Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402281.roa
File:                     AS402281.roa (raw, json)
Hash identifier:          2T7VRozFXLRRoSvcvDoPdiYleigYUZU6EeZ2UGAOXjw=
Subject key identifier:   B3:5E:F1:07:54:F6:2C:9D:8A:17:EF:0C:30:46:1F:C5:09:27:52:AB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4500049D1FA39DE975EBF379AA3431CF1CAA6A78
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402281.roa
Signing time:             Wed 27 May 2026 08:56:41 +0000
ROA not before:           Wed 27 May 2026 08:51:41 +0000
ROA not after:            Wed 26 May 2027 08:56:41 +0000
asID:                     402281
IP address blocks:        143.14.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:00:04:9d:1f:a3:9d:e9:75:eb:f3:79:aa:34:31:cf:1c:aa:6a:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 27 08:51:41 2026 GMT
            Not After : May 26 08:56:41 2027 GMT
        Subject: CN=B35EF10754F62C9D8A17EF0C30461FC5092752AB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:96:4a:11:2d:7e:07:26:86:d5:53:27:d7:5b:
                    74:a5:bd:55:77:c9:85:67:50:ea:c0:d6:11:36:45:
                    9e:bb:41:71:de:9d:9f:f8:7f:e1:21:31:64:a1:88:
                    95:ae:ad:96:c4:71:f2:8b:49:30:4c:93:5c:bd:c2:
                    01:69:1f:6c:2a:e2:79:44:51:03:f5:7c:d6:3b:58:
                    08:aa:d3:0f:8b:6b:bc:a9:f1:f8:14:15:09:13:eb:
                    94:d2:66:e1:56:12:fa:05:c9:18:c7:cb:06:94:c1:
                    91:ad:e5:c2:23:90:c9:87:b2:df:2b:d8:17:ca:7e:
                    5b:53:7a:7d:e8:dd:a7:b4:8a:50:50:e1:71:67:56:
                    9e:a2:8a:42:fa:5a:04:91:17:60:56:66:f9:33:e4:
                    63:f5:01:c1:6e:83:ce:0a:62:50:5c:9d:75:ea:a3:
                    ea:e5:4b:b2:32:e5:df:48:72:5c:31:81:7c:06:4a:
                    34:be:4c:55:f8:27:72:74:01:09:25:ea:7a:a5:97:
                    75:d4:b9:bb:1c:6e:15:b8:29:94:78:90:f3:9f:60:
                    1e:88:08:44:96:da:b9:27:91:b3:e4:ef:1e:40:4e:
                    5e:4f:59:fb:38:85:b9:28:0a:6b:6f:e8:cb:ed:e2:
                    fc:5c:9d:ee:78:28:15:a8:a9:64:e9:c8:64:20:dc:
                    9f:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5E:F1:07:54:F6:2C:9D:8A:17:EF:0C:30:46:1F:C5:09:27:52:AB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402281.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:f9:d8:ea:28:2b:72:28:54:01:80:a5:b3:bb:e5:95:34:fa:
         65:8d:fa:a1:53:07:06:0a:9c:99:74:cb:ee:6b:99:69:20:63:
         13:aa:fd:88:ef:f7:23:96:30:9c:a0:be:e6:ad:53:ee:cf:2f:
         34:fd:ee:ba:ef:c8:8a:3a:ef:b0:e7:f4:67:7a:51:42:b7:02:
         99:12:11:91:b6:e6:e2:53:61:c5:57:90:92:8c:ad:4d:94:cf:
         ab:6b:6f:50:e7:3c:e7:6d:98:39:be:d4:41:59:0b:49:e4:c0:
         2c:52:f4:b6:0b:b3:4c:0c:f7:75:a6:ec:b1:56:01:8e:c8:19:
         c4:7b:ad:a7:f0:97:e1:9d:41:c7:4e:03:24:aa:74:c5:94:f4:
         14:ce:6c:23:1d:d7:e4:f1:22:06:5b:42:c4:56:23:6a:08:80:
         de:87:95:e5:77:4a:05:eb:0d:4d:8c:73:38:7e:a8:c7:f3:67:
         99:a8:51:e4:34:21:f6:9a:21:71:ac:44:3f:05:88:34:3c:d6:
         17:99:47:1b:82:47:10:96:05:f2:c8:da:2a:cd:03:48:6e:28:
         69:99:59:3f:c7:a0:c0:47:9f:f6:8d:b2:eb:17:60:09:06:9c:
         73:7a:24:dc:b4:e2:30:aa:8e:6d:0a:2d:f8:81:6a:05:fc:ff:
         36:61:1e:2d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURQAEnR+jnel16/N5qjQxzxyqangwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjcwODUxNDFaFw0yNzA1MjYwODU2NDFaMDMxMTAvBgNV
BAMTKEIzNUVGMTA3NTRGNjJDOUQ4QTE3RUYwQzMwNDYxRkM1MDkyNzUyQUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrlkoRLX4HJobVUyfXW3SlvVV3
yYVnUOrA1hE2RZ67QXHenZ/4f+EhMWShiJWurZbEcfKLSTBMk1y9wgFpH2wq4nlE
UQP1fNY7WAiq0w+La7yp8fgUFQkT65TSZuFWEvoFyRjHywaUwZGt5cIjkMmHst8r
2BfKfltTen3o3ae0ilBQ4XFnVp6iikL6WgSRF2BWZvkz5GP1AcFug84KYlBcnXXq
o+rlS7Iy5d9IclwxgXwGSjS+TFX4J3J0AQkl6nqll3XUubscbhW4KZR4kPOfYB6I
CESW2rknkbPk7x5ATl5PWfs4hbkoCmtv6Mvt4vxcne54KBWoqWTpyGQg3J/vAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUs17xB1T2LJ2KF+8MMEYfxQknUqswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMjgxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw6e
MA0GCSqGSIb3DQEBCwUAA4IBAQBG+djqKCtyKFQBgKWzu+WVNPpljfqhUwcGCpyZ
dMvua5lpIGMTqv2I7/cjljCcoL7mrVPuzy80/e6678iKOu+w5/RnelFCtwKZEhGR
tubiU2HFV5CSjK1NlM+ra29Q5zznbZg5vtRBWQtJ5MAsUvS2C7NMDPd1puyxVgGO
yBnEe62n8JfhnUHHTgMkqnTFlPQUzmwjHdfk8SIGW0LEViNqCIDeh5Xld0oF6w1N
jHM4fqjH82eZqFHkNCH2miFxrEQ/BYg0PNYXmUcbgkcQlgXyyNoqzQNIbihpmVk/
x6DAR5/2jbLrF2AJBpxzeiTctOIwqo5tCi34gWoF/P82YR4t
-----END CERTIFICATE-----