Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          qpS1Kfjqjow3nZJ7Un45eW7i0/MbUgPPpubeSLXE2FM=
Subject key identifier:   16:61:46:ED:48:1D:F4:56:65:66:45:5A:C3:44:58:04:DA:8B:6F:F1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4083B246A120CB82763B22620723F66DDB6CA9C8
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
Signing time:             Wed 10 Jun 2026 11:53:04 +0000
ROA not before:           Wed 10 Jun 2026 11:48:04 +0000
ROA not after:            Wed 09 Jun 2027 11:53:04 +0000
asID:                     25369
IP address blocks:        167.148.172.0/24 maxlen: 24
                          167.148.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            40:83:b2:46:a1:20:cb:82:76:3b:22:62:07:23:f6:6d:db:6c:a9:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 10 11:48:04 2026 GMT
            Not After : Jun  9 11:53:04 2027 GMT
        Subject: CN=166146ED481DF4566566455AC3445804DA8B6FF1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4e:65:89:eb:b2:48:a0:70:00:05:7e:3d:67:
                    81:7b:4a:fa:52:4f:61:61:9d:3b:49:b4:5b:98:4c:
                    b9:cc:b0:2d:28:45:60:64:79:ab:36:14:64:37:31:
                    79:b8:88:db:df:81:45:5e:53:ba:c6:58:14:94:c2:
                    9c:c1:c3:e5:91:ff:ce:5a:3b:31:76:4f:bb:fb:d3:
                    40:16:ed:fa:f8:d8:36:0d:63:d3:7f:14:61:f8:fa:
                    4d:cb:d1:cd:79:d1:01:54:b4:e4:19:fe:89:01:f9:
                    9b:48:1a:d7:e5:2f:12:d7:18:0a:96:ef:f1:87:6e:
                    64:4d:22:a2:aa:13:0a:b6:ea:80:cc:4a:a9:d8:83:
                    ae:06:6b:32:6f:df:45:ce:fe:d3:37:f0:d3:d7:b3:
                    6c:ba:fa:83:77:78:68:0b:47:21:58:9f:f9:9c:03:
                    03:14:57:12:81:f9:09:2d:a9:b1:c7:50:ac:95:7e:
                    dc:9b:77:ed:ea:20:9b:c3:ca:fe:1e:de:8d:91:a9:
                    fc:5d:b7:f9:12:19:16:ae:b1:e2:f3:9c:d7:50:c8:
                    d3:30:f1:ca:15:b8:83:2c:e0:b6:59:09:16:9c:0e:
                    43:b1:e8:9d:dc:c7:88:3e:5a:9e:b1:92:a6:a2:20:
                    5d:30:63:ac:a6:63:14:9c:21:01:0a:f3:e8:8c:3a:
                    92:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:61:46:ED:48:1D:F4:56:65:66:45:5A:C3:44:58:04:DA:8B:6F:F1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.172.0/24
                  167.148.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:8b:94:cc:76:c6:dc:b5:ad:df:a8:ba:72:86:ab:7e:ca:a9:
         1e:14:57:ff:d8:93:75:62:63:e1:3f:6d:4a:c6:ec:c0:38:a6:
         45:3d:cf:29:bc:f7:63:d2:92:c2:ee:45:12:d9:0b:c0:5a:31:
         73:67:ff:a2:8f:60:ab:53:f2:e7:72:d8:a9:44:0c:4c:6c:a7:
         f0:0f:5a:28:a6:e1:e5:ea:a7:c2:f4:c3:96:20:0a:aa:e7:0d:
         bf:d1:e0:25:af:3e:72:6f:05:35:69:8b:45:ca:0a:9e:12:86:
         58:ec:1d:df:fd:43:79:8f:2c:5f:f7:c2:a6:a1:da:31:a7:3e:
         10:8d:23:88:18:48:1e:9d:65:e9:3b:39:bb:df:d5:a0:1d:6f:
         18:8e:6d:b5:31:73:ca:02:26:c0:62:1d:1d:f4:13:e7:0f:63:
         94:38:b3:7a:e8:9c:f4:49:7b:7d:c5:ce:f9:96:2b:bc:fc:08:
         db:83:29:80:33:cc:1f:20:57:51:eb:bf:1f:81:08:71:ef:84:
         c8:59:5b:c3:05:1c:61:69:75:8c:1e:93:66:5b:a6:d8:7c:87:
         8c:b3:e8:3c:90:ae:80:82:26:4e:94:5f:07:7f:72:b4:bc:85:
         8e:3b:17:58:e4:ac:64:89:32:94:66:1f:62:45:66:1f:35:07:
         31:d3:c1:6a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUQIOyRqEgy4J2OyJiByP2bdtsqcgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MTAxMTQ4MDRaFw0yNzA2MDkxMTUzMDRaMDMxMTAvBgNV
BAMTKDE2NjE0NkVENDgxREY0NTY2NTY2NDU1QUMzNDQ1ODA0REE4QjZGRjEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgTmWJ67JIoHAABX49Z4F7SvpS
T2FhnTtJtFuYTLnMsC0oRWBkeas2FGQ3MXm4iNvfgUVeU7rGWBSUwpzBw+WR/85a
OzF2T7v700AW7fr42DYNY9N/FGH4+k3L0c150QFUtOQZ/okB+ZtIGtflLxLXGAqW
7/GHbmRNIqKqEwq26oDMSqnYg64GazJv30XO/tM38NPXs2y6+oN3eGgLRyFYn/mc
AwMUVxKB+QktqbHHUKyVftybd+3qIJvDyv4e3o2Rqfxdt/kSGRauseLznNdQyNMw
8coVuIMs4LZZCRacDkOx6J3cx4g+Wp6xkqaiIF0wY6ymYxScIQEK8+iMOpJdAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUFmFG7Ugd9FZlZkVaw0RYBNqLb/EwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACnlKwD
BACnlLowDQYJKoZIhvcNAQELBQADggEBAEiLlMx2xty1rd+ounKGq37KqR4UV//Y
k3ViY+E/bUrG7MA4pkU9zym892PSksLuRRLZC8BaMXNn/6KPYKtT8udy2KlEDExs
p/APWiim4eXqp8L0w5YgCqrnDb/R4CWvPnJvBTVpi0XKCp4ShljsHd/9Q3mPLF/3
wqah2jGnPhCNI4gYSB6dZek7Obvf1aAdbxiObbUxc8oCJsBiHR30E+cPY5Q4s3ro
nPRJe33FzvmWK7z8CNuDKYAzzB8gV1Hrvx+BCHHvhMhZW8MFHGFpdYwek2Zbpth8
h4yz6DyQroCCJk6UXwd/crS8hY47F1jkrGSJMpRmH2JFZh81BzHTwWo=
-----END CERTIFICATE-----