Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402047.roa
File:                     AS402047.roa (raw, json)
Hash identifier:          NsUYMHxPaTvakTds8hjBG6Uv6Nqyjb3FGpMnytD++7E=
Subject key identifier:   8A:1D:E0:2C:04:41:81:94:AB:46:A2:B1:46:6A:C2:79:61:5A:D7:F0
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4C03D1FB9C6A3F4E9380AD73A7AD760FFCC251DC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402047.roa
Signing time:             Thu 02 Apr 2026 08:44:53 +0000
ROA not before:           Thu 02 Apr 2026 08:39:53 +0000
ROA not after:            Thu 01 Apr 2027 08:44:53 +0000
asID:                     402047
IP address blocks:        178.92.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 Apr 2026 14:19:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:03:d1:fb:9c:6a:3f:4e:93:80:ad:73:a7:ad:76:0f:fc:c2:51:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr  2 08:39:53 2026 GMT
            Not After : Apr  1 08:44:53 2027 GMT
        Subject: CN=8A1DE02C04418194AB46A2B1466AC279615AD7F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:e7:c8:77:d3:72:16:05:6f:3f:9b:15:bc:3e:
                    f9:ab:93:92:7b:4c:18:1d:dc:23:1a:ab:85:51:52:
                    56:e4:87:be:e8:4b:d0:2e:27:93:38:06:fb:aa:e4:
                    7d:ba:65:76:e4:0c:82:8b:44:54:c2:5a:f5:3d:e3:
                    05:ef:db:36:28:6f:df:f1:9d:5d:7a:52:27:ae:aa:
                    28:76:ac:6a:ac:45:2d:93:ec:3e:cd:05:17:e1:b8:
                    06:70:45:5d:3e:9d:35:b2:6b:4a:bd:2d:4d:12:5c:
                    28:75:9e:18:87:6e:7a:3e:c8:18:16:87:de:fb:a5:
                    5c:11:ba:06:a2:01:f7:44:a5:ef:25:2e:bb:6d:f7:
                    47:a8:e4:aa:2d:83:bc:3c:29:ee:9d:dc:9a:c7:d7:
                    2a:86:30:41:f7:0a:53:11:97:87:4d:8b:ff:b1:e5:
                    74:74:2c:dc:4e:d3:2c:54:f6:77:00:f9:5e:7b:97:
                    5e:3b:e7:0a:f4:88:95:c1:6b:fb:88:ba:3d:26:90:
                    bf:56:e7:48:a7:3e:7f:75:67:d2:31:76:62:46:9a:
                    47:61:d9:d7:61:93:59:00:f3:74:72:4f:bc:20:48:
                    41:8f:e5:b3:92:28:d4:71:06:06:4c:fa:3a:e0:ba:
                    ce:63:53:d7:08:e0:2e:a9:6c:85:4b:a3:f4:84:e5:
                    f3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:1D:E0:2C:04:41:81:94:AB:46:A2:B1:46:6A:C2:79:61:5A:D7:F0
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402047.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:52:ae:97:4c:00:83:a9:ca:6b:6f:3d:cb:64:df:9e:75:cd:
         b8:b9:ac:3c:b7:0f:45:b0:25:de:1e:a1:89:76:12:2f:f9:f3:
         d2:22:5d:80:5d:bf:dc:97:90:82:f1:93:1a:ad:c3:6e:83:be:
         83:47:1d:6a:6a:83:13:66:35:f5:58:c3:f5:98:ae:f4:cd:f8:
         d6:41:c6:02:31:24:39:49:7f:38:3e:39:7c:99:d0:49:50:de:
         45:2d:d2:41:72:ee:a3:e8:ef:f2:7f:b4:1d:59:47:61:e7:29:
         a7:1c:76:56:1d:1c:05:44:5c:a1:e6:a9:ed:52:64:57:83:ef:
         28:bd:24:a8:e4:c2:95:63:d4:b6:8c:fe:98:6b:c5:b7:51:33:
         b6:93:1c:89:dd:b7:b1:52:dd:88:c0:5f:85:ed:e3:fa:7b:f4:
         e2:09:8a:7d:52:47:78:66:8a:79:94:86:34:50:6a:68:df:9b:
         68:a2:07:b4:7a:f9:c8:52:a5:bb:0f:69:ed:d7:47:e4:ef:76:
         3d:f7:b9:c4:c8:3d:c7:09:5d:e1:f3:56:b6:1d:2f:9e:40:6c:
         4b:d2:0b:60:60:81:38:c6:7f:4b:3f:3d:66:f5:55:9e:0d:81:
         36:37:c8:a9:00:1e:11:05:00:b1:ac:25:cf:32:e7:67:74:22:
         ed:0d:ad:8d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTAPR+5xqP06TgK1zp612D/zCUdwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MDIwODM5NTNaFw0yNzA0MDEwODQ0NTNaMDMxMTAvBgNV
BAMTKDhBMURFMDJDMDQ0MTgxOTRBQjQ2QTJCMTQ2NkFDMjc5NjE1QUQ3RjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb58h303IWBW8/mxW8Pvmrk5J7
TBgd3CMaq4VRUlbkh77oS9AuJ5M4Bvuq5H26ZXbkDIKLRFTCWvU94wXv2zYob9/x
nV16Uieuqih2rGqsRS2T7D7NBRfhuAZwRV0+nTWya0q9LU0SXCh1nhiHbno+yBgW
h977pVwRugaiAfdEpe8lLrtt90eo5Kotg7w8Ke6d3JrH1yqGMEH3ClMRl4dNi/+x
5XR0LNxO0yxU9ncA+V57l1475wr0iJXBa/uIuj0mkL9W50inPn91Z9IxdmJGmkdh
2ddhk1kA83RyT7wgSEGP5bOSKNRxBgZM+jrgus5jU9cI4C6pbIVLo/SE5fPJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUih3gLARBgZSrRqKxRmrCeWFa1/AwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAyMDQ3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslwo
MA0GCSqGSIb3DQEBCwUAA4IBAQCdUq6XTACDqcprbz3LZN+edc24uaw8tw9FsCXe
HqGJdhIv+fPSIl2AXb/cl5CC8ZMarcNug76DRx1qaoMTZjX1WMP1mK70zfjWQcYC
MSQ5SX84Pjl8mdBJUN5FLdJBcu6j6O/yf7QdWUdh5ymnHHZWHRwFRFyh5qntUmRX
g+8ovSSo5MKVY9S2jP6Ya8W3UTO2kxyJ3bexUt2IwF+F7eP6e/TiCYp9Ukd4Zop5
lIY0UGpo35tooge0evnIUqW7D2nt10fk73Y997nEyD3HCV3h81a2HS+eQGxL0gtg
YIE4xn9LPz1m9VWeDYE2N8ipAB4RBQCxrCXPMudndCLtDa2N
-----END CERTIFICATE-----