Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          xQhnHN7PpcKsHmvXFEgwrBuuMgiBH0t1yaT/A2Rtg8A=
Subject key identifier:   62:7E:8E:6A:8F:90:6A:E2:2A:E5:CA:81:DE:D5:90:1D:FC:3B:6A:B7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       7BCB99BAF6B39BAC5EF554568B83345B26F85A4D
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa
Signing time:             Mon 25 May 2026 07:18:05 +0000
ROA not before:           Mon 25 May 2026 07:13:05 +0000
ROA not after:            Mon 24 May 2027 07:18:05 +0000
asID:                     402215
IP address blocks:        46.202.61.0/24 maxlen: 24
                          46.203.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 07:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7b:cb:99:ba:f6:b3:9b:ac:5e:f5:54:56:8b:83:34:5b:26:f8:5a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 25 07:13:05 2026 GMT
            Not After : May 24 07:18:05 2027 GMT
        Subject: CN=627E8E6A8F906AE22AE5CA81DED5901DFC3B6AB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:04:08:44:17:6e:6b:0a:52:a4:d2:90:68:e8:
                    d5:75:ca:ad:ce:af:44:be:a2:68:06:97:4f:cb:d5:
                    43:5a:54:6e:26:30:c4:3c:29:fe:f9:84:8c:65:b8:
                    76:32:b3:3b:8a:06:dd:e8:ad:6b:0a:b0:fa:d6:a9:
                    bb:2d:d0:f0:d5:2f:a5:f0:f9:1e:3e:4d:97:64:d8:
                    bc:bb:b7:7d:1f:df:29:8a:4b:72:a0:7c:d4:27:6f:
                    73:e5:a4:51:3d:97:fd:07:9e:5e:0e:20:51:86:d0:
                    96:c8:3e:55:b6:7b:07:11:76:f7:65:ec:7e:c1:21:
                    82:b9:ac:fa:4d:d2:d2:7f:dd:de:1e:36:77:44:1a:
                    a0:9c:ed:77:96:26:5d:9c:72:ee:38:e0:c4:1c:f8:
                    5c:ad:1e:fa:5e:98:d7:ca:5c:11:96:76:b7:e0:c5:
                    7b:e8:7c:65:ca:13:d5:0c:a8:f0:c1:dd:69:05:97:
                    bc:7b:7a:76:f0:da:df:de:d5:61:87:c4:3b:9f:a3:
                    28:87:e5:96:d5:02:ac:e6:a6:4d:df:0f:4b:c8:f2:
                    2a:9c:dc:ae:fb:58:22:cb:0c:58:1e:aa:47:be:c3:
                    28:a4:41:c0:af:6c:96:28:05:29:2f:3d:45:ef:2c:
                    db:df:a5:e1:dd:c6:f9:6e:0b:e2:07:05:04:c3:35:
                    2c:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7E:8E:6A:8F:90:6A:E2:2A:E5:CA:81:DE:D5:90:1D:FC:3B:6A:B7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.61.0/24
                  46.203.87.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:fd:84:02:20:dd:33:1a:cc:de:6d:12:6b:66:01:8d:1a:e2:
         41:53:df:7e:5d:e9:16:69:71:a3:cc:fe:e8:15:eb:97:a4:33:
         6a:53:90:7b:6d:ac:07:b9:c7:8c:5d:61:c1:56:1b:a2:ec:ed:
         ff:86:f8:43:01:82:15:8e:6f:54:66:a4:50:94:03:cb:fd:72:
         0d:e0:49:b2:25:5c:4d:ce:a5:31:ff:a5:fd:94:65:08:e2:b3:
         de:e3:cc:ba:42:2d:66:cc:cb:99:1d:bb:db:6f:32:8e:2a:ae:
         5f:88:3a:d4:80:ae:ba:20:e9:dc:bf:db:90:a6:f6:8c:c9:fd:
         c0:84:27:5b:62:0b:4d:0d:4e:72:4e:6f:f6:bb:66:75:a8:ff:
         7e:87:0a:2d:1d:f5:63:0d:76:44:bc:39:92:2e:07:96:ee:e8:
         24:f9:50:3d:fb:f4:03:9b:5d:1a:82:be:c4:a6:94:4f:10:10:
         76:f8:a8:db:ab:fa:a2:69:ce:c6:be:e1:56:88:df:ce:6e:93:
         48:16:6a:a2:30:fd:7d:2c:16:49:f6:0e:00:b2:73:99:42:da:
         ec:49:11:09:51:27:74:a6:1e:4a:f8:6c:40:36:80:f1:b4:29:
         fa:7b:96:6f:d2:e3:8f:90:a4:45:8f:72:aa:7d:40:96:95:0f:
         02:0c:3a:69
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUe8uZuvazm6xe9VRWi4M0Wyb4Wk0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjUwNzEzMDVaFw0yNzA1MjQwNzE4MDVaMDMxMTAvBgNV
BAMTKDYyN0U4RTZBOEY5MDZBRTIyQUU1Q0E4MURFRDU5MDFERkMzQjZBQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0BAhEF25rClKk0pBo6NV1yq3O
r0S+omgGl0/L1UNaVG4mMMQ8Kf75hIxluHYyszuKBt3orWsKsPrWqbst0PDVL6Xw
+R4+TZdk2Ly7t30f3ymKS3KgfNQnb3PlpFE9l/0Hnl4OIFGG0JbIPlW2ewcRdvdl
7H7BIYK5rPpN0tJ/3d4eNndEGqCc7XeWJl2ccu444MQc+FytHvpemNfKXBGWdrfg
xXvofGXKE9UMqPDB3WkFl7x7enbw2t/e1WGHxDufoyiH5ZbVAqzmpk3fD0vI8iqc
3K77WCLLDFgeqke+wyikQcCvbJYoBSkvPUXvLNvfpeHdxvluC+IHBQTDNSw/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUYn6Oao+QauIq5cqB3tWQHfw7arcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALso9
AwQALstXMA0GCSqGSIb3DQEBCwUAA4IBAQCB/YQCIN0zGszebRJrZgGNGuJBU99+
XekWaXGjzP7oFeuXpDNqU5B7bawHuceMXWHBVhui7O3/hvhDAYIVjm9UZqRQlAPL
/XIN4EmyJVxNzqUx/6X9lGUI4rPe48y6Qi1mzMuZHbvbbzKOKq5fiDrUgK66IOnc
v9uQpvaMyf3AhCdbYgtNDU5yTm/2u2Z1qP9+hwotHfVjDXZEvDmSLgeW7ugk+VA9
+/QDm10agr7EppRPEBB2+Kjbq/qiac7GvuFWiN/ObpNIFmqiMP19LBZJ9g4AsnOZ
QtrsSREJUSd0ph5K+GxANoDxtCn6e5Zv0uOPkKRFj3KqfUCWlQ8CDDpp
-----END CERTIFICATE-----