Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402315.roa
File:                     AS402315.roa (raw, json)
Hash identifier:          bWzT1jEhUIdcW62jn4dLC5bA/O5pwJOsDu5j6kjlXiU=
Subject key identifier:   A3:4D:16:15:D6:C9:F2:EF:C2:B1:26:05:30:3D:17:B7:A2:87:64:62
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2A5D37F614777B138549C5FD5003027F93CCCCBA
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402315.roa
Signing time:             Mon 23 Mar 2026 07:52:53 +0000
ROA not before:           Mon 23 Mar 2026 07:47:53 +0000
ROA not after:            Mon 22 Mar 2027 07:52:53 +0000
asID:                     402315
IP address blocks:        146.103.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:5d:37:f6:14:77:7b:13:85:49:c5:fd:50:03:02:7f:93:cc:cc:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 23 07:47:53 2026 GMT
            Not After : Mar 22 07:52:53 2027 GMT
        Subject: CN=A34D1615D6C9F2EFC2B12605303D17B7A2876462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:f8:96:3b:eb:c0:05:43:fa:8b:a5:37:f7:05:
                    a1:f7:ed:b9:62:f5:3a:3e:b1:46:0a:69:74:6f:b9:
                    88:5b:30:79:f2:93:65:23:61:12:cf:74:44:b5:c2:
                    6a:fb:4d:43:6e:4f:8f:9d:6a:65:90:01:7c:ae:66:
                    97:dd:5a:7c:8a:ff:a4:16:b8:7d:65:a3:69:d6:d8:
                    19:59:0b:fa:f6:57:bf:3c:ec:ff:ee:da:1e:90:15:
                    82:33:44:91:40:28:f0:f5:01:d3:05:44:24:a8:1e:
                    8e:44:25:04:7b:36:88:ec:07:3e:5c:73:59:a2:29:
                    36:e9:af:5a:d7:c6:fd:c9:84:17:1b:f3:7b:56:80:
                    03:63:28:3c:31:b3:84:c9:71:75:f1:1a:0f:1a:d5:
                    ce:25:e0:6b:74:78:a6:0c:45:bf:ff:7a:16:fb:55:
                    cf:f3:2f:98:9a:19:0c:8e:e1:6c:93:a8:36:0d:18:
                    37:46:a1:2d:df:8b:8c:54:94:cd:26:50:b4:48:16:
                    38:db:e5:a0:5a:c1:65:99:43:c0:a8:4b:bd:66:0a:
                    c3:aa:d3:b1:aa:6e:14:c7:a1:02:aa:bf:6d:58:c6:
                    7d:66:d9:06:6c:1b:6a:f9:7a:dc:97:61:99:74:7d:
                    66:0c:f2:f8:04:f1:f7:42:e7:7c:d8:2f:16:b9:a0:
                    f9:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:4D:16:15:D6:C9:F2:EF:C2:B1:26:05:30:3D:17:B7:A2:87:64:62
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402315.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:93:b6:df:1f:18:81:09:67:49:5f:60:66:33:ec:64:6c:7f:
         58:d7:0a:0f:7f:71:df:cf:ac:7d:12:9b:79:e8:5f:ff:5b:42:
         e4:76:6d:c1:6e:38:88:aa:98:e2:44:da:9b:35:f1:d7:ed:97:
         42:bc:26:5f:65:f0:17:47:06:50:8e:2c:21:92:89:d5:30:c5:
         e6:16:44:9a:99:d9:de:21:84:8a:1a:6e:b3:1e:93:89:dc:ef:
         d0:09:7a:af:66:a0:58:4c:a3:a9:d6:4c:69:6a:8d:d2:6e:78:
         41:10:fe:37:35:55:1e:4c:17:9b:7b:7f:88:77:27:81:94:be:
         0f:20:4d:5f:bf:ae:56:cb:d5:64:c3:12:2b:4d:fd:ab:dd:d9:
         9f:5b:f3:7e:74:ea:66:a8:7a:2a:4e:ef:8a:b8:8b:b6:ae:f0:
         c5:5f:1f:91:f2:08:9a:aa:0f:67:37:dd:b2:ee:57:22:ce:95:
         63:54:7c:62:da:c0:75:e7:71:6f:ff:40:02:9a:0c:bf:b1:21:
         52:58:ad:7e:f7:a4:60:7b:df:45:ac:79:09:e8:4c:e1:b3:4e:
         d3:08:bd:a7:4c:33:20:04:c3:0b:86:a0:5f:8a:c9:c0:76:ad:
         7f:d6:35:50:f3:a9:6a:ec:8e:ca:ff:c1:bf:b5:7b:c5:e0:38:
         a1:4e:2c:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKl039hR3exOFScX9UAMCf5PMzLowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMjMwNzQ3NTNaFw0yNzAzMjIwNzUyNTNaMDMxMTAvBgNV
BAMTKEEzNEQxNjE1RDZDOUYyRUZDMkIxMjYwNTMwM0QxN0I3QTI4NzY0NjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDm+JY768AFQ/qLpTf3BaH37bli
9To+sUYKaXRvuYhbMHnyk2UjYRLPdES1wmr7TUNuT4+damWQAXyuZpfdWnyK/6QW
uH1lo2nW2BlZC/r2V7887P/u2h6QFYIzRJFAKPD1AdMFRCSoHo5EJQR7NojsBz5c
c1miKTbpr1rXxv3JhBcb83tWgANjKDwxs4TJcXXxGg8a1c4l4Gt0eKYMRb//ehb7
Vc/zL5iaGQyO4WyTqDYNGDdGoS3fi4xUlM0mULRIFjjb5aBawWWZQ8CoS71mCsOq
07GqbhTHoQKqv21Yxn1m2QZsG2r5etyXYZl0fWYM8vgE8fdC53zYLxa5oPljAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUo00WFdbJ8u/CsSYFMD0Xt6KHZGIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyMzE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc5
MA0GCSqGSIb3DQEBCwUAA4IBAQAzk7bfHxiBCWdJX2BmM+xkbH9Y1woPf3Hfz6x9
Ept56F//W0Lkdm3BbjiIqpjiRNqbNfHX7ZdCvCZfZfAXRwZQjiwhkonVMMXmFkSa
mdneIYSKGm6zHpOJ3O/QCXqvZqBYTKOp1kxpao3SbnhBEP43NVUeTBebe3+IdyeB
lL4PIE1fv65Wy9VkwxIrTf2r3dmfW/N+dOpmqHoqTu+KuIu2rvDFXx+R8giaqg9n
N92y7lcizpVjVHxi2sB153Fv/0ACmgy/sSFSWK1+96Rge99FrHkJ6Ezhs07TCL2n
TDMgBMMLhqBfisnAdq1/1jVQ86lq7I7K/8G/tXvF4DihTizJ
-----END CERTIFICATE-----