Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS398465.roa
File:                     AS398465.roa (raw, json)
Hash identifier:          FBtiyEiaeOZ+oqfkZmElXHlIW86Z0+2GZn62rCppuOk=
Subject key identifier:   3A:D1:5E:DC:67:5C:E9:12:7B:D5:6E:5D:F4:FD:49:F4:8E:A5:DE:DC
Certificate issuer:       /CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
Certificate serial:       1CA7A5FD55D8A35DDA42748CD2F488134E5E9B4F
Authority key identifier: 6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS398465.roa
Signing time:             Wed 01 Apr 2026 10:03:13 +0000
ROA not before:           Wed 01 Apr 2026 09:58:13 +0000
ROA not after:            Wed 31 Mar 2027 10:03:13 +0000
asID:                     398465
IP address blocks:        147.125.250.0/24 maxlen: 24
                          147.125.251.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 10:07:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1c:a7:a5:fd:55:d8:a3:5d:da:42:74:8c:d2:f4:88:13:4e:5e:9b:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ccdc82bae7800f7d507c737924869bdeb5a76ea
        Validity
            Not Before: Apr  1 09:58:13 2026 GMT
            Not After : Mar 31 10:03:13 2027 GMT
        Subject: CN=3AD15EDC675CE9127BD56E5DF4FD49F48EA5DEDC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:9d:58:43:5e:b5:d3:65:26:2a:49:92:25:44:
                    f4:62:83:6a:34:e0:bd:9f:dd:b2:4c:48:c0:70:57:
                    42:b7:ef:7f:4d:8b:71:de:87:10:71:7f:f9:be:7d:
                    02:47:74:c9:11:3d:ee:98:82:7c:63:03:a6:fb:0d:
                    1f:fd:5b:d2:aa:4c:2c:91:7b:4b:e8:fe:a9:bd:ef:
                    0d:c4:21:a4:48:56:89:83:66:bf:30:16:83:56:2f:
                    c3:4e:c3:49:c2:78:97:89:d7:7e:aa:a3:f6:b6:5d:
                    d9:1b:0a:f6:3a:b7:fb:04:e2:12:46:60:97:40:40:
                    c4:90:bb:71:fd:06:2b:7d:11:aa:e7:b2:14:d1:d4:
                    9a:68:b8:db:71:9c:dd:14:f5:b2:fa:6c:12:e3:97:
                    ac:84:4e:02:0b:ee:02:e3:40:5d:7f:6b:e5:fa:e0:
                    c5:ce:c4:51:6f:fd:9f:19:62:5e:91:71:07:db:e9:
                    0d:c7:df:8e:2e:a4:10:70:5a:94:c1:cb:55:b5:1b:
                    0e:2f:9f:b9:45:3c:c2:e7:9f:33:32:ca:01:69:b3:
                    13:67:f2:62:7d:49:48:f9:91:1f:1d:c6:03:9a:d0:
                    64:4f:69:fe:08:43:55:8c:32:be:2b:1c:80:7e:1a:
                    8e:79:82:b2:3d:43:44:17:f6:a5:ca:44:6c:03:47:
                    a5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:D1:5E:DC:67:5C:E9:12:7B:D5:6E:5D:F4:FD:49:F4:8E:A5:DE:DC
            X509v3 Authority Key Identifier:
