Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          lGFsibLndC/+ys0uZ31uwTZO0jvnKjl2GFgRq7tCjJo=
Subject key identifier:   DF:F4:23:1C:04:5F:8A:5C:20:F1:5B:FA:EB:4A:81:CE:7D:69:F9:C5
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       53E93937523DA0EBB6A15D9C553EAF755A373918
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
Signing time:             Tue 24 Feb 2026 10:12:24 +0000
ROA not before:           Tue 24 Feb 2026 10:07:24 +0000
ROA not after:            Tue 23 Feb 2027 10:12:24 +0000
asID:                     393942
IP address blocks:        82.29.95.0/24 maxlen: 24
                          178.83.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:e9:39:37:52:3d:a0:eb:b6:a1:5d:9c:55:3e:af:75:5a:37:39:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Feb 24 10:07:24 2026 GMT
            Not After : Feb 23 10:12:24 2027 GMT
        Subject: CN=DFF4231C045F8A5C20F15BFAEB4A81CE7D69F9C5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:33:45:2f:41:68:6b:55:0b:c6:35:1b:43:01:
                    1f:49:2f:c9:f0:0e:99:c3:4d:6c:89:8a:6f:67:69:
                    03:8d:35:42:04:42:68:79:26:3e:87:d9:09:35:7d:
                    63:cc:8b:fb:54:4c:69:08:7a:7c:39:be:cc:c5:c1:
                    37:f2:8e:a4:10:be:e9:a4:98:5a:a9:bb:ec:03:c2:
                    7b:2c:21:4b:60:34:49:cf:ae:02:61:74:39:d9:7d:
                    e4:f8:de:39:2f:aa:dc:eb:2b:72:d8:a9:c6:d5:e3:
                    57:78:be:ce:81:fe:7a:ad:0e:ed:12:59:a7:32:a0:
                    df:77:6f:ec:aa:de:61:b3:70:f9:de:d0:2e:05:5e:
                    dc:07:90:38:ab:f6:e9:7d:96:85:c5:57:c3:4a:79:
                    47:ca:19:3f:15:8a:29:50:22:4c:27:06:27:00:d8:
                    90:bc:57:22:91:2d:7d:f2:66:90:b3:f7:ec:42:b6:
                    24:97:13:9e:fb:87:57:30:28:04:20:c9:35:33:7d:
                    41:e3:9a:50:4a:c8:8c:b8:55:23:80:1b:49:23:69:
                    a2:b2:82:15:d6:33:a3:ae:b8:ce:db:17:6b:96:a3:
                    4e:a6:a3:87:fa:54:5f:06:49:24:d5:f0:c5:53:2d:
                    8b:90:b1:6a:61:2d:57:95:20:34:6d:df:4c:c3:6b:
                    7a:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:F4:23:1C:04:5F:8A:5C:20:F1:5B:FA:EB:4A:81:CE:7D:69:F9:C5
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.95.0/24
                  178.83.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:64:78:56:01:9e:6f:05:f3:2c:05:f0:78:05:d6:12:2c:4d:
         b0:e2:06:80:49:25:66:55:66:6b:1a:9b:78:97:2d:2a:9d:e2:
         5b:31:17:2f:31:11:3e:fc:84:ee:b9:4b:d6:f9:44:0a:23:1f:
         e0:a7:21:b9:dd:3e:b8:49:7f:1a:af:d7:db:45:05:86:a4:67:
         76:8a:bd:2e:2b:fb:40:8b:5a:56:b2:9c:a2:6e:0e:0e:73:f5:
         9f:a0:3c:a6:46:16:e4:64:51:70:01:f9:8c:e2:29:31:5f:1a:
         61:7f:7b:17:c2:dc:63:65:42:c6:20:9d:89:88:7d:f3:b1:37:
         39:9c:01:bd:54:61:51:e7:80:cb:2c:39:71:1e:96:7b:06:f5:
         07:63:fc:59:65:56:c5:09:bd:e4:24:ca:71:8d:cc:0a:61:3a:
         29:2c:65:ed:90:a9:10:c6:24:0b:f4:15:62:35:fc:3a:00:d0:
         b3:c0:9d:04:2c:1e:d2:5a:b9:49:77:64:6c:19:7c:c1:41:1b:
         c4:26:82:f9:ea:d1:69:5a:1f:70:af:34:ee:42:29:f4:97:34:
         85:a3:42:9a:c6:b1:4e:94:4a:13:56:23:24:72:92:ed:a1:f2:
         39:46:44:6d:49:36:0b:f4:e9:51:e9:0e:20:1e:e8:e4:3d:54:
         8a:9b:eb:39
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUU+k5N1I9oOu2oV2cVT6vdVo3ORgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAyMjQxMDA3MjRaFw0yNzAyMjMxMDEyMjRaMDMxMTAvBgNV
BAMTKERGRjQyMzFDMDQ1RjhBNUMyMEYxNUJGQUVCNEE4MUNFN0Q2OUY5QzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/M0UvQWhrVQvGNRtDAR9JL8nw
DpnDTWyJim9naQONNUIEQmh5Jj6H2Qk1fWPMi/tUTGkIenw5vszFwTfyjqQQvumk
mFqpu+wDwnssIUtgNEnPrgJhdDnZfeT43jkvqtzrK3LYqcbV41d4vs6B/nqtDu0S
WacyoN93b+yq3mGzcPne0C4FXtwHkDir9ul9loXFV8NKeUfKGT8ViilQIkwnBicA
2JC8VyKRLX3yZpCz9+xCtiSXE577h1cwKAQgyTUzfUHjmlBKyIy4VSOAG0kjaaKy
ghXWM6OuuM7bF2uWo06mo4f6VF8GSSTV8MVTLYuQsWphLVeVIDRt30zDa3ojAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU3/QjHARfilwg8Vv660qBzn1p+cUwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUh1f
AwQAslMnMA0GCSqGSIb3DQEBCwUAA4IBAQBUZHhWAZ5vBfMsBfB4BdYSLE2w4gaA
SSVmVWZrGpt4ly0qneJbMRcvMRE+/ITuuUvW+UQKIx/gpyG53T64SX8ar9fbRQWG
pGd2ir0uK/tAi1pWspyibg4Oc/WfoDymRhbkZFFwAfmM4ikxXxphf3sXwtxjZULG
IJ2JiH3zsTc5nAG9VGFR54DLLDlxHpZ7BvUHY/xZZVbFCb3kJMpxjcwKYTopLGXt
kKkQxiQL9BViNfw6ANCzwJ0ELB7SWrlJd2RsGXzBQRvEJoL56tFpWh9wrzTuQin0
lzSFo0KaxrFOlEoTViMkcpLtofI5RkRtSTYL9OlR6Q4gHujkPVSKm+s5
-----END CERTIFICATE-----