Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400308.roa
File:                     AS400308.roa (raw, json)
Hash identifier:          QxKzh0laZYOamem5U/wMbVrLunbIzqNfIGww9MiyezQ=
Subject key identifier:   B9:B4:99:EB:DF:EB:B9:51:77:2C:19:62:01:EF:3F:9F:68:A0:E6:1D
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4558444A64D615563B7225BF4F7359F38F2D1698
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400308.roa
Signing time:             Fri 22 May 2026 09:25:34 +0000
ROA not before:           Fri 22 May 2026 09:20:34 +0000
ROA not after:            Fri 21 May 2027 09:25:34 +0000
asID:                     400308
IP address blocks:        191.96.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 14:59:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:58:44:4a:64:d6:15:56:3b:72:25:bf:4f:73:59:f3:8f:2d:16:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 22 09:20:34 2026 GMT
            Not After : May 21 09:25:34 2027 GMT
        Subject: CN=B9B499EBDFEBB951772C196201EF3F9F68A0E61D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:64:61:06:bf:ac:0b:64:6c:37:53:3a:a2:c7:
                    cd:54:1c:0c:02:07:aa:19:40:fa:8c:b9:b5:2d:7f:
                    c5:fd:73:94:d5:37:24:55:60:a8:0c:06:c1:a0:c0:
                    7e:98:bd:eb:8a:3a:a0:c4:9e:c0:81:46:be:17:30:
                    7c:4a:e2:72:99:b1:fd:52:12:c9:99:4b:84:05:c3:
                    d4:22:e4:3a:73:b3:b7:09:f3:09:ba:74:2d:a8:eb:
                    68:4a:b1:df:0c:03:3e:70:0d:08:3f:ab:4a:e0:52:
                    9c:09:26:b5:7b:1e:ba:03:fe:4d:16:49:8e:36:ec:
                    47:b7:d9:16:9d:88:77:43:bb:ed:1b:60:5d:1a:27:
                    a1:8c:28:c4:db:d0:2b:5e:01:e1:b6:f8:1f:f7:b9:
                    8f:f7:28:eb:5b:f7:e4:66:29:0b:75:89:fa:00:2a:
                    32:05:5b:b7:5b:bb:5d:a1:40:a7:79:99:05:48:2c:
                    7c:55:d9:c5:9a:c4:6d:6e:23:28:dd:a4:56:6e:f3:
                    a8:e2:e7:63:dd:a1:67:1d:7f:95:86:e3:2a:ae:f1:
                    b4:6c:54:70:fc:5a:eb:56:9e:47:37:6d:f9:31:83:
                    08:08:fa:cd:ad:0f:15:a1:e1:8d:e1:b1:a0:76:6f:
                    d0:ae:c9:a1:f3:fa:6a:c9:70:3e:d2:ea:3e:32:2f:
                    57:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:B4:99:EB:DF:EB:B9:51:77:2C:19:62:01:EF:3F:9F:68:A0:E6:1D
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS400308.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:01:8a:00:ac:b7:50:49:d8:b2:16:44:df:de:ea:89:c3:32:
         66:c3:29:e0:d6:d7:6b:18:ee:22:ee:ce:62:86:eb:8f:30:4d:
         1b:33:7c:44:2c:d5:fe:92:8b:e2:78:d3:56:61:d8:41:35:ef:
         a8:9e:f0:a8:b5:bb:45:6d:e9:6c:30:bb:66:cb:a5:0a:5a:ac:
         7d:be:10:db:85:bf:93:64:96:fb:54:f9:82:98:c1:03:37:82:
         cf:a2:f8:f3:e5:fd:52:4b:23:c1:90:46:0b:a3:6d:d8:0c:30:
         d6:23:b2:7a:ab:29:8a:a4:8f:a2:1c:33:a0:cb:a9:38:77:05:
         77:57:33:92:79:9b:c9:23:36:18:83:77:22:36:47:d7:58:eb:
         19:60:8d:b0:b6:60:c1:4c:03:3b:d9:ff:fb:e9:70:2f:a3:07:
         de:6e:d3:f1:1b:3e:1b:c0:f9:c0:fa:f0:37:af:99:ad:25:8c:
         02:48:da:a8:82:80:bf:67:2c:11:b7:7d:1b:b6:b6:fc:15:a2:
         30:ef:0d:ca:04:84:e7:84:35:f1:03:e2:b5:7e:8d:34:ab:cb:
         61:76:74:2f:ff:64:49:4f:bf:f5:e7:d9:bb:2e:10:4f:c1:f6:
         b8:84:08:8a:e3:6f:da:62:53:3e:36:ad:de:10:88:0a:18:7c:
         00:79:24:4f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURVhESmTWFVY7ciW/T3NZ848tFpgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA1MjIwOTIwMzRaFw0yNzA1MjEwOTI1MzRaMDMxMTAvBgNV
BAMTKEI5QjQ5OUVCREZFQkI5NTE3NzJDMTk2MjAxRUYzRjlGNjhBMEU2MUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGZGEGv6wLZGw3Uzqix81UHAwC
B6oZQPqMubUtf8X9c5TVNyRVYKgMBsGgwH6YveuKOqDEnsCBRr4XMHxK4nKZsf1S
EsmZS4QFw9Qi5Dpzs7cJ8wm6dC2o62hKsd8MAz5wDQg/q0rgUpwJJrV7HroD/k0W
SY427Ee32RadiHdDu+0bYF0aJ6GMKMTb0CteAeG2+B/3uY/3KOtb9+RmKQt1ifoA
KjIFW7dbu12hQKd5mQVILHxV2cWaxG1uIyjdpFZu86ji52PdoWcdf5WG4yqu8bRs
VHD8WutWnkc3bfkxgwgI+s2tDxWh4Y3hsaB2b9CuyaHz+mrJcD7S6j4yL1dNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUubSZ69/ruVF3LBliAe8/n2ig5h0wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAwMzA4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2AD
MA0GCSqGSIb3DQEBCwUAA4IBAQCGAYoArLdQSdiyFkTf3uqJwzJmwyng1tdrGO4i
7s5ihuuPME0bM3xELNX+kovieNNWYdhBNe+onvCotbtFbelsMLtmy6UKWqx9vhDb
hb+TZJb7VPmCmMEDN4LPovjz5f1SSyPBkEYLo23YDDDWI7J6qymKpI+iHDOgy6k4
dwV3VzOSeZvJIzYYg3ciNkfXWOsZYI2wtmDBTAM72f/76XAvowfebtPxGz4bwPnA
+vA3r5mtJYwCSNqogoC/ZywRt30btrb8FaIw7w3KBITnhDXxA+K1fo00q8thdnQv
/2RJT7/159m7LhBPwfa4hAiK42/aYlM+Nq3eEIgKGHwAeSRP
-----END CERTIFICATE-----