Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa
File:                     AS399587.roa (raw, json)
Hash identifier:          HgecWT2qqRBSNRurYQKSIooNiKGsWHCsOFlhYmJw0K8=
Subject key identifier:   69:56:DF:05:1B:0C:C3:72:3A:9B:93:09:34:A7:54:07:64:FB:B5:98
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       2BF3061501624B758AF8CD990ADBA1B9BF88D8F1
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa
Signing time:             Fri 26 Jun 2026 08:08:40 +0000
ROA not before:           Fri 26 Jun 2026 08:03:40 +0000
ROA not after:            Fri 25 Jun 2027 08:08:40 +0000
asID:                     399587
IP address blocks:        2a0f:85c1:84e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 20:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2b:f3:06:15:01:62:4b:75:8a:f8:cd:99:0a:db:a1:b9:bf:88:d8:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Jun 26 08:03:40 2026 GMT
            Not After : Jun 25 08:08:40 2027 GMT
        Subject: CN=6956DF051B0CC3723A9B930934A7540764FBB598
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e7:05:a1:f2:7c:23:38:fb:69:53:c8:92:1f:
                    f8:3b:8c:f7:ef:89:4d:66:19:72:4a:8b:6e:ec:b1:
                    1d:b4:21:73:d7:bd:88:76:d3:9b:7b:87:6c:02:61:
                    7b:2c:db:9a:64:d0:15:63:16:6a:58:7a:59:5d:9e:
                    31:b1:1e:cd:d2:2d:f1:dd:49:e7:a6:24:40:15:92:
                    04:39:79:13:c2:91:c5:9d:3e:c3:ab:b0:2c:ff:11:
                    66:38:d8:52:13:2d:ef:f1:0c:95:0e:e0:47:37:d1:
                    8c:c0:35:05:32:2c:ec:b8:53:62:a3:be:18:75:4f:
                    ab:a2:bd:db:bd:94:9e:4b:68:36:b5:1b:60:78:0d:
                    cc:b4:b5:1f:6b:bd:47:cb:60:74:60:99:0a:a3:f8:
                    54:04:63:23:4b:5d:35:34:b5:f7:d7:6c:2d:76:f4:
                    33:1a:c5:f9:60:cd:35:2e:22:25:59:49:49:a9:b0:
                    77:74:a1:17:ba:d6:30:f5:a6:0f:8c:99:1a:64:d7:
                    14:d1:9a:1a:8a:3c:7b:da:8e:a1:99:e4:f6:56:cd:
                    ac:70:d9:e2:92:0a:ed:d5:97:2e:00:88:89:60:11:
                    ec:50:bd:76:19:27:83:a5:a3:68:fb:4a:70:1f:fe:
                    2b:ad:59:04:7c:1f:08:63:f6:79:12:30:cc:1e:88:
                    ef:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:56:DF:05:1B:0C:C3:72:3A:9B:93:09:34:A7:54:07:64:FB:B5:98
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:84e::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:4e:97:30:51:9d:7f:9c:00:2f:f3:63:8a:a1:26:08:d1:36:
         ae:ed:b1:2f:ee:c1:54:84:90:48:4a:d3:f5:9d:9a:dd:2b:76:
         85:55:b6:b8:95:9e:64:aa:d3:f4:b8:a4:29:c2:c4:6e:79:c0:
         3a:5d:c5:4b:a9:6a:49:e3:19:30:e5:a0:cc:c2:cf:38:cd:d5:
         36:ee:c5:eb:b4:48:84:d4:40:ce:3a:aa:f9:d6:45:44:38:1c:
         15:3f:2d:46:4b:73:e6:40:55:12:0e:a9:07:71:d1:00:e2:8b:
         ec:bc:29:2d:43:9e:ec:fe:c6:c9:39:8f:1c:d0:48:ae:77:cf:
         87:61:83:d1:06:d5:22:e9:4f:32:64:99:34:ab:38:9b:9e:ce:
         59:15:7f:8d:91:f1:66:01:f3:c3:7d:ba:68:d9:45:50:a5:42:
         46:6f:82:90:aa:60:e9:dc:a4:4c:00:51:45:7a:62:2d:d2:2d:
         21:47:05:54:a7:0d:22:da:6f:d4:86:16:46:06:cc:14:a1:34:
         38:ca:93:58:98:1c:fb:e0:5c:b0:37:c7:fe:df:73:b7:17:fa:
         e4:47:34:ef:60:c7:20:17:4b:a3:eb:0e:af:2d:bc:5e:7c:fb:
         20:09:13:e1:3a:35:fb:8d:31:a9:7e:11:fd:3f:bd:8e:18:57:
         17:46:aa:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUK/MGFQFiS3WK+M2ZCtuhub+I2PEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNjA2MjYwODAzNDBaFw0yNzA2MjUwODA4NDBaMDMxMTAvBgNV
BAMTKDY5NTZERjA1MUIwQ0MzNzIzQTlCOTMwOTM0QTc1NDA3NjRGQkI1OTgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy5wWh8nwjOPtpU8iSH/g7jPfv
iU1mGXJKi27ssR20IXPXvYh205t7h2wCYXss25pk0BVjFmpYelldnjGxHs3SLfHd
SeemJEAVkgQ5eRPCkcWdPsOrsCz/EWY42FITLe/xDJUO4Ec30YzANQUyLOy4U2Kj
vhh1T6uivdu9lJ5LaDa1G2B4Dcy0tR9rvUfLYHRgmQqj+FQEYyNLXTU0tffXbC12
9DMaxflgzTUuIiVZSUmpsHd0oRe61jD1pg+MmRpk1xTRmhqKPHvajqGZ5PZWzaxw
2eKSCu3Vly4AiIlgEexQvXYZJ4Olo2j7SnAf/iutWQR8Hwhj9nkSMMweiO/NAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUaVbfBRsMw3I6m5MJNKdUB2T7tZgwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzk5NTg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhOMA0GCSqGSIb3DQEBCwUAA4IBAQAZTpcwUZ1/nAAv82OKoSYI0Tau7bEv7sFU
hJBIStP1nZrdK3aFVba4lZ5kqtP0uKQpwsRuecA6XcVLqWpJ4xkw5aDMws84zdU2
7sXrtEiE1EDOOqr51kVEOBwVPy1GS3PmQFUSDqkHcdEA4ovsvCktQ57s/sbJOY8c
0Eiud8+HYYPRBtUi6U8yZJk0qzibns5ZFX+NkfFmAfPDfbpo2UVQpUJGb4KQqmDp
3KRMAFFFemIt0i0hRwVUpw0i2m/UhhZGBswUoTQ4ypNYmBz74FywN8f+33O3F/rk
RzTvYMcgF0uj6w6vLbxefPsgCRPhOjX7jTGpfhH9P72OGFcXRqqG
-----END CERTIFICATE-----
Generated at Fri Jul 3 23:20:47 2026 by rpki-client