Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402508.roa
File:                     AS402508.roa (raw, json)
Hash identifier:          GG/oFQhKRhIKjSzsDLDA22puB/I3VK1DLcT5td1l9ys=
Subject key identifier:   15:4A:61:9F:96:FD:9B:A2:59:E5:60:B9:B2:5B:88:F7:D3:AC:9D:99
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4F5B9E21B048791A3093381CB758FEDEF88A5714
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402508.roa
Signing time:             Mon 25 May 2026 09:00:42 +0000
ROA not before:           Mon 25 May 2026 08:55:42 +0000
ROA not after:            Mon 24 May 2027 09:00:42 +0000
asID:                     402508
IP address blocks:        162.141.68.0/24 maxlen: 24
                          168.222.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:5b:9e:21:b0:48:79:1a:30:93:38:1c:b7:58:fe:de:f8:8a:57:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 25 08:55:42 2026 GMT
            Not After : May 24 09:00:42 2027 GMT
        Subject: CN=154A619F96FD9BA259E560B9B25B88F7D3AC9D99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:d5:0e:06:62:ee:a4:12:ef:cd:34:85:d6:d8:
                    49:16:c0:97:6f:fa:57:c5:c2:ec:2f:ab:f2:e1:dd:
                    e4:bc:ac:a6:ba:2d:ff:52:2a:2c:55:18:b5:fa:f3:
                    20:ee:43:1f:a3:85:56:8c:65:c7:77:1e:c9:b9:f9:
                    fa:a3:b1:b0:2d:d5:f2:f5:50:eb:67:38:47:ad:46:
                    55:73:73:b2:b5:06:65:86:33:b8:e6:be:94:20:c4:
                    14:20:a1:8f:1d:e6:b4:fc:9b:6c:c5:74:76:28:61:
                    14:5c:d6:43:55:1a:1d:ff:fd:24:86:7f:eb:be:48:
                    2f:59:7c:08:70:b4:16:c1:e8:94:84:32:27:a4:46:
                    32:57:3d:48:1a:c4:9f:dc:a6:10:0f:69:e4:21:be:
                    e4:f3:3d:12:28:30:12:a5:10:26:21:93:98:d3:b3:
                    38:80:b7:28:37:db:57:85:0a:94:97:72:93:b2:4f:
                    86:63:be:3f:6c:0f:46:27:35:16:46:66:a7:10:6b:
                    46:25:0a:4f:24:5a:3e:bf:d4:25:ae:f3:f2:7e:3e:
                    e1:04:c0:bb:5d:3e:b6:0a:b0:a2:59:d2:9b:4b:95:
                    80:66:e0:cf:de:63:57:b7:38:80:19:de:fa:ce:1a:
                    3b:bb:b2:35:43:bb:2a:b5:2e:b7:c8:0c:94:41:73:
                    14:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:4A:61:9F:96:FD:9B:A2:59:E5:60:B9:B2:5B:88:F7:D3:AC:9D:99
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS402508.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.68.0/24
                  168.222.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:45:54:49:51:3e:84:14:d4:c8:07:e2:95:9e:36:be:9d:0c:
         96:1e:3a:f6:a9:61:60:b7:70:17:4c:13:4d:6c:f6:ad:8d:db:
         54:3a:61:f1:5e:17:3d:d2:01:ae:ad:13:90:13:a9:75:64:2d:
         08:60:40:fb:58:a1:a8:fb:2e:a5:c5:57:ba:20:e9:8e:37:32:
         38:7b:aa:89:5b:24:60:57:aa:15:26:2d:2e:44:a4:4a:aa:72:
         7d:4a:7d:c1:39:0b:b3:db:c7:7b:17:8c:ea:59:df:9c:6f:62:
         9f:ed:88:8a:bb:75:87:16:28:d9:b6:dc:ee:dc:2f:4a:7b:f8:
         a2:b1:56:ca:aa:d2:c6:24:4b:e6:9a:e8:2c:70:ca:6d:8a:cb:
         e7:57:ea:ec:65:3a:aa:19:87:33:b7:ba:14:ac:2b:94:27:e7:
         cc:25:2a:1a:01:4d:73:0a:98:a5:b7:5e:57:8f:66:73:62:3b:
         17:43:ec:59:54:0c:1a:c9:63:fa:9a:e0:88:c4:e5:6a:5a:e8:
         f3:9d:03:02:41:c2:0e:3e:02:eb:09:32:e8:f6:fc:10:a1:3e:
         5a:3c:7b:42:40:33:10:7a:3a:c2:b0:74:57:d3:12:62:f9:e3:
         91:28:c2:0c:d2:44:9e:e6:af:74:84:2e:17:0b:eb:e7:31:3d:
         39:ee:77:ce
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUT1ueIbBIeRowkzgct1j+3viKVxQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA1MjUwODU1NDJaFw0yNzA1MjQwOTAwNDJaMDMxMTAvBgNV
BAMTKDE1NEE2MTlGOTZGRDlCQTI1OUU1NjBCOUIyNUI4OEY3RDNBQzlEOTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD61Q4GYu6kEu/NNIXW2EkWwJdv
+lfFwuwvq/Lh3eS8rKa6Lf9SKixVGLX68yDuQx+jhVaMZcd3Hsm5+fqjsbAt1fL1
UOtnOEetRlVzc7K1BmWGM7jmvpQgxBQgoY8d5rT8m2zFdHYoYRRc1kNVGh3//SSG
f+u+SC9ZfAhwtBbB6JSEMiekRjJXPUgaxJ/cphAPaeQhvuTzPRIoMBKlECYhk5jT
sziAtyg321eFCpSXcpOyT4Zjvj9sD0YnNRZGZqcQa0YlCk8kWj6/1CWu8/J+PuEE
wLtdPrYKsKJZ0ptLlYBm4M/eY1e3OIAZ3vrOGju7sjVDuyq1LrfIDJRBcxQzAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUFUphn5b9m6JZ5WC5sluI99OsnZkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDAyNTA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAoo1E
AwQAqN4eMA0GCSqGSIb3DQEBCwUAA4IBAQBpRVRJUT6EFNTIB+KVnja+nQyWHjr2
qWFgt3AXTBNNbPatjdtUOmHxXhc90gGurROQE6l1ZC0IYED7WKGo+y6lxVe6IOmO
NzI4e6qJWyRgV6oVJi0uRKRKqnJ9Sn3BOQuz28d7F4zqWd+cb2Kf7YiKu3WHFijZ
ttzu3C9Ke/iisVbKqtLGJEvmmugscMptisvnV+rsZTqqGYczt7oUrCuUJ+fMJSoa
AU1zCpilt15Xj2ZzYjsXQ+xZVAwayWP6muCIxOVqWujznQMCQcIOPgLrCTLo9vwQ
oT5aPHtCQDMQejrCsHRX0xJi+eORKMIM0kSe5q90hC4XC+vnMT057nfO
-----END CERTIFICATE-----