Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa
File:                     AS401776.roa (raw, json)
Hash identifier:          i6XopQKWX/UjqAmwAQwdMHoQtm6BX1sxI4zQyUtfHvc=
Subject key identifier:   8C:37:48:54:38:66:BB:E3:25:7A:E5:6D:AD:DC:BB:F4:58:92:D3:61
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       08BF2A41BD721D7C218B3CA2A18832033B0FD7F5
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa
Signing time:             Sat 12 Jul 2025 11:06:55 +0000
ROA not before:           Sat 12 Jul 2025 11:01:55 +0000
ROA not after:            Sat 11 Jul 2026 11:06:55 +0000
asID:                     401776
IP address blocks:        178.94.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:bf:2a:41:bd:72:1d:7c:21:8b:3c:a2:a1:88:32:03:3b:0f:d7:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jul 12 11:01:55 2025 GMT
            Not After : Jul 11 11:06:55 2026 GMT
        Subject: CN=8C3748543866BBE3257AE56DADDCBBF45892D361
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:84:fb:d7:8d:da:23:c3:d6:63:3a:83:1c:c7:
                    92:65:3b:84:16:27:f8:5a:91:4b:84:88:33:a3:d0:
                    d9:23:34:99:f3:e4:2c:96:78:4d:5a:db:f0:6d:89:
                    d7:9f:63:62:57:e4:90:62:a1:1d:39:48:57:32:f6:
                    92:9f:da:dc:cc:57:2f:0d:d3:ac:8f:cf:b6:40:da:
                    8a:6a:aa:32:b6:56:56:57:16:0e:92:e0:55:c7:c9:
                    b6:bb:65:55:88:b8:2d:63:33:1a:4e:65:30:fc:5a:
                    e1:55:33:c5:74:78:2c:2b:b1:12:00:2c:08:4d:a9:
                    60:4f:cb:51:fc:ea:8e:0c:d3:4e:66:b0:47:be:50:
                    63:8f:c6:4f:ed:b6:9b:5b:a8:51:74:0b:4f:20:10:
                    81:e1:e5:5b:49:37:bc:35:29:ea:4d:5c:50:de:41:
                    63:b8:4e:87:e6:5f:48:4c:4c:51:c5:f6:2f:e4:56:
                    82:01:ee:13:6a:5d:65:ab:20:da:5f:d5:b9:52:60:
                    ca:0b:33:ab:df:59:8d:78:2d:80:29:59:48:c5:9a:
                    09:a8:da:7d:6c:ab:5f:2a:53:36:30:a9:2d:a2:16:
                    e8:a9:91:4d:d1:1f:9e:33:a7:d4:13:8d:0e:59:4c:
                    63:9c:36:82:99:0e:56:aa:21:74:b7:d8:f6:e1:5b:
                    da:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:37:48:54:38:66:BB:E3:25:7A:E5:6D:AD:DC:BB:F4:58:92:D3:61
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401776.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.94.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:aa:5a:06:e7:30:16:b0:97:df:17:64:76:67:5c:1e:94:57:
         8c:a7:ca:b8:76:8c:d5:ee:22:47:ff:32:ea:93:e2:0f:b9:f6:
         53:70:a8:1c:ef:9f:38:a7:e3:ec:b3:d0:46:97:7e:87:3e:49:
         f3:9d:4d:81:72:ac:23:e3:94:6d:de:33:93:3b:00:8d:68:9f:
         ab:bb:4d:99:c4:2b:05:93:9e:cf:4d:e5:d9:5b:d5:5c:6f:65:
         dc:e9:43:65:42:ac:a3:5f:c9:20:90:b5:07:94:b4:f8:bb:d5:
         b4:85:07:d0:ac:fc:85:b6:09:f6:0a:2b:f1:af:31:0a:ac:02:
         de:55:d2:ba:b4:03:a0:e1:44:4d:78:48:40:8f:03:b7:d4:97:
         57:2b:92:e8:2a:55:ab:70:f6:68:ed:f4:f2:73:4c:ba:0b:b9:
         42:9d:c9:e2:8d:79:e2:3d:4c:3f:49:a4:b3:9d:8a:3d:ea:09:
         c5:2e:08:da:82:15:59:5b:4d:91:51:6b:3f:ba:87:20:2f:2c:
         8e:27:b4:aa:65:2c:06:ca:cc:d6:09:99:ee:e3:01:a3:d6:a9:
         60:16:03:eb:f9:09:50:cf:18:3b:61:c4:9b:ea:3c:bc:0a:b1:
         46:9f:df:fb:3b:60:a7:3a:0e:5e:f9:16:3f:bd:f0:f2:78:dd:
         c5:af:39:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCL8qQb1yHXwhizyioYgyAzsP1/UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA3MTIxMTAxNTVaFw0yNjA3MTExMTA2NTVaMDMxMTAvBgNV
BAMTKDhDMzc0ODU0Mzg2NkJCRTMyNTdBRTU2REFERENCQkY0NTg5MkQzNjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDihPvXjdojw9ZjOoMcx5JlO4QW
J/hakUuEiDOj0NkjNJnz5CyWeE1a2/BtidefY2JX5JBioR05SFcy9pKf2tzMVy8N
06yPz7ZA2opqqjK2VlZXFg6S4FXHyba7ZVWIuC1jMxpOZTD8WuFVM8V0eCwrsRIA
LAhNqWBPy1H86o4M005msEe+UGOPxk/ttptbqFF0C08gEIHh5VtJN7w1KepNXFDe
QWO4TofmX0hMTFHF9i/kVoIB7hNqXWWrINpf1blSYMoLM6vfWY14LYApWUjFmgmo
2n1sq18qUzYwqS2iFuipkU3RH54zp9QTjQ5ZTGOcNoKZDlaqIXS32PbhW9oNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUjDdIVDhmu+MleuVtrdy79FiS02EwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAxNzc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsl6M
MA0GCSqGSIb3DQEBCwUAA4IBAQBHqloG5zAWsJffF2R2Z1welFeMp8q4dozV7iJH
/zLqk+IPufZTcKgc7584p+Pss9BGl36HPknznU2Bcqwj45Rt3jOTOwCNaJ+ru02Z
xCsFk57PTeXZW9Vcb2Xc6UNlQqyjX8kgkLUHlLT4u9W0hQfQrPyFtgn2CivxrzEK
rALeVdK6tAOg4URNeEhAjwO31JdXK5LoKlWrcPZo7fTyc0y6C7lCncnijXniPUw/
SaSznYo96gnFLgjaghVZW02RUWs/uocgLyyOJ7SqZSwGyszWCZnu4wGj1qlgFgPr
+QlQzxg7YcSb6jy8CrFGn9/7O2CnOg5e+RY/vfDyeN3Frzm9
-----END CERTIFICATE-----