxU1cJbkR
Z0jJ4D9gUFyxzQbOwth007F+Cd7mZL1vrQ9KbPGbfjWeEoOsmreqs/fk6ub46CDF
3+9kohAcCaJUlehX3XG8MW70Ehw97xPRHCX1JuOneYzOYPm0un3mFTVC1m65AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWWonOdEE+4nEPNlwfUKn6S4G3mIwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAxMzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQvt
MA0GCSqGSIb3DQEBCwUAA4IBAQDE01OuYPw3aPLFwywxrBtxKXTV4/O0DtczGHCM
PfHy6azRpi3JI38HFYIK/kXi2kPf4QS6dYfXhtRglCDYZd0N873noMMH1Uwhp/YZ
LlnOBSWyD4Uat6uKvc7lbl2oc84GQ8Px3utX1xAdcFy2sUcxWdMM1/u8vIgemIWO
ZNfpvLFa+o6DpVEsIaLZS7ldwjp0wTcISldljAH0kB/Y9BJN1ErS4EoG2FATPkY2
wCaWdDxgu3aPSlWaAVMNG5ysPZv7xREd9L8fwCXCF+EcFikkED+w/Dfq0Q8huC7u
3mPtunf8yQYgc5QM+a1F4BkLliSBKQdCmNU+BNSpgBjo7YsW
-----END CERTIFICATE-----