Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS399631.roa
File:                     AS399631.roa (raw, json)
Hash identifier:          6jG8Dg2Kx1IQRGBYLmckjjQqIlgw7X+bhO1XW6aFhqI=
Subject key identifier:   D5:87:5A:E8:C4:2D:F8:B3:B4:77:01:E5:C1:E3:34:CA:74:F3:DA:56
Certificate issuer:       /CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
Certificate serial:       382518D6A5BDD7A62EC5B043B3FC1E054EA17DAC
Authority key identifier: 0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS399631.roa
Signing time:             Thu 18 Jun 2026 06:23:11 +0000
ROA not before:           Thu 18 Jun 2026 06:18:11 +0000
ROA not after:            Thu 17 Jun 2027 06:23:11 +0000
asID:                     399631
IP address blocks:        51.146.20.0/24 maxlen: 24
                          51.241.19.0/24 maxlen: 24
                          51.241.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 13:58:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:25:18:d6:a5:bd:d7:a6:2e:c5:b0:43:b3:fc:1e:05:4e:a1:7d:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e20ccf5083a63b9f5887e3ea39d04e2d62b3da5
        Validity
            Not Before: Jun 18 06:18:11 2026 GMT
            Not After : Jun 17 06:23:11 2027 GMT
        Subject: CN=D5875AE8C42DF8B3B47701E5C1E334CA74F3DA56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:f3:99:30:74:8f:8f:8c:e1:9d:8b:66:4d:11:
                    41:86:be:3e:f4:97:59:61:73:e8:c1:cf:5f:9a:9b:
                    c7:94:a3:e8:46:c9:da:5e:d6:26:c2:89:60:5c:bb:
                    d0:89:ef:93:c8:e2:03:01:13:bc:08:3f:e0:1d:ea:
                    4f:c7:42:19:cc:d9:d6:31:02:93:48:03:d3:50:e0:
                    60:92:f5:97:ed:8e:05:0d:e7:40:08:ff:e4:3f:30:
                    62:47:ba:5c:25:08:5f:70:a0:f3:47:e9:9d:90:6b:
                    60:64:1b:5a:4e:08:ff:25:08:5d:00:0f:dd:c8:01:
                    cd:7f:1f:44:ea:b9:b7:52:8c:66:9e:e0:49:ed:fb:
                    c5:cb:6b:60:23:6b:aa:55:0e:35:1e:66:f0:a3:ac:
                    9f:d6:35:25:77:b3:dc:e1:18:59:ee:18:d3:04:df:
                    1f:18:cd:5e:f8:d8:a7:b9:94:96:b7:48:d3:f9:1c:
                    79:d2:65:ba:c4:f7:29:27:b9:09:21:cf:29:ff:a7:
                    f8:e4:01:63:1d:90:24:dd:96:4d:97:75:08:40:26:
                    fe:21:74:d5:8d:50:cd:f1:c1:6f:f6:43:f1:0a:34:
                    95:12:53:e4:6d:34:21:a3:9f:9b:b0:3c:01:ff:36:
                    4e:48:4c:bb:ee:b8:46:56:99:38:77:5c:d0:19:85:
                    6c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:87:5A:E8:C4:2D:F8:B3:B4:77:01:E5:C1:E3:34:CA:74:F3:DA:56
            X509v3 Authority Key Identifier:
                keyid:0E:20:CC:F5:08:3A:63:B9:F5:88:7E:3E:A3:9D:04:E2:D6:2B:3D:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/0E20CCF5083A63B9F5887E3EA39D04E2D62B3DA5.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DiDM9Qg6Y7n1iH4-o50E4tYrPaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/96e4ac86-1803-494d-8a7b-c051a6310752/0/AS399631.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  51.146.20.0/24
