Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          ZVlNwE5gNQZuKXObJ3kb+3YMz7A/nT9ODn9iwq9EH7k=
Subject key identifier:   0C:85:EE:8D:F0:78:87:73:51:2E:1C:75:E7:CE:40:DC:42:D5:BF:7A
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       29E90C1250C8E91583CCD189000D87C014968667
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
Signing time:             Tue 09 Jun 2026 06:19:52 +0000
ROA not before:           Tue 09 Jun 2026 06:14:52 +0000
ROA not after:            Tue 08 Jun 2027 06:19:52 +0000
asID:                     393942
IP address blocks:        82.47.216.0/24 maxlen: 24
                          84.75.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 15:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:e9:0c:12:50:c8:e9:15:83:cc:d1:89:00:0d:87:c0:14:96:86:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  9 06:14:52 2026 GMT
            Not After : Jun  8 06:19:52 2027 GMT
        Subject: CN=0C85EE8DF0788773512E1C75E7CE40DC42D5BF7A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:08:6b:64:05:21:b9:2d:d2:e2:e6:4a:8a:
                    6d:7e:26:97:95:80:56:da:c1:54:2f:05:a7:17:72:
                    ab:13:3a:f5:fe:3b:a3:40:0f:1f:90:22:5a:84:a1:
                    03:0d:92:bb:47:a1:26:bf:31:31:d4:21:84:8d:a4:
                    ef:cc:ce:0f:4f:3e:5c:04:62:17:45:64:38:d4:d2:
                    5e:28:01:31:fe:a5:b2:0e:63:1e:a0:d0:d9:b7:9e:
                    fc:99:e0:e6:31:f0:fd:a8:b0:cf:63:ea:3a:a5:69:
                    8c:a1:53:60:f8:e2:d1:dd:58:c6:db:42:d6:12:ae:
                    1d:cc:24:91:1a:bf:c3:07:76:51:1a:3d:09:e7:19:
                    b9:e4:9d:eb:97:05:14:26:8c:0a:a5:cf:42:49:7f:
                    33:d0:18:ab:38:13:b1:33:a5:61:62:62:e7:f6:08:
                    cf:f6:5c:95:47:92:8b:2d:d3:0e:57:97:d7:90:97:
                    73:a2:cb:08:ff:4d:25:99:90:ae:d9:ca:f8:d0:42:
                    0a:d2:dc:c8:56:4b:6d:bb:cf:18:7f:72:52:e7:7e:
                    8b:7b:d3:d3:e5:78:98:c7:ac:33:e2:5a:8c:6a:44:
                    81:12:52:97:f7:cf:2a:4a:84:d5:c5:ab:2e:39:99:
                    cb:ae:7d:21:25:46:5f:ad:80:c3:d8:94:3a:b7:69:
                    ed:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:85:EE:8D:F0:78:87:73:51:2E:1C:75:E7:CE:40:DC:42:D5:BF:7A
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.216.0/24
                  84.75.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:c3:10:4e:82:e1:be:21:57:08:0c:f4:42:1f:87:d3:91:1f:
         80:91:f3:d7:5a:34:ed:51:aa:15:44:9f:67:50:ec:4f:9e:40:
         74:42:b2:cb:9e:29:33:c6:d3:a0:07:ec:63:29:87:2e:7f:52:
         33:f7:5d:f4:6f:cb:af:cb:9f:03:69:b1:0d:7f:41:83:bd:2e:
         9e:21:2b:f3:e3:52:68:8d:b3:17:03:5d:45:9a:fc:e8:33:a7:
         11:64:81:d0:e4:d0:be:c3:82:f2:03:44:a8:91:f4:35:d7:af:
         eb:cc:b6:55:4e:32:30:6f:f1:18:e1:1d:e5:46:2d:a2:c1:de:
         58:2e:01:9d:36:16:1e:c8:56:a8:43:f8:3c:b1:5c:b7:18:b9:
         d2:b6:14:5b:3f:70:79:96:3d:02:ad:bb:2f:bc:13:2c:1e:36:
         09:f1:7d:4e:3c:de:6b:2a:cb:65:a1:dd:73:d9:d5:fa:66:d2:
         42:0c:e1:91:f3:2d:57:0e:d4:6f:b2:52:f7:df:2b:0d:02:22:
         83:8f:90:74:3a:bc:ef:85:f9:d6:d4:fc:56:32:c2:29:02:e9:
         55:22:85:1b:b5:83:bf:e7:39:a1:49:99:a3:bc:3c:04:35:1d:
         9c:af:b8:eb:f3:27:cf:c1:02:28:6a:39:e5:70:0b:8c:09:f4:
         00:7a:56:7c
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKekMElDI6RWDzNGJAA2HwBSWhmcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDkwNjE0NTJaFw0yNzA2MDgwNjE5NTJaMDMxMTAvBgNV
BAMTKDBDODVFRThERjA3ODg3NzM1MTJFMUM3NUU3Q0U0MERDNDJENUJGN0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeMghrZAUhuS3S4uZKim1+JpeV
gFbawVQvBacXcqsTOvX+O6NADx+QIlqEoQMNkrtHoSa/MTHUIYSNpO/Mzg9PPlwE
YhdFZDjU0l4oATH+pbIOYx6g0Nm3nvyZ4OYx8P2osM9j6jqlaYyhU2D44tHdWMbb
QtYSrh3MJJEav8MHdlEaPQnnGbnkneuXBRQmjAqlz0JJfzPQGKs4E7EzpWFiYuf2
CM/2XJVHkost0w5Xl9eQl3Oiywj/TSWZkK7ZyvjQQgrS3MhWS227zxh/clLnfot7
09PleJjHrDPiWoxqRIESUpf3zypKhNXFqy45mcuufSElRl+tgMPYlDq3ae2pAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUDIXujfB4h3NRLhx1585A3ELVv3owHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUi/Y
AwQAVEsLMA0GCSqGSIb3DQEBCwUAA4IBAQBEwxBOguG+IVcIDPRCH4fTkR+AkfPX
WjTtUaoVRJ9nUOxPnkB0QrLLnikzxtOgB+xjKYcuf1Iz9130b8uvy58DabENf0GD
vS6eISvz41JojbMXA11FmvzoM6cRZIHQ5NC+w4LyA0SokfQ116/rzLZVTjIwb/EY
4R3lRi2iwd5YLgGdNhYeyFaoQ/g8sVy3GLnSthRbP3B5lj0CrbsvvBMsHjYJ8X1O
PN5rKstlod1z2dX6ZtJCDOGR8y1XDtRvslL33ysNAiKDj5B0OrzvhfnW1PxWMsIp
AulVIoUbtYO/5zmhSZmjvDwENR2cr7jr8yfPwQIoajnlcAuMCfQAelZ8
-----END CERTIFICATE-----