Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS219476.roa
File:                     AS219476.roa (raw, json)
Hash identifier:          pLQm2cxYp0CpSGqg2csyTkl5wY0XTy5u3IsXJKmTqYg=
Subject key identifier:   DB:D8:55:4F:B8:74:2A:76:2F:D1:59:A3:FE:C9:0A:01:22:1C:01:DD
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3CA02BE993621E375DF53688473C55C85DE0D841
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS219476.roa
Signing time:             Wed 24 Jun 2026 06:43:29 +0000
ROA not before:           Wed 24 Jun 2026 06:38:29 +0000
ROA not after:            Wed 23 Jun 2027 06:43:29 +0000
asID:                     219476
IP address blocks:        155.117.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:a0:2b:e9:93:62:1e:37:5d:f5:36:88:47:3c:55:c8:5d:e0:d8:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 24 06:38:29 2026 GMT
            Not After : Jun 23 06:43:29 2027 GMT
        Subject: CN=DBD8554FB8742A762FD159A3FEC90A01221C01DD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4e:ab:e2:e1:5d:9d:d8:38:6a:99:5a:31:f7:
                    3d:fb:f1:17:26:b4:22:48:3e:db:51:0d:f1:71:3a:
                    b6:1d:1d:b4:4f:bc:76:e7:08:7c:19:23:9d:e9:03:
                    dd:85:be:53:13:bf:a2:bb:1c:2b:13:f2:d0:27:91:
                    5f:d3:75:51:d9:17:7c:ed:e6:e6:df:7b:51:08:1f:
                    6f:45:89:ff:fb:4a:9c:c2:2d:5e:7b:a1:f5:0d:9a:
                    45:35:80:3b:dc:32:7a:54:a1:6a:74:a7:94:ad:ea:
                    73:77:fc:66:d5:13:e9:16:8f:e5:bc:c0:b8:17:c0:
                    33:9c:65:42:21:54:ca:7b:cb:ce:f6:ea:ba:c5:a5:
                    0f:6b:a3:44:c3:1a:7a:f3:b3:2c:71:ed:e3:f6:cc:
                    04:48:b5:4b:6f:b4:5e:5f:be:b0:6a:9d:48:c3:20:
                    f1:40:22:5f:b3:90:e9:47:93:f2:5a:7c:36:c9:bd:
                    af:f0:a4:25:5e:0d:13:ea:6f:12:e2:d1:33:e2:40:
                    29:cd:2a:df:ba:cd:97:c7:2a:d0:6b:6f:e4:c1:b5:
                    56:db:88:ba:43:f2:3b:b2:82:25:92:10:4e:60:cf:
                    f6:f3:b8:72:58:8d:e6:d2:a2:6a:5c:f1:13:01:bc:
                    b8:a3:32:20:44:d3:7e:2b:60:3b:97:05:4e:1f:1e:
                    26:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:D8:55:4F:B8:74:2A:76:2F:D1:59:A3:FE:C9:0A:01:22:1C:01:DD
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS219476.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:58:24:b3:d5:3f:04:3a:e7:cb:35:7a:20:44:46:ab:c0:5a:
         28:89:72:b1:72:14:57:9b:0d:63:55:f9:f6:dd:c4:60:31:5e:
         c9:b4:06:ab:5a:f4:bd:f6:87:89:c6:8f:02:03:2b:1c:6a:ed:
         1e:33:52:2f:2b:82:9a:90:b6:23:ec:33:c5:34:0d:14:3a:98:
         8d:7b:03:69:09:ed:13:84:db:c9:3c:5f:a6:5c:1b:9f:7f:98:
         9f:cd:f5:ab:9d:6f:5a:89:c7:d4:6a:6d:c6:b0:00:de:d2:74:
         b9:61:f2:8f:ef:9d:ed:5b:6f:bb:ba:24:ae:be:89:1c:dd:c3:
         0f:cb:42:8f:32:34:fd:c4:2d:28:5c:c1:3f:44:f7:81:72:45:
         c7:ea:70:06:53:0a:cd:5e:87:e5:46:6c:4d:56:e7:34:b8:60:
         41:fd:18:b8:cd:d3:da:6a:da:0c:4d:56:fe:f8:8d:9b:4c:87:
         4f:46:50:dc:49:ba:32:cf:86:6c:93:ac:b0:fd:e0:bb:af:e8:
         b4:76:15:cd:56:f1:30:f7:60:97:d3:d2:b3:66:11:4f:10:de:
         39:28:9f:46:de:0a:00:03:1d:25:1e:9b:d0:fb:10:6d:cf:03:
         9d:26:ac:01:74:27:8f:c3:c7:57:24:c2:33:42:6a:eb:68:45:
         74:ff:18:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPKAr6ZNiHjdd9TaIRzxVyF3g2EEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MjQwNjM4MjlaFw0yNzA2MjMwNjQzMjlaMDMxMTAvBgNV
BAMTKERCRDg1NTRGQjg3NDJBNzYyRkQxNTlBM0ZFQzkwQTAxMjIxQzAxREQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaTqvi4V2d2DhqmVox9z378Rcm
tCJIPttRDfFxOrYdHbRPvHbnCHwZI53pA92FvlMTv6K7HCsT8tAnkV/TdVHZF3zt
5ubfe1EIH29Fif/7SpzCLV57ofUNmkU1gDvcMnpUoWp0p5St6nN3/GbVE+kWj+W8
wLgXwDOcZUIhVMp7y8726rrFpQ9ro0TDGnrzsyxx7eP2zARItUtvtF5fvrBqnUjD
IPFAIl+zkOlHk/JafDbJva/wpCVeDRPqbxLi0TPiQCnNKt+6zZfHKtBrb+TBtVbb
iLpD8juygiWSEE5gz/bzuHJYjebSompc8RMBvLijMiBE034rYDuXBU4fHibNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU29hVT7h0KnYv0Vmj/skKASIcAd0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE5NDc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3XI
MA0GCSqGSIb3DQEBCwUAA4IBAQBuWCSz1T8EOufLNXogREarwFooiXKxchRXmw1j
Vfn23cRgMV7JtAarWvS99oeJxo8CAyscau0eM1IvK4KakLYj7DPFNA0UOpiNewNp
Ce0ThNvJPF+mXBuff5ifzfWrnW9aicfUam3GsADe0nS5YfKP753tW2+7uiSuvokc
3cMPy0KPMjT9xC0oXME/RPeBckXH6nAGUwrNXoflRmxNVuc0uGBB/Ri4zdPaatoM
TVb++I2bTIdPRlDcSboyz4Zsk6yw/eC7r+i0dhXNVvEw92CX09KzZhFPEN45KJ9G
3goAAx0lHpvQ+xBtzwOdJqwBdCePw8dXJMIzQmrraEV0/xgy
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:54:17 2026 by rpki-client