Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa
File:                     AS402215.roa (raw, json)
Hash identifier:          Je2aYzfvuQUFTcEW7d55+rlJBB3PYZYje3HdZVFKwcQ=
Subject key identifier:   68:A4:64:DB:34:A5:15:BF:75:B6:AE:16:C3:0E:01:90:D3:53:03:38
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       775CC0D036D92E8CC2F961B2D7384AF7ED51CAC8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa
Signing time:             Mon 20 Apr 2026 08:40:17 +0000
ROA not before:           Mon 20 Apr 2026 08:35:17 +0000
ROA not after:            Mon 19 Apr 2027 08:40:17 +0000
asID:                     402215
IP address blocks:        46.202.14.0/24 maxlen: 24
                          46.202.41.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            77:5c:c0:d0:36:d9:2e:8c:c2:f9:61:b2:d7:38:4a:f7:ed:51:ca:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 20 08:35:17 2026 GMT
            Not After : Apr 19 08:40:17 2027 GMT
        Subject: CN=68A464DB34A515BF75B6AE16C30E0190D3530338
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:14:b9:83:d1:1c:1b:1d:d7:4c:51:68:f6:38:
                    89:e3:77:dc:36:d9:de:fd:18:c7:a9:c2:ac:ae:c7:
                    1c:eb:75:91:f5:ed:db:78:47:17:16:a7:ca:ec:3e:
                    62:af:eb:3d:02:55:ad:12:2f:4c:0e:84:ec:08:01:
                    18:01:48:c3:74:64:9e:2b:f9:56:01:2a:08:b4:e2:
                    f4:f9:62:a4:04:e6:41:45:51:7a:64:e7:6c:ff:c6:
                    60:e9:cf:a7:8d:23:19:d4:57:8d:c5:f5:e2:0f:0a:
                    c2:11:43:29:5c:99:45:e6:73:7b:ff:0d:ec:f7:56:
                    7b:ec:70:38:ca:76:b2:69:5b:56:66:47:f7:3b:29:
                    f3:79:a3:a9:bd:69:1e:a2:90:33:72:5e:d5:8f:ee:
                    c9:9f:5e:5b:78:54:19:a6:ac:b3:3d:85:2b:c2:91:
                    84:5e:05:7c:a8:10:0e:4c:74:3a:34:9a:03:59:9f:
                    a9:0c:bd:0d:ed:b0:5c:7d:9b:bf:4f:8a:e1:30:32:
                    41:4a:10:f9:32:16:89:8c:ed:62:ff:ec:34:47:e3:
                    6c:2f:1e:1c:08:71:d5:8d:e9:b1:7c:ac:ac:1f:7a:
                    bd:cb:a2:b9:2a:6b:4e:52:42:90:d2:28:ef:39:49:
                    18:14:a7:b4:ed:95:25:78:4f:7d:e3:07:72:f5:1f:
                    68:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A4:64:DB:34:A5:15:BF:75:B6:AE:16:C3:0E:01:90:D3:53:03:38
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402215.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.14.0/24
                  46.202.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:d1:60:b9:1c:93:2f:55:84:9a:df:22:17:ce:f2:5f:66:be:
         7d:b6:77:e8:c0:a5:b1:bc:59:a9:95:c8:0c:4e:0e:1a:6d:ac:
         c8:b6:46:eb:d0:f5:94:be:6c:17:b8:90:4f:66:67:da:f7:e4:
         9e:03:35:c0:96:8a:93:51:41:dc:3b:e7:15:7b:6c:1f:10:42:
         2c:52:74:17:61:36:1f:d7:89:2e:d5:f8:2e:76:2a:f6:1a:fa:
         45:6e:5d:95:a7:45:3c:d0:a1:8d:e8:b5:c0:32:3f:4b:69:75:
         40:3d:1f:1a:fa:04:a7:00:16:79:55:e5:9f:51:4d:3c:68:46:
         64:4d:89:90:a3:fa:eb:a9:e4:84:9b:c6:82:fd:61:c3:ec:ab:
         1e:33:c6:f5:12:b2:61:9a:a4:26:43:a2:21:cc:2e:42:b2:03:
         e0:c1:0c:24:df:ee:f5:b3:18:5c:7b:f0:c2:36:16:1c:c5:ea:
         32:a2:23:f9:11:56:c1:c1:4d:03:29:7b:bc:03:90:66:db:b5:
         26:44:75:67:14:f6:e1:b3:a1:47:f6:e3:15:20:0e:a0:33:5f:
         f8:be:fa:4c:62:69:00:fc:1e:c6:a2:1e:20:68:b6:99:98:cc:
         da:9c:66:a0:ef:63:7a:49:ee:a4:05:2f:f6:23:56:40:30:9b:
         bf:0e:32:0c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUd1zA0DbZLozC+WGy1zhK9+1RysgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjAwODM1MTdaFw0yNzA0MTkwODQwMTdaMDMxMTAvBgNV
BAMTKDY4QTQ2NERCMzRBNTE1QkY3NUI2QUUxNkMzMEUwMTkwRDM1MzAzMzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIFLmD0RwbHddMUWj2OInjd9w2
2d79GMepwqyuxxzrdZH17dt4RxcWp8rsPmKv6z0CVa0SL0wOhOwIARgBSMN0ZJ4r
+VYBKgi04vT5YqQE5kFFUXpk52z/xmDpz6eNIxnUV43F9eIPCsIRQylcmUXmc3v/
Dez3VnvscDjKdrJpW1ZmR/c7KfN5o6m9aR6ikDNyXtWP7smfXlt4VBmmrLM9hSvC
kYReBXyoEA5MdDo0mgNZn6kMvQ3tsFx9m79PiuEwMkFKEPkyFomM7WL/7DRH42wv
HhwIcdWN6bF8rKwfer3Lorkqa05SQpDSKO85SRgUp7TtlSV4T33jB3L1H2jrAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUaKRk2zSlFb91tq4Www4BkNNTAzgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAyMjE1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALsoO
AwQALsopMA0GCSqGSIb3DQEBCwUAA4IBAQAJ0WC5HJMvVYSa3yIXzvJfZr59tnfo
wKWxvFmplcgMTg4abazItkbr0PWUvmwXuJBPZmfa9+SeAzXAloqTUUHcO+cVe2wf
EEIsUnQXYTYf14ku1fgudir2GvpFbl2Vp0U80KGN6LXAMj9LaXVAPR8a+gSnABZ5
VeWfUU08aEZkTYmQo/rrqeSEm8aC/WHD7KseM8b1ErJhmqQmQ6IhzC5CsgPgwQwk
3+71sxhce/DCNhYcxeoyoiP5EVbBwU0DKXu8A5Bm27UmRHVnFPbhs6FH9uMVIA6g
M1/4vvpMYmkA/B7Goh4gaLaZmMzanGag72N6Se6kBS/2I1ZAMJu/DjIM
-----END CERTIFICATE-----