Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402257.roa
File:                     AS402257.roa (raw, json)
Hash identifier:          c2ntd5+8goKB9DbGMtEHzlg5Dpcj6elIdZFDx12daY4=
Subject key identifier:   7E:F8:CB:BA:A8:FC:5C:3A:AB:34:FD:87:AE:5A:B2:BC:46:0F:45:66
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3FA010265C7A38C282FE67716CF079030EF27350
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402257.roa
Signing time:             Wed 01 Apr 2026 17:26:45 +0000
ROA not before:           Wed 01 Apr 2026 17:21:45 +0000
ROA not after:            Wed 31 Mar 2027 17:26:45 +0000
asID:                     402257
IP address blocks:        5.181.125.0/24 maxlen: 24
                          5.182.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 Apr 2026 08:49:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:a0:10:26:5c:7a:38:c2:82:fe:67:71:6c:f0:79:03:0e:f2:73:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Apr  1 17:21:45 2026 GMT
            Not After : Mar 31 17:26:45 2027 GMT
        Subject: CN=7EF8CBBAA8FC5C3AAB34FD87AE5AB2BC460F4566
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:bb:32:59:f7:92:6f:2c:21:b7:c1:9f:60:3d:
                    53:4b:b7:ef:b7:dd:42:53:85:11:ef:9f:f9:fb:89:
                    68:c6:8b:81:a5:c7:31:11:66:cb:6b:c3:64:7c:8f:
                    05:91:fa:43:a1:db:b6:d8:5b:e1:31:e4:af:10:c3:
                    a4:4c:20:10:1b:7d:b5:09:c7:f6:39:5e:60:4a:9a:
                    5b:e6:2e:29:7e:68:e9:90:61:e3:2e:bb:78:24:02:
                    27:88:80:ba:f2:74:ff:5c:73:ac:2c:3b:ac:8e:61:
                    d7:33:69:24:a5:27:bd:cd:03:76:03:ab:a0:9b:79:
                    cd:49:2f:90:46:cf:64:54:5c:0a:c8:aa:c8:08:9f:
                    24:c0:21:4c:e6:13:76:e4:d8:5c:9a:f8:3e:ea:ce:
                    cf:51:df:5a:af:f4:6f:2e:58:f4:f7:98:70:46:03:
                    46:34:39:87:6d:3c:4f:0b:96:e8:cd:f6:35:c7:91:
                    cd:58:f4:66:08:ac:47:9b:7e:d6:3a:7a:40:95:8e:
                    8d:07:c2:8f:68:be:f0:e8:b9:81:4a:d4:e5:4a:f3:
                    36:fc:b9:bf:5e:78:85:99:87:84:14:1d:7f:56:0b:
                    53:46:77:40:ee:2d:d7:a2:81:62:41:26:f8:57:f1:
                    27:a7:ac:73:c5:de:f8:83:90:ee:3f:03:ea:62:04:
                    5c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:F8:CB:BA:A8:FC:5C:3A:AB:34:FD:87:AE:5A:B2:BC:46:0F:45:66
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS402257.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.181.125.0/24
                  5.182.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:96:21:c8:eb:1d:79:55:ec:5e:a9:7a:5a:ab:16:e5:56:9b:
         a7:80:b9:93:7b:47:ef:bc:c5:8d:7f:9a:da:26:6f:f0:d5:cc:
         5d:ab:f3:5d:95:41:d6:40:58:05:b3:39:63:5c:15:e8:70:c5:
         e0:5d:f4:ca:97:33:49:3c:77:d8:9d:bb:e6:cb:f6:41:ae:d4:
         3a:96:d8:c1:9c:52:2f:3d:25:0a:ad:14:9f:20:be:9c:e1:83:
         e0:c0:63:2c:6a:12:4e:bb:42:a4:d8:f2:d4:c6:27:d9:ff:9a:
         9c:9e:8a:5b:b6:6a:af:3e:d7:78:36:7d:e6:b3:c2:e5:00:bb:
         ca:28:98:29:df:29:95:56:26:82:04:18:3d:cb:da:ec:bc:c8:
         cf:d0:1b:32:0c:1a:87:d5:7d:0b:77:1b:0b:db:8b:6c:60:ae:
         b2:e6:16:2b:17:62:28:ec:68:4f:d4:77:ba:f9:0b:21:f5:47:
         21:ea:5c:a9:7e:1f:8a:7a:b1:33:19:55:18:83:e2:ee:77:fe:
         0b:4b:23:25:ad:81:b7:a3:10:e8:61:ba:21:94:8e:c3:4e:6d:
         1f:54:09:ce:f7:aa:47:b7:e9:6e:34:4f:57:39:7d:f6:78:0e:
         84:d9:9a:7e:31:46:9f:32:c9:b8:aa:e1:4c:f8:81:00:98:6d:
         a1:53:e9:25
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUP6AQJlx6OMKC/mdxbPB5Aw7yc1AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjA0MDExNzIxNDVaFw0yNzAzMzExNzI2NDVaMDMxMTAvBgNV
BAMTKDdFRjhDQkJBQThGQzVDM0FBQjM0RkQ4N0FFNUFCMkJDNDYwRjQ1NjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkuzJZ95JvLCG3wZ9gPVNLt++3
3UJThRHvn/n7iWjGi4GlxzERZstrw2R8jwWR+kOh27bYW+Ex5K8Qw6RMIBAbfbUJ
x/Y5XmBKmlvmLil+aOmQYeMuu3gkAieIgLrydP9cc6wsO6yOYdczaSSlJ73NA3YD
q6Cbec1JL5BGz2RUXArIqsgInyTAIUzmE3bk2Fya+D7qzs9R31qv9G8uWPT3mHBG
A0Y0OYdtPE8LlujN9jXHkc1Y9GYIrEebftY6ekCVjo0Hwo9ovvDouYFK1OVK8zb8
ub9eeIWZh4QUHX9WC1NGd0DuLdeigWJBJvhX8SenrHPF3viDkO4/A+piBFw/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUfvjLuqj8XDqrNP2HrlqyvEYPRWYwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDAyMjU3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABbV9
AwQABbZtMA0GCSqGSIb3DQEBCwUAA4IBAQB2liHI6x15VexeqXpaqxblVpungLmT
e0fvvMWNf5raJm/w1cxdq/NdlUHWQFgFszljXBXocMXgXfTKlzNJPHfYnbvmy/ZB
rtQ6ltjBnFIvPSUKrRSfIL6c4YPgwGMsahJOu0Kk2PLUxifZ/5qcnopbtmqvPtd4
Nn3ms8LlALvKKJgp3ymVViaCBBg9y9rsvMjP0BsyDBqH1X0LdxsL24tsYK6y5hYr
F2Io7GhP1He6+Qsh9Uch6lypfh+KerEzGVUYg+Lud/4LSyMlrYG3oxDoYbohlI7D
Tm0fVAnO96pHt+luNE9XOX32eA6E2Zp+MUafMsm4quFM+IEAmG2hU+kl
-----END CERTIFICATE-----