                  51.241.19.0/24
                  51.241.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ed:ed:00:23:07:38:cf:04:e1:f5:34:67:b5:9b:93:53:1a:
         f2:32:0b:a8:f7:ed:1d:28:c7:78:c0:e2:42:5c:38:85:90:9c:
         d6:a1:b0:32:2b:f6:a4:61:7e:d7:5c:db:46:99:8e:0c:a1:9d:
         1e:68:ce:da:22:ee:a4:08:d1:ef:a5:de:17:62:2e:e2:82:39:
         dd:7d:25:96:e2:50:01:25:9e:93:9b:c5:41:10:5e:77:27:2d:
         85:91:95:9e:c3:a5:c3:a6:2c:24:52:e4:45:90:06:ef:be:1b:
         49:98:af:ff:c1:c0:2b:b8:10:31:1b:66:d2:2a:24:ce:ef:ea:
         ec:89:cf:54:07:cb:02:47:47:b3:83:f1:16:f6:3c:a2:57:6c:
         07:d9:98:74:e2:22:3f:71:69:94:c8:62:ad:fa:50:32:b5:f5:
         59:f8:b8:90:c8:b7:0a:7b:eb:ff:10:c6:5b:93:e4:70:a8:65:
         fe:0a:ed:10:7d:22:a2:91:fd:c4:e8:5c:9e:a9:89:3a:83:85:
         a6:9c:4b:31:59:27:f4:aa:71:15:4c:6b:32:44:00:00:3e:ea:
         43:d6:fc:ae:e3:72:ee:66:cd:5e:53:b3:2d:9a:b6:57:2a:88:
         f1:01:8b:b9:2d:b7:de:10:ca:9a:eb:29:5c:32:8a:49:a1:99:
         ba:c1:cb:f0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUOCUY1qW916YuxbBDs/weBU6hfawwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMGUyMGNjZjUwODNhNjNiOWY1ODg3ZTNlYTM5ZDA0ZTJk
NjJiM2RhNTAeFw0yNjA2MTgwNjE4MTFaFw0yNzA2MTcwNjIzMTFaMDMxMTAvBgNV
BAMTKEQ1ODc1QUU4QzQyREY4QjNCNDc3MDFFNUMxRTMzNENBNzRGM0RBNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQ85kwdI+PjOGdi2ZNEUGGvj70
l1lhc+jBz1+am8eUo+hGydpe1ibCiWBcu9CJ75PI4gMBE7wIP+Ad6k/HQhnM2dYx
ApNIA9NQ4GCS9ZftjgUN50AI/+Q/MGJHulwlCF9woPNH6Z2Qa2BkG1pOCP8lCF0A
D93IAc1/H0TqubdSjGae4Ent+8XLa2Aja6pVDjUeZvCjrJ/WNSV3s9zhGFnuGNME
3x8YzV742Ke5lJa3SNP5HHnSZbrE9yknuQkhzyn/p/jkAWMdkCTdlk2XdQhAJv4h
dNWNUM3xwW/2Q/EKNJUSU+RtNCGjn5uwPAH/Nk5ITLvuuEZWmTh3XNAZhWyFAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQU1Yda6MQt+LO0dwHlweM0ynTz2lYwHwYDVR0j
BBgwFoAUDiDM9Qg6Y7n1iH4+o50E4tYrPaUwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOTZlNGFjODYtMTgwMy00OTRkLThhN2ItYzA1MWE2MzEw
NzUyLzAvMEUyMENDRjUwODNBNjNCOUY1ODg3RTNFQTM5RDA0RTJENjJCM0RBNS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0RpRE05UWc2WTduMWlINC1vNTBFNHRZ
clBhVS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzk2ZTRhYzg2LTE4MDMt
NDk0ZC04YTdiLWMwNTFhNjMxMDc1Mi8wL0FTMzk5NjMxLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAM5IU
AwQAM/ETAwQAM/FcMA0GCSqGSIb3DQEBCwUAA4IBAQB/7e0AIwc4zwTh9TRntZuT
UxryMguo9+0dKMd4wOJCXDiFkJzWobAyK/akYX7XXNtGmY4MoZ0eaM7aIu6kCNHv
pd4XYi7igjndfSWW4lABJZ6Tm8VBEF53Jy2FkZWew6XDpiwkUuRFkAbvvhtJmK//
wcAruBAxG2bSKiTO7+rsic9UB8sCR0ezg/EW9jyiV2wH2Zh04iI/cWmUyGKt+lAy
tfVZ+LiQyLcKe+v/EMZbk+RwqGX+Cu0QfSKikf3E6FyeqYk6g4WmnEsxWSf0qnEV
TGsyRAAAPupD1vyu43LuZs1eU7MtmrZXKojxAYu5LbfeEMqa6ylcMopJoZm6wcvw
-----END CERTIFICATE-----