                keyid:6C:CD:C8:2B:AE:78:00:F7:D5:07:C7:37:92:48:69:BD:EB:5A:76:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/6CCDC82BAE7800F7D507C737924869BDEB5A76EA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bM3IK654APfVB8c3kkhpvetaduo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/ccd3884a-c385-4b65-9866-4f6383172672/0/AS398465.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.125.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         28:fa:13:b3:37:ed:5b:33:2c:e3:e2:cf:ee:87:ad:ed:b6:85:
         6c:84:d7:59:14:3a:b9:b8:12:31:cf:95:cc:92:13:e1:ee:0a:
         8e:1a:1c:0f:8d:e0:30:4d:3c:6a:c8:89:ff:98:5b:d1:05:ac:
         12:7a:62:e6:c5:a4:6d:1b:8a:61:37:ff:c5:88:b8:6e:6c:94:
         70:a6:34:14:e0:57:ab:bd:35:bf:d7:af:4f:03:d7:4a:70:8d:
         9e:91:5d:2e:99:a9:a4:23:cc:95:3d:90:24:70:e7:ad:41:ae:
         64:7d:79:8a:e0:52:6c:1f:d0:24:c6:0b:77:46:b7:e0:ff:3c:
         d5:b2:15:85:92:28:1b:27:fe:05:0a:7f:5b:a4:bc:3f:c1:a9:
         e7:81:e1:45:67:2f:22:33:c9:29:c6:af:22:9f:28:48:9a:f8:
         9f:e3:61:31:8d:ea:80:f4:d1:a7:92:61:f5:4e:ea:10:73:3b:
         5d:01:3a:be:c1:48:8c:2b:84:21:05:47:b0:20:39:c3:4e:34:
         81:43:4b:83:63:a6:48:46:57:40:f5:45:54:74:3f:f9:e5:05:
         62:57:d1:a3:58:32:c5:79:ff:4c:41:90:e9:5b:c0:df:52:c3:
         37:f9:54:27:fb:36:da:46:52:a0:bf:3c:3a:8b:4a:83:2f:cd:
         bc:60:36:53
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHKel/VXYo13aQnSM0vSIE05em08wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNmNjZGM4MmJhZTc4MDBmN2Q1MDdjNzM3OTI0ODY5YmRl
YjVhNzZlYTAeFw0yNjA0MDEwOTU4MTNaFw0yNzAzMzExMDAzMTNaMDMxMTAvBgNV
BAMTKDNBRDE1RURDNjc1Q0U5MTI3QkQ1NkU1REY0RkQ0OUY0OEVBNURFREMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEnVhDXrXTZSYqSZIlRPRig2o0
4L2f3bJMSMBwV0K3739Ni3HehxBxf/m+fQJHdMkRPe6YgnxjA6b7DR/9W9KqTCyR
e0vo/qm97w3EIaRIVomDZr8wFoNWL8NOw0nCeJeJ136qo/a2XdkbCvY6t/sE4hJG
YJdAQMSQu3H9Bit9EarnshTR1JpouNtxnN0U9bL6bBLjl6yETgIL7gLjQF1/a+X6
4MXOxFFv/Z8ZYl6RcQfb6Q3H344upBBwWpTBy1W1Gw4vn7lFPMLnnzMyygFpsxNn
8mJ9SUj5kR8dxgOa0GRPaf4IQ1WMMr4rHIB+Go55grI9Q0QX9qXKRGwDR6UpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUOtFe3Gdc6RJ71W5d9P1J9I6l3twwHwYDVR0j
BBgwFoAUbM3IK654APfVB8c3kkhpvetaduowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvY2NkMzg4NGEtYzM4NS00YjY1LTk4NjYtNGY2MzgzMTcy
NjcyLzAvNkNDREM4MkJBRTc4MDBGN0Q1MDdDNzM3OTI0ODY5QkRFQjVBNzZFQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2JNM0lLNjU0QVBmVkI4YzNra2hwdmV0
YWR1by5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2NjZDM4ODRhLWMzODUt
NGI2NS05ODY2LTRmNjM4MzE3MjY3Mi8wL0FTMzk4NDY1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBk336
MA0GCSqGSIb3DQEBCwUAA4IBAQAo+hOzN+1bMyzj4s/uh63ttoVshNdZFDq5uBIx
z5XMkhPh7gqOGhwPjeAwTTxqyIn/mFvRBawSemLmxaRtG4phN//FiLhubJRwpjQU
4FervTW/169PA9dKcI2ekV0umamkI8yVPZAkcOetQa5kfXmK4FJsH9Akxgt3Rrfg
/zzVshWFkigbJ/4FCn9bpLw/wanngeFFZy8iM8kpxq8inyhImvif42ExjeqA9NGn
kmH1TuoQcztdATq+wUiMK4QhBUewIDnDTjSBQ0uDY6ZIRldA9UVUdD/55QViV9Gj
WDLFef9MQZDpW8DfUsM3+VQn+zbaRlKgvzw6i0qDL828YDZT
-----END CERTIFICATE-----