Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401948.roa
File:                     AS401948.roa (raw, json)
Hash identifier:          4R0ihDmfqBUVjkKAR+6RrDBmtUdSC/ITGYIfWOj3gl0=
Subject key identifier:   44:6C:84:51:CE:65:65:80:64:04:53:AA:AB:18:58:3F:DE:49:D9:95
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       11BAE72549BF12EC3AC8AD354F2A08935BEA0CD1
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401948.roa
Signing time:             Mon 01 Sep 2025 13:53:55 +0000
ROA not before:           Mon 01 Sep 2025 13:48:55 +0000
ROA not after:            Mon 31 Aug 2026 13:53:55 +0000
asID:                     401948
IP address blocks:        143.14.145.0/24 maxlen: 24
                          155.117.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:ba:e7:25:49:bf:12:ec:3a:c8:ad:35:4f:2a:08:93:5b:ea:0c:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep  1 13:48:55 2025 GMT
            Not After : Aug 31 13:53:55 2026 GMT
        Subject: CN=446C8451CE656580640453AAAB18583FDE49D995
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:62:11:87:46:f0:d5:2b:47:10:dc:41:3c:d8:
                    33:17:bb:78:8f:cf:79:53:9f:82:50:bd:1b:57:89:
                    94:53:20:c8:5b:fb:f8:0c:3c:b5:52:ae:25:cd:cd:
                    61:3d:61:f2:0c:1d:e3:e7:1a:09:40:93:68:6f:9a:
                    ab:c0:cd:c8:de:b0:7e:43:40:d1:c1:13:eb:1a:1a:
                    ba:f8:0a:d8:ae:f2:5f:57:6b:f1:fc:8b:a9:ea:ba:
                    f7:93:14:f7:a3:24:a0:be:76:9d:6f:4d:b7:c0:3d:
                    e6:8e:cd:4d:6e:a1:a0:56:63:99:dd:b9:9a:4e:bb:
                    89:e5:39:be:48:31:a4:ca:9c:96:2d:97:d1:6b:2e:
                    91:9c:74:bb:71:9f:9e:c9:a7:36:5a:52:b9:75:84:
                    d6:e6:51:d0:e6:ab:64:b4:c1:f0:7d:3a:80:f6:67:
                    6d:e3:c8:91:86:a1:c6:a0:2b:ae:8d:f3:26:e9:17:
                    a6:bb:87:81:f8:f3:02:b6:01:4a:a4:34:96:6a:8c:
                    11:f2:57:48:a1:17:2f:ac:0d:8f:4e:60:a5:42:7c:
                    42:1f:8e:8e:54:d4:46:30:48:da:13:a1:6e:37:f7:
                    cc:56:8c:f2:9e:ad:a7:53:3f:ae:0f:13:ee:e8:1f:
                    7f:10:92:b6:a3:e8:f5:28:1a:28:84:4c:65:c9:01:
                    5c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:6C:84:51:CE:65:65:80:64:04:53:AA:AB:18:58:3F:DE:49:D9:95
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401948.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.145.0/24
                  155.117.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:ab:7b:87:ea:03:7d:6c:8e:47:7a:46:e1:7b:76:ac:a3:4e:
         0a:ff:e8:46:eb:c9:72:48:14:fc:66:48:77:c3:74:f0:4a:fb:
         e0:0b:88:d8:1c:6d:15:d2:92:f0:d0:4e:e8:52:c2:c7:4c:1e:
         b9:c8:77:f3:31:b3:4f:96:c1:5f:93:17:14:bd:6c:d4:d8:59:
         51:6f:bb:a1:e9:6d:c2:0c:1b:2d:83:a9:88:e5:4b:5c:f4:d4:
         50:97:88:91:8c:c1:4f:14:9b:d6:0e:d2:5b:81:0a:61:28:92:
         30:a8:a5:5a:9c:0d:f2:33:cc:95:03:be:35:bf:75:4d:41:c6:
         b8:71:e9:b3:86:b8:b0:c8:21:92:0f:80:12:28:b6:85:49:7d:
         9d:66:68:a5:33:37:57:8b:41:54:84:0a:a6:97:6f:e1:4d:1c:
         d6:7b:7a:e5:45:c4:ec:91:ed:e8:cf:96:e8:8b:3a:c4:b9:cf:
         8c:fb:8e:87:95:44:85:76:46:de:62:69:02:86:20:31:7a:6b:
         fb:52:62:de:97:eb:fb:1d:1f:b9:77:0b:bf:e6:3b:0b:12:ec:
         66:82:cf:b4:92:bc:5a:6d:c2:cb:da:60:22:31:00:b9:9b:86:
         ae:dc:da:80:ea:16:41:59:1f:46:9b:fa:e4:f2:cf:f0:c7:1b:
         57:0e:03:5a
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUEbrnJUm/Euw6yK01TyoIk1vqDNEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDExMzQ4NTVaFw0yNjA4MzExMzUzNTVaMDMxMTAvBgNV
BAMTKDQ0NkM4NDUxQ0U2NTY1ODA2NDA0NTNBQUFCMTg1ODNGREU0OUQ5OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUYhGHRvDVK0cQ3EE82DMXu3iP
z3lTn4JQvRtXiZRTIMhb+/gMPLVSriXNzWE9YfIMHePnGglAk2hvmqvAzcjesH5D
QNHBE+saGrr4Ctiu8l9Xa/H8i6nquveTFPejJKC+dp1vTbfAPeaOzU1uoaBWY5nd
uZpOu4nlOb5IMaTKnJYtl9FrLpGcdLtxn57JpzZaUrl1hNbmUdDmq2S0wfB9OoD2
Z23jyJGGocagK66N8ybpF6a7h4H48wK2AUqkNJZqjBHyV0ihFy+sDY9OYKVCfEIf
jo5U1EYwSNoToW4398xWjPKeradTP64PE+7oH38Qkraj6PUoGiiETGXJAVzrAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQURGyEUc5lZYBkBFOqqxhYP95J2ZUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAxOTQ4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw6R
AwQAm3XCMA0GCSqGSIb3DQEBCwUAA4IBAQA7q3uH6gN9bI5Hekbhe3aso04K/+hG
68lySBT8Zkh3w3TwSvvgC4jYHG0V0pLw0E7oUsLHTB65yHfzMbNPlsFfkxcUvWzU
2FlRb7uh6W3CDBstg6mI5Utc9NRQl4iRjMFPFJvWDtJbgQphKJIwqKVanA3yM8yV
A741v3VNQca4cemzhriwyCGSD4ASKLaFSX2dZmilMzdXi0FUhAqml2/hTRzWe3rl
RcTske3oz5boizrEuc+M+46HlUSFdkbeYmkChiAxemv7UmLel+v7HR+5dwu/5jsL
Euxmgs+0krxabcLL2mAiMQC5m4au3NqA6hZBWR9Gm/rk8s/wxxtXDgNa
-----END CERTIFICATE-----