Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402221.roa
File:                     AS402221.roa (raw, json)
Hash identifier:          0asLisejUwaUcdoxjO9hJZH3FwdvJO/kaX3rxvBOQmc=
Subject key identifier:   EA:AD:66:75:EC:9F:FA:E4:D9:2D:22:EE:32:9E:88:49:47:C8:69:25
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6B79B54E17A634107AF0D862CC1C7B0E62608443
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402221.roa
Signing time:             Fri 08 May 2026 12:31:33 +0000
ROA not before:           Fri 08 May 2026 12:26:33 +0000
ROA not after:            Fri 07 May 2027 12:31:33 +0000
asID:                     402221
IP address blocks:        46.203.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:79:b5:4e:17:a6:34:10:7a:f0:d8:62:cc:1c:7b:0e:62:60:84:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  8 12:26:33 2026 GMT
            Not After : May  7 12:31:33 2027 GMT
        Subject: CN=EAAD6675EC9FFAE4D92D22EE329E884947C86925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:00:2a:05:4c:e1:eb:be:4d:bf:c6:9c:23:ce:
                    39:b2:b8:cf:cc:33:a3:46:31:9a:21:05:d8:4d:2c:
                    4d:d5:56:24:65:f5:48:7a:60:77:0b:52:e7:a8:5d:
                    8d:5d:8d:77:a6:c9:91:78:61:21:ba:4a:51:81:5f:
                    a5:99:4f:34:16:28:a7:be:1c:8e:ca:0e:5c:7e:50:
                    60:75:22:04:a3:27:49:33:eb:27:38:25:c6:64:85:
                    72:9f:8d:0e:3e:71:d4:19:c0:ca:76:c7:57:89:0e:
                    7d:8b:ef:31:97:69:4a:c0:ad:b9:37:20:31:a2:cd:
                    8e:6d:4c:3b:0e:47:16:87:6d:0c:56:ac:14:20:ea:
                    eb:0d:0d:29:16:a0:35:80:ba:3e:34:bc:56:85:53:
                    e0:2a:3c:1c:9d:e0:77:8b:d7:d0:01:58:f7:42:2a:
                    fd:fe:62:fc:35:eb:84:25:42:0c:26:13:71:82:b9:
                    9a:35:e5:56:96:82:80:27:71:c6:e1:94:aa:84:4a:
                    79:e8:ec:3e:59:8d:94:1d:88:8e:81:71:3d:f0:e3:
                    8d:62:b6:bc:9f:43:90:1f:39:9a:5a:b4:7c:d1:92:
                    44:12:b7:90:d2:59:c6:fb:c1:8a:da:c1:99:97:86:
                    4f:67:96:e1:31:09:73:14:4a:22:76:35:9d:b6:7d:
                    78:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AD:66:75:EC:9F:FA:E4:D9:2D:22:EE:32:9E:88:49:47:C8:69:25
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402221.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:eb:a2:9f:62:2d:ec:39:64:6e:32:be:03:74:30:81:54:6c:
         ca:e7:d7:f1:a6:1f:5c:43:2d:2a:13:88:9b:fe:cd:ad:2e:41:
         4c:c0:7c:4f:c5:74:cd:cd:33:ec:9c:aa:f5:71:e5:88:c0:2c:
         94:5a:60:c1:f8:e9:18:ab:c9:e9:6e:df:80:b5:3c:95:34:14:
         19:3f:c2:68:f4:bf:d4:83:ae:6f:33:95:89:a4:bc:e6:c0:20:
         45:e2:ce:b8:8e:76:b7:ab:1a:8a:20:a1:06:2c:0c:2e:4b:af:
         2d:f1:21:7a:e2:d4:16:03:b3:48:b9:83:f1:5f:85:77:65:fe:
         44:cb:4a:9a:2e:09:06:41:96:eb:fd:db:88:3b:51:38:ad:db:
         3e:23:68:98:53:19:2a:4b:11:21:31:ff:4e:f2:3a:50:fd:91:
         a6:3e:83:3f:52:1e:05:d8:c5:72:20:de:9f:d3:31:95:25:95:
         80:a5:60:02:c2:ad:7f:88:c7:6b:5b:d5:9c:75:27:4b:35:9c:
         4c:ad:87:f3:b5:32:40:47:60:a4:60:b8:51:b3:36:14:7f:67:
         27:87:b8:ff:99:cd:4b:e0:ae:6a:bd:c2:d2:8f:05:74:b7:59:
         d2:51:3d:5b:a2:b2:8a:50:56:35:32:0c:66:dd:76:ba:3d:b5:
         26:42:3c:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUa3m1ThemNBB68NhizBx7DmJghEMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDgxMjI2MzNaFw0yNzA1MDcxMjMxMzNaMDMxMTAvBgNV
BAMTKEVBQUQ2Njc1RUM5RkZBRTREOTJEMjJFRTMyOUU4ODQ5NDdDODY5MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ACoFTOHrvk2/xpwjzjmyuM/M
M6NGMZohBdhNLE3VViRl9Uh6YHcLUueoXY1djXemyZF4YSG6SlGBX6WZTzQWKKe+
HI7KDlx+UGB1IgSjJ0kz6yc4JcZkhXKfjQ4+cdQZwMp2x1eJDn2L7zGXaUrArbk3
IDGizY5tTDsORxaHbQxWrBQg6usNDSkWoDWAuj40vFaFU+AqPByd4HeL19ABWPdC
Kv3+Yvw164QlQgwmE3GCuZo15VaWgoAnccbhlKqESnno7D5ZjZQdiI6BcT3w441i
tryfQ5AfOZpatHzRkkQSt5DSWcb7wYrawZmXhk9nluExCXMUSiJ2NZ22fXh1AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU6q1mdeyf+uTZLSLuMp6ISUfIaSUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAyMjIxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALssh
MA0GCSqGSIb3DQEBCwUAA4IBAQCb66KfYi3sOWRuMr4DdDCBVGzK59fxph9cQy0q
E4ib/s2tLkFMwHxPxXTNzTPsnKr1ceWIwCyUWmDB+OkYq8npbt+AtTyVNBQZP8Jo
9L/Ug65vM5WJpLzmwCBF4s64jna3qxqKIKEGLAwuS68t8SF64tQWA7NIuYPxX4V3
Zf5Ey0qaLgkGQZbr/duIO1E4rds+I2iYUxkqSxEhMf9O8jpQ/ZGmPoM/Uh4F2MVy
IN6f0zGVJZWApWACwq1/iMdrW9WcdSdLNZxMrYfztTJAR2CkYLhRszYUf2cnh7j/
mc1L4K5qvcLSjwV0t1nSUT1borKKUFY1Mgxm3Xa6PbUmQjxa
-----END CERTIFICATE-----