Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa
File:                     AS264617.roa (raw, json)
Hash identifier:          kwQSmtQc5TgT4g5GdNm4tOVpsQwvVcEv+bcpWeZvASs=
Subject key identifier:   7F:27:DA:D6:6F:8A:BB:BB:15:A6:5C:CD:4B:D1:EF:98:8D:5F:18:C5
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       64570421CC900683BB4EF9803654A0E36526B023
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa
Signing time:             Mon 13 Apr 2026 06:47:05 +0000
ROA not before:           Mon 13 Apr 2026 06:42:05 +0000
ROA not after:            Mon 12 Apr 2027 06:47:05 +0000
asID:                     264617
IP address blocks:        158.140.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:57:04:21:cc:90:06:83:bb:4e:f9:80:36:54:a0:e3:65:26:b0:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 13 06:42:05 2026 GMT
            Not After : Apr 12 06:47:05 2027 GMT
        Subject: CN=7F27DAD66F8ABBBB15A65CCD4BD1EF988D5F18C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:cf:2f:1e:27:f2:01:48:d1:a6:83:ac:43:e0:
                    df:cb:0c:f0:d7:2a:1f:54:a2:d1:7e:18:b7:53:d6:
                    15:e1:bb:85:54:7e:36:56:59:c8:a8:3b:6c:81:49:
                    70:e6:28:7e:c1:1e:ff:0b:7d:43:41:8f:7e:20:4e:
                    27:4f:53:5a:4e:2b:94:43:67:78:34:08:f0:0c:0c:
                    76:b9:75:fb:90:b0:5f:80:bc:75:8f:69:31:13:d6:
                    f0:4b:1c:ad:75:75:1c:71:1d:b0:72:57:24:b5:fd:
                    c2:76:c8:62:eb:b6:72:41:d7:e6:ed:2e:45:6a:da:
                    f1:af:36:a3:bd:6f:70:ab:69:6b:41:f1:7d:79:8a:
                    bb:31:51:dd:12:69:2f:6c:ae:f1:9a:73:a3:44:09:
                    f9:18:41:18:21:3f:4b:c3:f4:64:69:7a:29:a6:2e:
                    45:cd:8c:44:a7:d8:b6:7c:fe:16:2f:aa:ae:20:32:
                    34:aa:39:a6:a3:0b:2a:a1:61:7f:5d:1d:f2:88:29:
                    0d:50:8e:f1:c6:cc:d1:4a:89:81:a0:3a:ba:35:b9:
                    55:2a:68:99:82:7c:80:c6:19:1b:c7:42:a6:19:b0:
                    ae:68:80:72:eb:e6:f4:a7:c9:3a:b9:34:01:6d:2c:
                    03:ee:a1:eb:4d:81:0d:e4:25:2f:1e:db:42:1c:be:
                    b4:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:27:DA:D6:6F:8A:BB:BB:15:A6:5C:CD:4B:D1:EF:98:8D:5F:18:C5
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:1f:74:d5:f1:1e:2e:dc:43:1c:67:52:a5:6d:f2:19:45:19:
         c7:49:9b:a0:b3:0b:bb:df:52:1c:85:0e:f3:55:05:31:c1:e2:
         27:b1:d7:85:db:62:1a:2e:dc:c0:1a:92:a1:fa:5f:c4:d7:1e:
         38:ce:3c:63:6a:97:3c:7f:03:ba:cb:fd:0e:49:04:47:47:48:
         e3:dc:b3:a9:9d:c6:3c:d5:db:15:8c:5b:6f:86:c9:64:33:09:
         fd:20:ec:8d:9f:f5:87:4b:c8:fd:e2:ed:5e:56:e2:aa:e9:66:
         a2:0a:16:67:40:b1:f0:7e:88:fa:4d:6a:ab:bf:c2:f8:54:ad:
         e4:b9:6d:31:a3:d5:35:2e:5a:09:10:b3:3f:03:6c:37:6c:25:
         d2:73:e8:47:a8:0d:46:58:66:72:e2:4d:e9:2f:f5:89:c6:e2:
         b6:e5:27:86:8e:f4:51:ea:d5:ca:ea:a3:83:3f:64:cf:52:ff:
         03:60:10:5e:79:b7:f1:34:e8:48:5e:1f:3a:f3:6c:92:57:99:
         ac:4d:dc:54:0e:0a:fa:11:5b:45:27:b7:b8:1f:62:9a:f0:eb:
         52:d9:3d:ea:c8:0f:e1:59:d6:d5:88:2d:43:f3:d8:5a:6c:a1:
         9e:16:c3:9d:6c:76:a8:dd:25:38:d4:0f:88:96:31:d1:2a:0b:
         05:f2:e5:ea
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZFcEIcyQBoO7TvmANlSg42UmsCMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MTMwNjQyMDVaFw0yNzA0MTIwNjQ3MDVaMDMxMTAvBgNV
BAMTKDdGMjdEQUQ2NkY4QUJCQkIxNUE2NUNDRDRCRDFFRjk4OEQ1RjE4QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpzy8eJ/IBSNGmg6xD4N/LDPDX
Kh9UotF+GLdT1hXhu4VUfjZWWcioO2yBSXDmKH7BHv8LfUNBj34gTidPU1pOK5RD
Z3g0CPAMDHa5dfuQsF+AvHWPaTET1vBLHK11dRxxHbByVyS1/cJ2yGLrtnJB1+bt
LkVq2vGvNqO9b3CraWtB8X15irsxUd0SaS9srvGac6NECfkYQRghP0vD9GRpeimm
LkXNjESn2LZ8/hYvqq4gMjSqOaajCyqhYX9dHfKIKQ1QjvHGzNFKiYGgOro1uVUq
aJmCfIDGGRvHQqYZsK5ogHLr5vSnyTq5NAFtLAPuoetNgQ3kJS8e20IcvrS/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUfyfa1m+Ku7sVplzNS9HvmI1fGMUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY0NjE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnozF
MA0GCSqGSIb3DQEBCwUAA4IBAQCNH3TV8R4u3EMcZ1KlbfIZRRnHSZugswu731Ic
hQ7zVQUxweInsdeF22IaLtzAGpKh+l/E1x44zjxjapc8fwO6y/0OSQRHR0jj3LOp
ncY81dsVjFtvhslkMwn9IOyNn/WHS8j94u1eVuKq6WaiChZnQLHwfoj6TWqrv8L4
VK3kuW0xo9U1LloJELM/A2w3bCXSc+hHqA1GWGZy4k3pL/WJxuK25SeGjvRR6tXK
6qODP2TPUv8DYBBeebfxNOhIXh8682ySV5msTdxUDgr6EVtFJ7e4H2Ka8OtS2T3q
yA/hWdbViC1D89habKGeFsOdbHao3SU41A+IljHRKgsF8uXq
-----END CERTIFICATE-----