Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402487.roa
File:                     AS402487.roa (raw, json)
Hash identifier:          xmYxGiKnLBRg9wf/MQbwAWOAB1EdxV98m9yB77RRypA=
Subject key identifier:   32:6C:D1:D4:E4:BE:51:68:87:AA:32:F9:18:3F:97:0E:DA:09:DD:56
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5092B8FB1EA44420C51E1BA9B8C80ABFC65C5F9F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402487.roa
Signing time:             Tue 19 May 2026 07:07:10 +0000
ROA not before:           Tue 19 May 2026 07:02:10 +0000
ROA not after:            Tue 18 May 2027 07:07:10 +0000
asID:                     402487
IP address blocks:        140.150.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 10 Jun 2026 20:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:92:b8:fb:1e:a4:44:20:c5:1e:1b:a9:b8:c8:0a:bf:c6:5c:5f:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 19 07:02:10 2026 GMT
            Not After : May 18 07:07:10 2027 GMT
        Subject: CN=326CD1D4E4BE516887AA32F9183F970EDA09DD56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d3:59:52:83:b9:a3:0a:ab:c7:c5:18:98:ac:
                    a7:7c:38:47:eb:8b:98:b0:75:22:2f:f7:6d:0a:31:
                    a8:80:f8:fc:ac:42:d2:d9:99:ef:9d:d4:9c:ec:87:
                    6b:ba:af:e0:53:f3:1c:9c:b2:5b:d9:33:bb:2d:af:
                    da:c1:0e:d7:fa:a2:aa:d3:c5:fe:ee:45:47:f9:f8:
                    5f:c0:eb:e1:58:d1:01:94:b4:0e:64:c4:c2:01:47:
                    15:f5:e9:7b:a4:a2:a0:05:8a:a2:39:af:44:d8:c4:
                    66:bc:45:cb:f5:ed:7e:77:0b:dc:3f:a3:af:e6:13:
                    b2:ca:75:34:6c:72:ff:d8:f0:f2:6b:c9:2f:f2:1e:
                    30:63:08:2b:80:c1:9a:22:38:ac:c3:8f:3b:11:ca:
                    89:de:06:4d:35:d8:4f:5d:28:21:29:e7:a2:cc:41:
                    77:7c:3a:7e:22:c9:fa:51:c0:df:31:af:2f:1d:0c:
                    9b:b0:d7:cc:61:5e:70:f5:1b:2b:47:a9:73:15:5a:
                    2c:37:a6:3c:c6:ac:79:2b:e5:be:a9:75:e3:53:f3:
                    49:11:46:69:28:72:5a:82:cb:ad:ec:43:36:9b:15:
                    a2:d6:67:97:16:0b:b0:19:22:76:2e:30:9a:53:38:
                    8b:19:c4:9c:86:c8:cf:3e:0c:ac:32:2d:b7:b6:76:
                    20:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:6C:D1:D4:E4:BE:51:68:87:AA:32:F9:18:3F:97:0E:DA:09:DD:56
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402487.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:99:a0:5f:c6:9e:50:0e:a8:6a:2d:db:bd:22:e0:3c:44:a9:
         1a:68:5c:00:aa:f3:e7:28:2d:3f:26:94:49:b3:f8:6f:97:10:
         4d:be:f2:8d:73:6f:51:62:a8:b6:58:78:2c:56:8e:b2:c2:24:
         91:76:be:35:e4:2c:35:a1:a7:47:11:c4:7e:8a:25:12:ce:6e:
         75:ed:16:09:23:c6:aa:38:60:da:57:e7:1d:70:fc:c3:31:93:
         bd:9b:48:d2:b0:9a:ac:67:7e:48:8d:c1:3b:3d:54:70:57:bb:
         13:1e:8d:7b:24:08:c8:38:ba:d7:41:e7:8f:b1:26:5f:e8:62:
         66:4e:2b:62:29:28:e7:56:8d:6d:37:aa:d1:3e:88:8b:e9:68:
         03:30:3b:23:19:93:ba:c5:28:04:2f:55:ba:ec:6f:20:f0:5a:
         21:6c:29:5f:51:09:c3:45:04:d8:11:65:3f:c5:ec:06:cf:f1:
         74:9b:cf:86:cd:8c:5e:02:e7:3c:df:80:3e:66:15:9e:bc:94:
         ea:e0:b9:4a:92:f8:30:61:1a:10:50:80:70:24:f1:3c:2a:e8:
         8f:64:19:ff:34:cb:34:71:5a:51:49:f1:4f:6d:73:3d:fe:cc:
         80:12:97:94:79:07:9c:f1:9c:ea:1b:9f:28:b2:3d:16:84:39:
         b9:5b:81:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUUJK4+x6kRCDFHhupuMgKv8ZcX58wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MTkwNzAyMTBaFw0yNzA1MTgwNzA3MTBaMDMxMTAvBgNV
BAMTKDMyNkNEMUQ0RTRCRTUxNjg4N0FBMzJGOTE4M0Y5NzBFREEwOURENTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCS01lSg7mjCqvHxRiYrKd8OEfr
i5iwdSIv920KMaiA+PysQtLZme+d1Jzsh2u6r+BT8xycslvZM7str9rBDtf6oqrT
xf7uRUf5+F/A6+FY0QGUtA5kxMIBRxX16XukoqAFiqI5r0TYxGa8Rcv17X53C9w/
o6/mE7LKdTRscv/Y8PJryS/yHjBjCCuAwZoiOKzDjzsRyoneBk012E9dKCEp56LM
QXd8On4iyfpRwN8xry8dDJuw18xhXnD1GytHqXMVWiw3pjzGrHkr5b6pdeNT80kR
RmkoclqCy63sQzabFaLWZ5cWC7AZInYuMJpTOIsZxJyGyM8+DKwyLbe2diAJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMmzR1OS+UWiHqjL5GD+XDtoJ3VYwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyNDg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjJbj
MA0GCSqGSIb3DQEBCwUAA4IBAQBlmaBfxp5QDqhqLdu9IuA8RKkaaFwAqvPnKC0/
JpRJs/hvlxBNvvKNc29RYqi2WHgsVo6ywiSRdr415Cw1oadHEcR+iiUSzm517RYJ
I8aqOGDaV+cdcPzDMZO9m0jSsJqsZ35IjcE7PVRwV7sTHo17JAjIOLrXQeePsSZf
6GJmTitiKSjnVo1tN6rRPoiL6WgDMDsjGZO6xSgEL1W67G8g8FohbClfUQnDRQTY
EWU/xewGz/F0m8+GzYxeAuc834A+ZhWevJTq4LlKkvgwYRoQUIBwJPE8KuiPZBn/
NMs0cVpRSfFPbXM9/syAEpeUeQec8ZzqG58osj0WhDm5W4EA
-----END CERTIFICATE-----