Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          DyxhaRUkfO140r5Y/i3IlOU2Qi5FduoBzXVelFgv7Tk=
Subject key identifier:   64:92:D8:C7:90:0C:57:01:F3:02:ED:36:91:DE:77:39:30:21:84:07
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2710358D9897669FEDE11CEFD176CA330A52AD57
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
Signing time:             Mon 02 Mar 2026 00:00:19 +0000
ROA not before:           Sun 01 Mar 2026 23:55:19 +0000
ROA not after:            Mon 01 Mar 2027 00:00:19 +0000
asID:                     395374
IP address blocks:        143.14.255.0/24 maxlen: 24
                          162.141.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:10:35:8d:98:97:66:9f:ed:e1:1c:ef:d1:76:ca:33:0a:52:ad:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar  1 23:55:19 2026 GMT
            Not After : Mar  1 00:00:19 2027 GMT
        Subject: CN=6492D8C7900C5701F302ED3691DE773930218407
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e2:ba:84:6e:48:37:29:c1:be:79:47:77:21:
                    b4:0a:88:4d:6c:91:07:cc:42:c1:28:3d:00:28:be:
                    9f:18:5b:b8:74:2b:e8:16:2e:ad:d7:10:16:b0:e6:
                    9c:99:f7:7c:9d:7b:f2:ac:2e:66:06:aa:cc:e5:d7:
                    bd:82:dc:90:c4:6c:f3:50:77:06:49:fd:45:fb:16:
                    d3:2f:8d:6a:2a:bc:46:ad:91:c1:98:a7:de:ea:e2:
                    df:4b:ed:4b:c5:11:00:33:b0:b3:29:fa:ab:15:d8:
                    51:52:ac:65:a1:6b:ec:1c:8a:66:84:1a:b9:7f:d3:
                    c4:74:16:86:4f:a7:81:dc:ce:b7:07:6c:14:cf:bd:
                    e8:1b:a2:8e:8d:1d:a8:c6:a6:82:ce:32:a3:65:ac:
                    e3:4c:d4:6f:25:4c:f4:08:9c:b5:76:b0:89:d3:3c:
                    fb:f1:ff:5f:fc:d3:1f:9e:62:8e:ff:03:08:b3:75:
                    6f:73:c2:c5:cf:8c:eb:3e:b6:67:96:fe:27:bc:b8:
                    9d:ec:7f:2f:bc:d1:62:c9:df:64:4e:13:98:44:9f:
                    b9:f7:3f:1e:c7:47:bc:a7:10:dd:9c:8f:e2:7a:cd:
                    6f:e7:a9:bc:e7:5b:03:13:6c:68:53:e5:3d:d9:d3:
                    63:ce:d0:85:33:4a:ef:9a:bd:1c:a5:18:09:29:bf:
                    18:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:92:D8:C7:90:0C:57:01:F3:02:ED:36:91:DE:77:39:30:21:84:07
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.255.0/24
                  162.141.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:27:1d:89:4b:51:60:ae:06:db:47:1b:bd:0e:35:7d:35:76:
         eb:b3:81:5a:2f:cc:d6:a0:e6:dc:01:99:6b:60:be:d3:fd:ad:
         9a:1a:07:12:62:8b:11:df:93:1d:86:61:1e:07:e9:3a:56:a6:
         19:31:67:ca:24:53:27:39:2b:cd:78:a1:4b:04:24:cd:0b:9f:
         ef:9c:9b:89:e8:e1:05:55:45:8d:21:04:18:83:ee:91:9e:10:
         c6:85:79:7f:f3:6f:ff:13:69:b4:29:22:28:76:a8:19:55:6b:
         ce:85:58:43:8c:c1:7d:f7:43:39:3f:f3:9b:0a:9b:76:86:1c:
         bb:9c:80:5d:ae:b1:d9:b0:b0:dc:1e:39:3f:d7:91:e2:a5:27:
         60:b7:3d:04:c9:d5:27:22:39:e7:9f:f9:25:63:3d:f1:a5:06:
         a1:09:2e:95:46:df:2d:2e:1d:5e:71:f5:66:58:90:47:b8:0d:
         84:0d:1b:32:e9:5d:d9:c2:9e:af:1c:c9:64:51:fc:50:ea:a9:
         6b:6c:e1:c4:70:66:dd:22:a8:b4:02:82:2e:f5:bd:a1:ff:4d:
         0d:b3:0b:58:42:a7:f1:3e:05:83:0f:7c:e8:e3:be:fc:22:5e:
         1c:b4:6f:8c:8c:39:79:d8:4a:88:5f:f5:12:5f:b7:6d:41:71:
         91:b6:bb:d5
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJxA1jZiXZp/t4Rzv0XbKMwpSrVcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMDEyMzU1MTlaFw0yNzAzMDEwMDAwMTlaMDMxMTAvBgNV
BAMTKDY0OTJEOEM3OTAwQzU3MDFGMzAyRUQzNjkxREU3NzM5MzAyMTg0MDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC04rqEbkg3KcG+eUd3IbQKiE1s
kQfMQsEoPQAovp8YW7h0K+gWLq3XEBaw5pyZ93yde/KsLmYGqszl172C3JDEbPNQ
dwZJ/UX7FtMvjWoqvEatkcGYp97q4t9L7UvFEQAzsLMp+qsV2FFSrGWha+wcimaE
Grl/08R0FoZPp4HczrcHbBTPvegboo6NHajGpoLOMqNlrONM1G8lTPQInLV2sInT
PPvx/1/80x+eYo7/AwizdW9zwsXPjOs+tmeW/ie8uJ3sfy+80WLJ32ROE5hEn7n3
Px7HR7ynEN2cj+J6zW/nqbznWwMTbGhT5T3Z02PO0IUzSu+avRylGAkpvxgBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUZJLYx5AMVwHzAu02kd53OTAhhAcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAjw7/
AwQAoo13MA0GCSqGSIb3DQEBCwUAA4IBAQBZJx2JS1FgrgbbRxu9DjV9NXbrs4Fa
L8zWoObcAZlrYL7T/a2aGgcSYosR35MdhmEeB+k6VqYZMWfKJFMnOSvNeKFLBCTN
C5/vnJuJ6OEFVUWNIQQYg+6RnhDGhXl/82//E2m0KSIodqgZVWvOhVhDjMF990M5
P/ObCpt2hhy7nIBdrrHZsLDcHjk/15HipSdgtz0EydUnIjnnn/klYz3xpQahCS6V
Rt8tLh1ecfVmWJBHuA2EDRsy6V3Zwp6vHMlkUfxQ6qlrbOHEcGbdIqi0AoIu9b2h
/00NswtYQqfxPgWDD3zo4778Il4ctG+MjDl52EqIX/USX7dtQXGRtrvV
-----END CERTIFICATE-----