Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401783.roa
File:                     AS401783.roa (raw, json)
Hash identifier:          B4eCnCuoW+JvyEbqIcJ+ggzJbpPDZ+bnp9rBX/G2itk=
Subject key identifier:   4D:28:45:9F:4F:DC:93:9A:36:60:59:EC:AF:46:E9:5A:C1:E3:CD:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1834C35BB656482B95A85E13709FCA09C4093174
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401783.roa
Signing time:             Sat 13 Sep 2025 16:07:39 +0000
ROA not before:           Sat 13 Sep 2025 16:02:39 +0000
ROA not after:            Sat 12 Sep 2026 16:07:39 +0000
asID:                     401783
IP address blocks:        96.62.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            18:34:c3:5b:b6:56:48:2b:95:a8:5e:13:70:9f:ca:09:c4:09:31:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 13 16:02:39 2025 GMT
            Not After : Sep 12 16:07:39 2026 GMT
        Subject: CN=4D28459F4FDC939A366059ECAF46E95AC1E3CDD1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:fd:f9:1f:d8:c6:e8:5c:80:c1:92:44:c0:64:
                    9c:cc:f1:86:5b:73:99:bb:07:d8:db:50:db:97:89:
                    f9:fc:e6:90:e3:4a:04:99:b2:75:8b:7f:23:6e:4d:
                    40:4c:02:a2:68:55:66:74:44:7a:59:cc:6c:97:a2:
                    4a:96:2c:bb:57:c8:dc:27:d2:6f:9f:94:11:33:7d:
                    4f:12:c1:df:2c:b3:05:b5:16:80:43:1a:1e:16:7b:
                    dc:b2:5c:1f:a2:a0:7a:bf:19:74:dc:ee:81:5c:20:
                    4f:b6:7e:6c:40:51:d8:36:80:df:0f:ff:fc:ae:e9:
                    b8:dd:2e:d8:ac:f0:a9:0b:ad:cd:9b:fd:e6:7e:f9:
                    a1:1f:88:15:22:1e:a8:42:76:33:c3:50:50:f7:b3:
                    79:b2:16:2e:b6:68:b0:c8:9e:3f:bb:ac:e4:d0:f6:
                    f3:65:cc:0c:e5:79:16:6b:68:16:f7:97:e9:92:9f:
                    39:5e:95:e7:57:1e:f4:28:93:d8:5d:83:e8:26:1c:
                    26:a2:68:84:33:a6:1a:c4:da:d9:6a:d6:71:14:2d:
                    96:02:16:34:97:50:81:d4:08:da:fa:13:e1:9d:3a:
                    2f:82:77:be:0d:d8:0e:b8:08:0a:e6:fa:e8:b7:61:
                    d3:ef:75:52:b6:fb:ba:f1:0b:a5:69:b2:cd:5a:94:
                    cd:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:28:45:9F:4F:DC:93:9A:36:60:59:EC:AF:46:E9:5A:C1:E3:CD:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401783.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:12:dc:59:e6:e4:6f:1a:0f:0f:bd:6b:0f:e1:46:8d:81:30:
         c1:df:98:c9:c9:ca:74:4c:8c:62:a0:bd:e7:4a:9a:7c:8c:9e:
         e7:09:fd:7a:2b:76:00:97:33:a5:fa:fa:3a:79:0b:00:0c:bf:
         88:19:b7:0a:b4:00:41:b9:ac:9d:89:4f:82:13:74:e3:a1:1c:
         8b:22:d4:79:de:85:e5:6d:11:a9:7c:60:a1:1c:5b:f4:2b:ba:
         d0:df:6c:45:cd:75:0b:c2:84:5c:30:7a:11:ae:69:c0:4f:5a:
         78:27:1d:17:4f:8d:a2:50:aa:e3:b3:b8:74:6b:9a:03:35:c1:
         35:0b:c0:1e:86:cc:9f:ce:8e:ed:a9:ce:8a:e1:60:15:0c:36:
         c3:a6:4d:66:64:2a:0f:6c:16:14:f3:47:31:d1:4e:a5:77:58:
         04:15:f1:ab:1b:b5:d2:78:1d:17:97:1c:7d:5c:cf:d4:4b:8a:
         18:e3:91:0e:1d:c0:4d:cd:55:d3:17:00:d4:21:6a:1e:ca:fd:
         49:27:fb:c1:64:e3:11:37:c0:3c:98:c6:1f:00:35:47:b7:77:
         3b:fc:90:68:99:91:60:e1:07:5a:9f:14:1a:e3:f9:1b:e5:b8:
         71:84:c2:45:97:df:b6:33:d5:4b:e2:a8:c0:49:67:9d:6e:34:
         fc:0a:86:e7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGDTDW7ZWSCuVqF4TcJ/KCcQJMXQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MTMxNjAyMzlaFw0yNjA5MTIxNjA3MzlaMDMxMTAvBgNV
BAMTKDREMjg0NTlGNEZEQzkzOUEzNjYwNTlFQ0FGNDZFOTVBQzFFM0NERDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf/fkf2MboXIDBkkTAZJzM8YZb
c5m7B9jbUNuXifn85pDjSgSZsnWLfyNuTUBMAqJoVWZ0RHpZzGyXokqWLLtXyNwn
0m+flBEzfU8Swd8sswW1FoBDGh4We9yyXB+ioHq/GXTc7oFcIE+2fmxAUdg2gN8P
//yu6bjdLtis8KkLrc2b/eZ++aEfiBUiHqhCdjPDUFD3s3myFi62aLDInj+7rOTQ
9vNlzAzleRZraBb3l+mSnzleledXHvQok9hdg+gmHCaiaIQzphrE2tlq1nEULZYC
FjSXUIHUCNr6E+GdOi+Cd74N2A64CArm+ui3YdPvdVK2+7rxC6Vpss1alM0rAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTShFn0/ck5o2YFnsr0bpWsHjzdEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAxNzgzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAYD54
MA0GCSqGSIb3DQEBCwUAA4IBAQCwEtxZ5uRvGg8PvWsP4UaNgTDB35jJycp0TIxi
oL3nSpp8jJ7nCf16K3YAlzOl+vo6eQsADL+IGbcKtABBuaydiU+CE3TjoRyLItR5
3oXlbRGpfGChHFv0K7rQ32xFzXULwoRcMHoRrmnAT1p4Jx0XT42iUKrjs7h0a5oD
NcE1C8Aehsyfzo7tqc6K4WAVDDbDpk1mZCoPbBYU80cx0U6ld1gEFfGrG7XSeB0X
lxx9XM/US4oY45EOHcBNzVXTFwDUIWoeyv1JJ/vBZOMRN8A8mMYfADVHt3c7/JBo
mZFg4QdanxQa4/kb5bhxhMJFl9+2M9VL4qjASWedbjT8Cobn
-----END CERTIFICATE-----