Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401990.roa
File:                     AS401990.roa (raw, json)
Hash identifier:          lTCwEkJ9BJaxSJIUH6DlLv+411G3oWEfTs7vg6tFVYM=
Subject key identifier:   3D:F5:E8:CE:B0:76:F9:16:1E:49:FB:CE:C7:BD:99:E9:77:62:64:95
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       556E77B679CEBD3F7630989FE7157E80672F48FF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401990.roa
Signing time:             Tue 27 Jan 2026 03:33:55 +0000
ROA not before:           Tue 27 Jan 2026 03:28:55 +0000
ROA not after:            Tue 26 Jan 2027 03:33:55 +0000
asID:                     401990
IP address blocks:        155.117.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Feb 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            55:6e:77:b6:79:ce:bd:3f:76:30:98:9f:e7:15:7e:80:67:2f:48:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jan 27 03:28:55 2026 GMT
            Not After : Jan 26 03:33:55 2027 GMT
        Subject: CN=3DF5E8CEB076F9161E49FBCEC7BD99E977626495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:70:01:93:44:86:c1:7b:15:a5:53:f8:65:12:
                    7c:cb:02:52:21:13:26:98:1b:05:18:e7:99:37:f8:
                    14:9e:cb:f4:5f:fe:47:dd:6b:cc:38:f8:5e:bb:a2:
                    94:13:1c:4e:bc:7a:85:11:1d:d2:5d:b0:62:11:2a:
                    cd:9c:5d:40:54:bd:26:0d:83:48:15:e6:c5:fb:19:
                    de:ee:dc:97:a0:ab:c4:0e:1d:fb:e4:5a:05:60:a7:
                    6f:03:64:1b:16:84:a3:be:9c:92:a5:c8:ac:64:91:
                    44:7e:e1:1e:a5:f6:a3:65:9d:4d:29:90:f0:3a:8c:
                    fc:32:cd:d8:ec:e0:5b:c3:3c:52:9e:97:76:cf:62:
                    31:58:fe:0d:74:02:d8:4d:e8:62:44:79:68:01:c8:
                    0f:b3:8b:9a:16:eb:24:b8:a3:0b:a0:1f:40:24:c8:
                    e2:fd:08:6d:2a:f3:e9:43:f2:42:c2:e4:ed:eb:b2:
                    e7:5e:5c:59:5b:72:25:6b:b8:59:94:38:82:bf:13:
                    6a:8e:52:58:d7:53:87:f6:f5:ed:75:b8:ab:5f:df:
                    93:77:30:d8:19:8b:fb:81:aa:8a:c6:87:91:8c:13:
                    e1:60:00:a4:f2:4a:49:f1:01:22:c1:e0:78:f3:27:
                    78:dc:47:a6:70:b4:91:8b:b9:37:68:c4:41:c6:b0:
                    35:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:F5:E8:CE:B0:76:F9:16:1E:49:FB:CE:C7:BD:99:E9:77:62:64:95
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS401990.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:3d:7b:a4:f6:d8:8f:9f:bb:cc:d3:49:d2:cf:ce:6e:90:56:
         68:06:ef:da:4f:af:77:7e:78:2b:2f:45:7b:d2:d0:a6:9a:1c:
         f8:35:76:00:e1:6c:f7:91:00:5c:c3:76:1c:6f:03:12:15:6a:
         fb:83:a4:8a:aa:a2:41:50:cb:9d:d6:91:57:65:76:30:cb:d9:
         fa:29:16:ba:30:53:5e:be:cf:8b:d4:c9:b9:bd:3d:11:9d:c5:
         99:bb:ea:9f:85:3a:b7:44:f1:bd:e0:08:25:1b:5f:7f:9a:95:
         75:e4:56:c4:4f:0d:05:1a:b2:29:aa:2b:64:6f:da:0e:47:3a:
         cf:49:b3:04:40:89:ba:e8:cf:5f:cb:d7:fe:90:b5:92:9b:0b:
         fd:37:f2:c7:6d:a9:e1:6a:ce:c9:2e:c4:ef:60:59:34:23:d7:
         48:6d:b9:41:c6:f9:23:98:58:fe:86:aa:0c:9d:73:9a:d1:6d:
         83:52:88:77:56:dd:93:49:66:27:ef:09:26:19:43:d5:76:79:
         00:f1:e5:97:a5:11:43:c6:a1:21:dd:e3:49:b4:4f:63:a9:3a:
         23:78:98:93:9f:5d:e4:12:37:23:20:96:86:e9:8a:3f:0f:29:
         b3:02:28:23:6d:f3:7d:0d:94:98:6b:16:64:1b:36:71:c4:32:
         44:3f:af:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVW53tnnOvT92MJif5xV+gGcvSP8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAxMjcwMzI4NTVaFw0yNzAxMjYwMzMzNTVaMDMxMTAvBgNV
BAMTKDNERjVFOENFQjA3NkY5MTYxRTQ5RkJDRUM3QkQ5OUU5Nzc2MjY0OTUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvcAGTRIbBexWlU/hlEnzLAlIh
EyaYGwUY55k3+BSey/Rf/kfda8w4+F67opQTHE68eoURHdJdsGIRKs2cXUBUvSYN
g0gV5sX7Gd7u3Jegq8QOHfvkWgVgp28DZBsWhKO+nJKlyKxkkUR+4R6l9qNlnU0p
kPA6jPwyzdjs4FvDPFKel3bPYjFY/g10AthN6GJEeWgByA+zi5oW6yS4owugH0Ak
yOL9CG0q8+lD8kLC5O3rsudeXFlbciVruFmUOIK/E2qOUljXU4f29e11uKtf35N3
MNgZi/uBqorGh5GME+FgAKTySknxASLB4HjzJ3jcR6ZwtJGLuTdoxEHGsDXXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPfXozrB2+RYeSfvOx72Z6XdiZJUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAxOTkwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Xm
MA0GCSqGSIb3DQEBCwUAA4IBAQB7PXuk9tiPn7vM00nSz85ukFZoBu/aT693fngr
L0V70tCmmhz4NXYA4Wz3kQBcw3YcbwMSFWr7g6SKqqJBUMud1pFXZXYwy9n6KRa6
MFNevs+L1Mm5vT0RncWZu+qfhTq3RPG94AglG19/mpV15FbETw0FGrIpqitkb9oO
RzrPSbMEQIm66M9fy9f+kLWSmwv9N/LHbanhas7JLsTvYFk0I9dIbblBxvkjmFj+
hqoMnXOa0W2DUoh3Vt2TSWYn7wkmGUPVdnkA8eWXpRFDxqEh3eNJtE9jqTojeJiT
n13kEjcjIJaG6Yo/DymzAigjbfN9DZSYaxZkGzZxxDJEP6/T
-----END CERTIFICATE-----