Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
File:                     AS402276.roa (raw, json)
Hash identifier:          6bzAGWuCITWu6CP4o2czNX961PLsdM7ZljhmSKnxWf4=
Subject key identifier:   84:E2:23:A9:39:3A:05:DD:A7:43:4D:41:19:16:18:E6:66:35:88:D1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       33E7A5D7CE97169BF28D8A098A2E73F937AD1483
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa
Signing time:             Wed 08 Apr 2026 01:31:06 +0000
ROA not before:           Wed 08 Apr 2026 01:26:06 +0000
ROA not after:            Wed 07 Apr 2027 01:31:06 +0000
asID:                     402276
IP address blocks:        155.117.105.0/24 maxlen: 24
                          167.148.149.0/24 maxlen: 24
                          168.222.43.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:e7:a5:d7:ce:97:16:9b:f2:8d:8a:09:8a:2e:73:f9:37:ad:14:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  8 01:26:06 2026 GMT
            Not After : Apr  7 01:31:06 2027 GMT
        Subject: CN=84E223A9393A05DDA7434D41191618E6663588D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c0:11:85:26:ea:44:84:68:28:d4:38:cc:c1:
                    1f:58:8a:ee:82:74:b1:a3:b0:44:6f:42:01:07:63:
                    fc:45:8b:14:57:5d:f3:9d:f9:8c:67:cf:45:3c:de:
                    7e:4f:01:9e:18:3c:39:5f:0c:df:0e:62:4a:14:93:
                    49:6d:21:ee:e5:d9:9d:bb:66:bc:d0:0b:78:0d:c3:
                    c3:df:19:84:01:71:4f:03:94:f0:0d:94:42:3c:aa:
                    8c:90:2e:b1:06:74:c6:b8:28:60:91:c4:64:cd:41:
                    c6:dc:bb:62:ce:89:18:b7:ff:74:05:6f:2b:41:58:
                    3c:3a:43:1d:9a:85:27:8a:6c:b8:57:eb:0e:b3:2f:
                    ed:62:97:3a:d1:4c:46:0c:a8:c1:fa:12:ee:38:be:
                    e5:2b:c4:15:2e:ac:51:07:63:3a:c3:34:35:97:72:
                    ea:e3:7c:ad:3a:89:53:6a:b6:b2:a2:f8:e8:bf:53:
                    43:83:40:77:12:1d:bc:dc:16:72:39:d1:99:3b:a1:
                    6e:a7:ee:37:78:33:0c:c5:68:4a:01:57:05:8f:d5:
                    1b:33:d0:4d:f8:33:7b:ff:10:37:45:78:56:7d:52:
                    76:82:df:6e:a1:37:cd:04:39:6d:9f:41:0e:1a:d3:
                    a4:eb:82:f8:1b:a4:fc:30:40:8a:53:03:8a:6e:d3:
                    74:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:E2:23:A9:39:3A:05:DD:A7:43:4D:41:19:16:18:E6:66:35:88:D1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402276.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.105.0/24
                  167.148.149.0/24
                  168.222.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:38:75:d0:e3:88:de:29:7d:4a:99:04:52:b4:e8:b5:f9:fd:
         ea:77:cf:32:b0:9e:45:3d:99:a6:1c:69:9b:c9:48:79:9e:38:
         92:fd:69:b2:e9:83:8e:a6:08:a6:b2:f1:ac:d6:08:a4:68:3c:
         ab:71:4d:68:92:d4:39:a8:19:ff:30:c1:fc:0f:38:f6:d1:61:
         13:12:1a:df:8e:6a:06:bc:35:ea:49:77:f2:8c:e7:cc:53:8c:
         94:d7:bf:67:7a:4b:b9:d7:0d:28:3c:ed:61:b5:3b:91:47:07:
         57:40:f7:37:6c:d8:e2:57:4d:44:1f:ce:b5:80:20:fa:5a:98:
         e4:10:d3:31:34:50:fa:10:dd:a6:fd:f3:27:4d:29:9f:50:03:
         ed:83:7b:25:65:c9:e6:d4:40:b5:0f:1f:36:95:33:02:a4:b6:
         4e:c3:ee:c9:57:e6:d5:9c:a5:49:15:f4:14:e5:e7:0e:c3:91:
         cb:53:bb:ed:95:04:0d:8f:09:0f:35:46:11:54:bb:a9:a7:06:
         35:be:51:58:86:0a:d6:00:21:b3:87:b1:0a:58:35:26:c1:7e:
         e4:b4:95:9d:6f:25:71:47:e5:39:40:2a:71:ae:45:6c:11:28:
         d7:ff:27:0f:9b:ce:e8:96:68:fc:9d:a6:91:63:bf:53:49:1b:
         c3:6c:ef:07
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUM+el186XFpvyjYoJii5z+TetFIMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA0MDgwMTI2MDZaFw0yNzA0MDcwMTMxMDZaMDMxMTAvBgNV
BAMTKDg0RTIyM0E5MzkzQTA1RERBNzQzNEQ0MTE5MTYxOEU2NjYzNTg4RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDCwBGFJupEhGgo1DjMwR9Yiu6C
dLGjsERvQgEHY/xFixRXXfOd+Yxnz0U83n5PAZ4YPDlfDN8OYkoUk0ltIe7l2Z27
ZrzQC3gNw8PfGYQBcU8DlPANlEI8qoyQLrEGdMa4KGCRxGTNQcbcu2LOiRi3/3QF
bytBWDw6Qx2ahSeKbLhX6w6zL+1ilzrRTEYMqMH6Eu44vuUrxBUurFEHYzrDNDWX
curjfK06iVNqtrKi+Oi/U0ODQHcSHbzcFnI50Zk7oW6n7jd4MwzFaEoBVwWP1Rsz
0E34M3v/EDdFeFZ9UnaC326hN80EOW2fQQ4a06TrgvgbpPwwQIpTA4pu03QRAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUhOIjqTk6Bd2nQ01BGRYY5mY1iNEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMjc2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAm3Vp
AwQAp5SVAwQAqN4rMA0GCSqGSIb3DQEBCwUAA4IBAQATOHXQ44jeKX1KmQRStOi1
+f3qd88ysJ5FPZmmHGmbyUh5njiS/Wmy6YOOpgimsvGs1gikaDyrcU1oktQ5qBn/
MMH8Dzj20WETEhrfjmoGvDXqSXfyjOfMU4yU179neku51w0oPO1htTuRRwdXQPc3
bNjiV01EH861gCD6WpjkENMxNFD6EN2m/fMnTSmfUAPtg3slZcnm1EC1Dx82lTMC
pLZOw+7JV+bVnKVJFfQU5ecOw5HLU7vtlQQNjwkPNUYRVLuppwY1vlFYhgrWACGz
h7EKWDUmwX7ktJWdbyVxR+U5QCpxrkVsESjX/ycPm87olmj8naaRY79TSRvDbO8H
-----END CERTIFICATE-----