Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS398698.roa
File:                     AS398698.roa (raw, json)
Hash identifier:          4mZ55mqHu1X6yuAoSkfXTCzOxnw6uTxPiTiBVPzmYl4=
Subject key identifier:   76:F8:EA:BF:62:C2:80:59:84:22:53:38:CB:AB:8D:D6:4A:25:99:63
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       1BD1CCAF1CE0F61925ABC74EC16E22B43199181E
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS398698.roa
Signing time:             Thu 05 Mar 2026 13:31:48 +0000
ROA not before:           Thu 05 Mar 2026 13:26:48 +0000
ROA not after:            Thu 04 Mar 2027 13:31:48 +0000
asID:                     398698
IP address blocks:        2a14:7583:5c00::/40 maxlen: 48
                          2a14:7583:5f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:d1:cc:af:1c:e0:f6:19:25:ab:c7:4e:c1:6e:22:b4:31:99:18:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Mar  5 13:26:48 2026 GMT
            Not After : Mar  4 13:31:48 2027 GMT
        Subject: CN=76F8EABF62C2805984225338CBAB8DD64A259963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:43:c3:0d:68:20:89:9e:75:e0:80:4e:5a:30:
                    e0:e8:07:63:60:18:82:01:dc:dd:0a:94:1a:8a:d7:
                    59:10:2a:25:29:f0:d5:5f:4f:80:d3:bd:0c:0f:07:
                    1c:a9:24:c7:1b:1f:d0:fd:44:08:1b:9a:f6:e4:ea:
                    90:29:4b:d2:7b:64:4a:55:2c:85:f9:aa:1e:86:4d:
                    38:55:27:24:5c:71:53:62:a2:cb:96:79:ed:47:1b:
                    c2:ae:45:b5:19:f6:dd:77:96:c5:60:53:7f:f5:b3:
                    65:52:7e:ba:e8:62:eb:4c:d5:24:d7:cd:dd:a8:4e:
                    9d:f2:57:6c:99:12:54:93:4c:d6:91:0f:3b:f3:58:
                    68:21:f7:8c:c9:89:ac:58:24:74:67:c9:b2:e3:4a:
                    a1:8d:ee:46:63:33:6b:46:28:17:97:ca:c9:96:31:
                    1f:fc:77:ef:fd:71:57:3e:0f:11:b0:f9:83:0f:c7:
                    fc:9d:a6:88:53:2b:d1:71:b6:dd:0d:63:e0:2d:9e:
                    d6:55:fb:5a:94:c3:5c:5f:83:51:37:8a:47:b0:e4:
                    d0:84:5b:6d:11:52:aa:84:b7:46:8e:81:54:ad:56:
                    d1:9e:d0:95:8d:25:24:e0:a8:1a:12:44:92:cf:0d:
                    7d:6a:d2:5c:e3:a7:58:3f:45:cd:c9:02:ea:68:34:
                    7e:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:F8:EA:BF:62:C2:80:59:84:22:53:38:CB:AB:8D:D6:4A:25:99:63
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS398698.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7583:5c00::/40
                  2a14:7583:5f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         71:da:44:68:ff:df:21:bf:b3:84:51:70:9a:da:df:16:aa:f3:
         1f:4c:ae:1e:b2:1b:da:51:8b:3d:55:15:64:f0:49:9a:5b:7d:
         b8:e4:04:9c:48:99:13:9f:3c:d1:ae:61:c0:9e:df:2e:c8:1d:
         91:aa:fd:f9:14:db:01:e8:89:13:64:ab:cb:af:c9:a1:cd:0d:
         c2:f3:a8:a4:f0:c1:c9:70:e0:9c:15:44:d3:d2:7e:9e:9a:90:
         9b:af:d5:7e:81:d5:c3:99:be:82:59:cf:20:d6:d6:2d:57:e7:
         76:fa:bf:be:63:a8:16:e6:b5:be:8a:94:1b:a6:26:57:72:0b:
         6b:d4:a8:54:9a:b8:d8:f2:76:fa:3e:6e:2b:97:7a:25:a3:d3:
         00:50:b9:51:4e:61:e1:a0:7e:bc:db:2e:59:55:d7:4c:1e:6d:
         3d:38:d3:96:18:c6:ba:fc:1e:05:50:1f:fb:c0:26:0b:3c:11:
         4c:86:8e:1c:93:06:08:c3:62:1c:e6:52:2c:94:a5:d5:7f:a5:
         24:e7:9d:c4:5b:6b:20:9b:b7:9b:bb:35:4d:be:0e:8d:0b:62:
         3a:00:d6:1c:b0:55:e9:a6:7c:6e:d4:d7:41:0f:43:e5:54:37:
         dd:c8:7a:5e:fc:69:9e:9b:74:6e:1c:d7:4a:5f:b4:52:18:0e:
         4d:44:0f:b8
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUG9HMrxzg9hklq8dOwW4itDGZGB4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNjAzMDUxMzI2NDhaFw0yNzAzMDQxMzMxNDhaMDMxMTAvBgNV
BAMTKDc2RjhFQUJGNjJDMjgwNTk4NDIyNTMzOENCQUI4REQ2NEEyNTk5NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpQ8MNaCCJnnXggE5aMODoB2Ng
GIIB3N0KlBqK11kQKiUp8NVfT4DTvQwPBxypJMcbH9D9RAgbmvbk6pApS9J7ZEpV
LIX5qh6GTThVJyRccVNiosuWee1HG8KuRbUZ9t13lsVgU3/1s2VSfrroYutM1STX
zd2oTp3yV2yZElSTTNaRDzvzWGgh94zJiaxYJHRnybLjSqGN7kZjM2tGKBeXysmW
MR/8d+/9cVc+DxGw+YMPx/ydpohTK9Fxtt0NY+AtntZV+1qUw1xfg1E3ikew5NCE
W20RUqqEt0aOgVStVtGe0JWNJSTgqBoSRJLPDX1q0lzjp1g/Rc3JAupoNH4NAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUdvjqv2LCgFmEIlM4y6uN1kolmWMwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMzk4Njk4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhR1
g1wDBgAqFHWDXzANBgkqhkiG9w0BAQsFAAOCAQEAcdpEaP/fIb+zhFFwmtrfFqrz
H0yuHrIb2lGLPVUVZPBJmlt9uOQEnEiZE5880a5hwJ7fLsgdkar9+RTbAeiJE2Sr
y6/Joc0NwvOopPDByXDgnBVE09J+npqQm6/VfoHVw5m+glnPINbWLVfndvq/vmOo
Fua1voqUG6YmV3ILa9SoVJq42PJ2+j5uK5d6JaPTAFC5UU5h4aB+vNsuWVXXTB5t
PTjTlhjGuvweBVAf+8AmCzwRTIaOHJMGCMNiHOZSLJSl1X+lJOedxFtrIJu3m7s1
Tb4OjQtiOgDWHLBV6aZ8btTXQQ9D5VQ33ch6Xvxpnpt0bhzXSl+0UhgOTUQPuA==
-----END CERTIFICATE-----