Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401243.roa
File:                     AS401243.roa (raw, json)
Hash identifier:          3lqNFszET2T8xcfpketTwSCChSMVnbuP9LN0jkrFQjQ=
Subject key identifier:   FB:73:8B:EA:67:FE:74:32:3F:3A:20:F1:A3:83:B4:A8:FD:5D:FB:85
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       293807252EFEC1710C36EF1F8FB340C2E20C9055
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401243.roa
Signing time:             Sat 23 May 2026 07:47:16 +0000
ROA not before:           Sat 23 May 2026 07:42:16 +0000
ROA not after:            Sat 22 May 2027 07:47:16 +0000
asID:                     401243
IP address blocks:        141.11.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:38:07:25:2e:fe:c1:71:0c:36:ef:1f:8f:b3:40:c2:e2:0c:90:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May 23 07:42:16 2026 GMT
            Not After : May 22 07:47:16 2027 GMT
        Subject: CN=FB738BEA67FE74323F3A20F1A383B4A8FD5DFB85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d4:35:ac:eb:94:7c:dc:2a:98:91:56:b5:07:
                    dc:3e:0a:70:71:6c:b6:07:c7:9f:a3:11:a2:a3:24:
                    ff:a4:64:27:eb:ed:99:3b:4d:94:b7:98:3f:e9:6f:
                    1d:1f:72:16:44:a6:e8:f1:c9:f1:ab:6b:b8:0c:0a:
                    a8:7d:66:7a:91:88:7e:bd:7b:1a:24:ee:9b:ae:03:
                    9d:17:1e:ca:89:24:19:57:8a:87:ee:bd:a8:39:f2:
                    a2:ca:2a:ae:68:a0:50:9c:f3:7a:f4:53:c2:8d:13:
                    e4:97:2e:18:cb:68:76:0c:63:6a:2b:25:02:c3:c4:
                    d3:68:9a:98:e2:95:f2:f9:e7:f0:3e:c1:24:61:9f:
                    83:d1:71:59:da:7e:3f:70:c5:86:d3:0c:16:05:94:
                    fe:1d:f0:44:eb:84:fc:49:38:f0:7d:14:ff:9b:82:
                    e6:60:d8:f1:26:84:a1:cf:ee:e5:12:3a:96:0e:b7:
                    ea:25:cf:ac:ad:27:d5:ef:81:d2:cb:11:89:b6:56:
                    cd:a3:e9:5f:c5:0f:73:75:de:73:2c:43:1c:e2:54:
                    1f:26:0a:8a:35:60:a8:7d:10:b2:c1:29:db:dc:41:
                    52:84:3c:62:f2:68:03:9d:98:5e:14:df:fb:c4:85:
                    52:06:35:e0:8d:dc:2f:a6:b7:24:51:f3:d8:a1:4b:
                    6d:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:73:8B:EA:67:FE:74:32:3F:3A:20:F1:A3:83:B4:A8:FD:5D:FB:85
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS401243.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:1a:52:98:00:7a:5f:7f:33:98:23:fc:c3:71:c4:bb:01:d1:
         cc:2a:98:05:79:89:51:6d:17:68:7e:bf:8d:14:90:ae:18:1c:
         ba:38:13:b3:53:1d:4f:a1:e7:71:2c:ce:a8:39:4b:31:5b:e9:
         a4:5d:c6:21:21:1d:2b:ec:c9:8d:2d:50:7c:8f:c6:9e:df:8d:
         2d:2e:17:15:ce:5b:77:8d:5c:1e:5a:b2:08:cb:90:8f:3f:b7:
         78:b9:8a:e3:c4:42:d8:40:f5:db:af:9d:56:5c:a6:23:f8:d5:
         37:4e:ac:0b:50:b9:2a:80:61:1a:d9:23:ca:36:2f:e4:40:0f:
         3d:cd:a1:8d:5b:06:38:98:e3:e8:7d:d6:1c:42:5a:81:4b:31:
         14:a6:90:8c:34:54:f3:d4:db:b6:93:1c:6f:5f:98:07:89:43:
         35:b2:4b:0a:54:32:21:07:3c:7c:7b:a9:56:72:d4:e6:25:58:
         8f:5b:0d:25:f8:b7:7b:b1:99:a6:dd:c0:fd:66:37:91:84:89:
         e2:0a:d0:d1:10:67:f1:bc:f8:d5:7f:96:3d:7d:d9:78:f0:68:
         2a:7d:0b:92:d3:5d:14:e8:0d:d3:cb:86:e1:4e:5f:42:ea:7d:
         e0:7b:40:53:cd:4b:66:d8:2c:ad:e8:cf:3d:98:1b:4f:23:1b:
         fe:c0:c5:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKTgHJS7+wXEMNu8fj7NAwuIMkFUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MjMwNzQyMTZaFw0yNzA1MjIwNzQ3MTZaMDMxMTAvBgNV
BAMTKEZCNzM4QkVBNjdGRTc0MzIzRjNBMjBGMUEzODNCNEE4RkQ1REZCODUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc1DWs65R83CqYkVa1B9w+CnBx
bLYHx5+jEaKjJP+kZCfr7Zk7TZS3mD/pbx0fchZEpujxyfGra7gMCqh9ZnqRiH69
exok7puuA50XHsqJJBlXiofuvag58qLKKq5ooFCc83r0U8KNE+SXLhjLaHYMY2or
JQLDxNNompjilfL55/A+wSRhn4PRcVnafj9wxYbTDBYFlP4d8ETrhPxJOPB9FP+b
guZg2PEmhKHP7uUSOpYOt+olz6ytJ9XvgdLLEYm2Vs2j6V/FD3N13nMsQxziVB8m
Coo1YKh9ELLBKdvcQVKEPGLyaAOdmF4U3/vEhVIGNeCN3C+mtyRR89ihS21ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+3OL6mf+dDI/OiDxo4O0qP1d+4UwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTNDAxMjQzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsu
MA0GCSqGSIb3DQEBCwUAA4IBAQAUGlKYAHpffzOYI/zDccS7AdHMKpgFeYlRbRdo
fr+NFJCuGBy6OBOzUx1PoedxLM6oOUsxW+mkXcYhIR0r7MmNLVB8j8ae340tLhcV
zlt3jVweWrIIy5CPP7d4uYrjxELYQPXbr51WXKYj+NU3TqwLULkqgGEa2SPKNi/k
QA89zaGNWwY4mOPofdYcQlqBSzEUppCMNFTz1Nu2kxxvX5gHiUM1sksKVDIhBzx8
e6lWctTmJViPWw0l+Ld7sZmm3cD9ZjeRhIniCtDREGfxvPjVf5Y9fdl48GgqfQuS
010U6A3Ty4bhTl9C6n3ge0BTzUtm2Cyt6M89mBtPIxv+wMXU
-----END CERTIFICATE-----