Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
File:                     AS402276.roa (raw, json)
Hash identifier:          k6ygJDziJgikJ8bGUAoxLBnwu7eNnokBKrUgxSxHbms=
Subject key identifier:   AB:26:7B:10:F1:88:3B:3B:34:0A:9F:8B:D3:8B:CF:71:9D:A1:D2:81
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0C49B335304645A0FA0D60AC65FC4C1944D0CCDB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
Signing time:             Wed 20 May 2026 10:35:53 +0000
ROA not before:           Wed 20 May 2026 10:30:53 +0000
ROA not after:            Wed 19 May 2027 10:35:53 +0000
asID:                     402276
IP address blocks:        167.148.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 May 2026 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:49:b3:35:30:46:45:a0:fa:0d:60:ac:65:fc:4c:19:44:d0:cc:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 20 10:30:53 2026 GMT
            Not After : May 19 10:35:53 2027 GMT
        Subject: CN=AB267B10F1883B3B340A9F8BD38BCF719DA1D281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:be:98:a5:02:23:3a:eb:aa:83:f7:b9:40:
                    18:7d:70:2d:6a:78:9f:0d:08:20:9f:ca:3f:47:69:
                    c5:41:6d:26:c9:9e:ae:e7:a1:dc:54:c0:72:aa:b9:
                    66:88:a0:4e:f2:56:44:6b:c8:2d:d0:10:e1:34:34:
                    80:50:21:b8:43:5d:9b:fa:c5:6e:3c:63:3f:fd:3b:
                    e2:a7:46:c0:ec:ec:d6:80:f5:73:1c:d1:b0:51:57:
                    a6:aa:9d:7c:91:2f:1f:c5:81:af:13:c2:46:d5:fa:
                    24:b9:c2:f3:39:a1:f3:eb:e9:71:bc:0a:93:8f:a6:
                    da:6c:6b:05:4e:ca:6f:27:0c:3f:24:34:05:9f:c6:
                    72:61:91:f5:d9:b3:f7:3e:c4:cd:3f:00:ee:ec:e0:
                    d9:cf:ab:c4:45:54:c7:04:d1:1a:d7:28:6a:2b:00:
                    67:28:27:87:87:a6:9d:79:0e:ad:f4:19:c7:8f:eb:
                    d6:91:76:63:1e:04:33:46:95:f2:dc:24:a5:31:f3:
                    1e:ec:20:2a:98:b3:60:7f:6b:43:f6:b7:d9:dd:44:
                    4d:12:d6:87:6e:ea:25:ce:73:13:0e:8f:30:73:09:
                    5b:c2:01:49:44:1f:e9:ef:28:18:a5:96:1a:1a:ea:
                    be:da:0b:45:66:fc:46:55:ca:4f:73:91:14:3f:43:
                    e0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:26:7B:10:F1:88:3B:3B:34:0A:9F:8B:D3:8B:CF:71:9D:A1:D2:81
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:10:ab:7a:90:67:85:54:e6:78:ad:47:db:80:c1:dc:7e:8b:
         7b:57:3c:80:a8:eb:98:6d:1d:30:20:a5:d9:82:ef:ae:f5:8b:
         e1:3e:9f:42:d1:05:b7:30:fc:65:f8:8f:de:d6:c1:bf:b9:6e:
         17:bf:7f:a2:bf:f0:13:a3:23:60:ae:2f:6d:b7:34:09:49:0c:
         9f:42:46:47:a0:19:72:17:54:95:4c:55:43:c4:ca:3a:33:15:
         c3:d0:cd:02:e1:f4:f1:dc:40:44:80:2c:96:b3:fb:ca:1e:c6:
         ce:c9:39:1b:bc:2e:ae:27:e3:5a:a3:50:b7:de:5b:7b:22:97:
         89:dc:0e:37:5f:7b:c2:44:bc:07:85:2f:26:8c:19:5b:02:25:
         48:01:45:f8:61:8f:a4:f8:f0:9f:7d:4c:1a:f9:82:64:d7:9a:
         13:2d:8a:d3:4f:82:14:cc:b2:1d:0a:69:42:f4:9f:b4:bf:f3:
         fd:0e:bd:fe:3e:2c:9a:56:61:71:e6:b5:82:66:d5:ad:fd:58:
         74:29:f7:7c:a2:eb:5c:79:c1:94:c3:aa:92:0f:42:0f:d6:3b:
         9e:e9:63:55:41:99:2a:f3:c0:f9:6b:99:bf:3a:cd:aa:ea:7a:
         21:02:c5:c6:5c:4c:db:6e:9f:6c:35:b7:c5:b9:df:b3:30:13:
         6f:ea:48:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDEmzNTBGRaD6DWCsZfxMGUTQzNswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjAxMDMwNTNaFw0yNzA1MTkxMDM1NTNaMDMxMTAvBgNV
BAMTKEFCMjY3QjEwRjE4ODNCM0IzNDBBOUY4QkQzOEJDRjcxOURBMUQyODEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/Jb6YpQIjOuuqg/e5QBh9cC1q
eJ8NCCCfyj9HacVBbSbJnq7nodxUwHKquWaIoE7yVkRryC3QEOE0NIBQIbhDXZv6
xW48Yz/9O+KnRsDs7NaA9XMc0bBRV6aqnXyRLx/Fga8TwkbV+iS5wvM5ofPr6XG8
CpOPptpsawVOym8nDD8kNAWfxnJhkfXZs/c+xM0/AO7s4NnPq8RFVMcE0RrXKGor
AGcoJ4eHpp15Dq30GceP69aRdmMeBDNGlfLcJKUx8x7sICqYs2B/a0P2t9ndRE0S
1odu6iXOcxMOjzBzCVvCAUlEH+nvKBillhoa6r7aC0Vm/EZVyk9zkRQ/Q+AFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqyZ7EPGIOzs0Cp+L04vPcZ2h0oEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAp5SV
MA0GCSqGSIb3DQEBCwUAA4IBAQBCEKt6kGeFVOZ4rUfbgMHcfot7VzyAqOuYbR0w
IKXZgu+u9YvhPp9C0QW3MPxl+I/e1sG/uW4Xv3+iv/AToyNgri9ttzQJSQyfQkZH
oBlyF1SVTFVDxMo6MxXD0M0C4fTx3EBEgCyWs/vKHsbOyTkbvC6uJ+Nao1C33lt7
IpeJ3A43X3vCRLwHhS8mjBlbAiVIAUX4YY+k+PCffUwa+YJk15oTLYrTT4IUzLId
CmlC9J+0v/P9Dr3+PiyaVmFx5rWCZtWt/Vh0Kfd8outcecGUw6qSD0IP1jue6WNV
QZkq88D5a5m/Os2q6nohAsXGXEzbbp9sNbfFud+zMBNv6kg+
-----END CERTIFICATE-----