Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa
File:                     AS399827.roa (raw, json)
Hash identifier:          bVyBBkLo6kk+bU0B67iUGZnHqtI5qvJ2ndfYF4/BzkQ=
Subject key identifier:   12:CA:BD:FB:4F:72:7D:34:C1:3A:5B:59:EB:2C:78:1C:44:55:C7:B9
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       604215482BC789DDCE8D155F9479257CEAC78DA0
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa
Signing time:             Thu 07 May 2026 17:47:11 +0000
ROA not before:           Thu 07 May 2026 17:42:11 +0000
ROA not after:            Thu 06 May 2027 17:47:11 +0000
asID:                     399827
IP address blocks:        185.208.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            60:42:15:48:2b:c7:89:dd:ce:8d:15:5f:94:79:25:7c:ea:c7:8d:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: May  7 17:42:11 2026 GMT
            Not After : May  6 17:47:11 2027 GMT
        Subject: CN=12CABDFB4F727D34C13A5B59EB2C781C4455C7B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:6d:d5:aa:45:49:1c:a3:a8:7a:fe:9e:dc:
                    f6:59:b5:e4:7c:83:55:33:71:58:84:48:10:d0:16:
                    a6:1b:74:5f:0b:34:29:23:41:60:a2:2f:b4:f2:ce:
                    2b:c9:ac:0b:a1:9b:fe:06:c1:07:1d:e5:e6:02:e3:
                    2f:07:44:06:fe:a3:e7:be:a6:c2:c8:33:c3:6c:f9:
                    ae:51:d7:9f:57:9b:50:7b:31:a5:f2:40:cc:2e:6b:
                    92:6a:45:33:3b:66:c7:f3:ec:52:9e:c5:77:d2:e6:
                    b7:58:5a:eb:ad:ca:96:5a:a8:55:8e:e7:ef:be:1b:
                    4f:a1:bd:24:10:9f:32:1a:72:86:90:c6:e7:cd:1a:
                    b8:26:ab:dd:18:bc:67:9d:73:78:93:16:65:15:3f:
                    c1:61:0e:1f:bb:13:d5:3b:67:b7:da:ac:7c:82:7b:
                    5a:a4:be:f5:66:81:93:fa:85:80:39:30:75:b4:8d:
                    b6:7f:cb:2f:39:2d:56:77:70:51:95:5f:77:d9:68:
                    bb:81:d9:48:3c:bd:bd:ec:87:3b:1c:f3:d6:14:a7:
                    71:56:3c:a1:64:04:49:33:e1:35:8c:cc:b8:e4:ec:
                    03:e5:4f:d7:c0:89:53:d6:92:5b:5a:05:46:68:42:
                    51:91:bf:0e:cd:6c:9e:aa:7a:ca:72:3a:d3:5e:d2:
                    0f:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:CA:BD:FB:4F:72:7D:34:C1:3A:5B:59:EB:2C:78:1C:44:55:C7:B9
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         bf:dc:d8:f7:77:a2:74:39:cf:93:bd:4b:23:bd:20:ca:0a:c4:
         e3:7b:88:00:12:43:50:c5:42:e3:8f:72:88:07:27:d2:3f:74:
         f4:8b:24:6b:f5:b5:99:69:d8:00:51:cd:05:65:d2:e0:80:99:
         d8:db:61:53:ff:c5:4d:df:82:20:0e:a1:13:c2:c1:60:2f:94:
         5d:6e:6d:bb:f9:19:f0:a0:3e:ed:3d:14:ca:5e:f7:27:3c:cf:
         22:69:c9:f7:1c:41:3d:58:dd:f0:1e:09:1f:91:6f:06:9c:c3:
         dc:7d:6e:ab:08:25:f5:56:ef:2b:61:63:d9:49:14:59:c4:16:
         63:9a:84:c5:2f:27:e8:c1:65:38:f2:e7:6f:b3:14:8d:3e:43:
         46:4d:c1:6c:82:6e:d5:7b:8b:4f:e2:d2:d7:ed:ac:3e:36:96:
         6a:ee:c3:f9:e7:fd:ec:2e:fc:ee:c8:be:55:56:8c:42:cd:60:
         d8:df:ba:1a:9d:88:dd:11:d0:91:8c:d4:56:aa:38:07:bb:55:
         55:17:22:2a:e1:f6:1e:63:2e:47:99:7d:0b:98:ca:b1:bd:c0:
         7c:2f:94:67:88:89:a8:4f:dd:a0:1d:c6:d6:19:5e:c3:76:39:
         b3:09:47:09:b8:a0:14:dc:e9:7f:80:12:47:fd:c6:4b:a3:84:
         3a:33:78:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUYEIVSCvHid3OjRVflHklfOrHjaAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNjA1MDcxNzQyMTFaFw0yNzA1MDYxNzQ3MTFaMDMxMTAvBgNV
BAMTKDEyQ0FCREZCNEY3MjdEMzRDMTNBNUI1OUVCMkM3ODFDNDQ1NUM3QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/bm3VqkVJHKOoev6e3PZZteR8
g1UzcViESBDQFqYbdF8LNCkjQWCiL7TyzivJrAuhm/4GwQcd5eYC4y8HRAb+o+e+
psLIM8Ns+a5R159Xm1B7MaXyQMwua5JqRTM7Zsfz7FKexXfS5rdYWuutypZaqFWO
5+++G0+hvSQQnzIacoaQxufNGrgmq90YvGedc3iTFmUVP8FhDh+7E9U7Z7farHyC
e1qkvvVmgZP6hYA5MHW0jbZ/yy85LVZ3cFGVX3fZaLuB2Ug8vb3shzsc89YUp3FW
PKFkBEkz4TWMzLjk7APlT9fAiVPWkltaBUZoQlGRvw7NbJ6qespyOtNe0g93AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUEsq9+09yfTTBOltZ6yx4HERVx7kwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk5ODI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudAA
MA0GCSqGSIb3DQEBCwUAA4IBAQC/3Nj3d6J0Oc+TvUsjvSDKCsTje4gAEkNQxULj
j3KIByfSP3T0iyRr9bWZadgAUc0FZdLggJnY22FT/8VN34IgDqETwsFgL5Rdbm27
+RnwoD7tPRTKXvcnPM8iacn3HEE9WN3wHgkfkW8GnMPcfW6rCCX1Vu8rYWPZSRRZ
xBZjmoTFLyfowWU48udvsxSNPkNGTcFsgm7Ve4tP4tLX7aw+NpZq7sP55/3sLvzu
yL5VVoxCzWDY37oanYjdEdCRjNRWqjgHu1VVFyIq4fYeYy5HmX0LmMqxvcB8L5Rn
iImoT92gHcbWGV7DdjmzCUcJuKAU3Ol/gBJH/cZLo4Q6M3g+
-----END CERTIFICATE-----