Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393406.roa
File:                     AS393406.roa (raw, json)
Hash identifier:          DCDMRw0Jqcj3IyAgJUh3ucKfF55TO/YC8mNV6s8GGfM=
Subject key identifier:   49:2F:99:EF:B9:8F:BA:A1:B1:40:F7:13:96:4A:9A:EA:1C:6B:4C:41
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       33D4F1124446CFB3889D0B89B84A6A2B2729CD7C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393406.roa
Signing time:             Wed 11 Feb 2026 19:29:12 +0000
ROA not before:           Wed 11 Feb 2026 19:24:12 +0000
ROA not after:            Wed 10 Feb 2027 19:29:12 +0000
asID:                     393406
IP address blocks:        193.111.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:19:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:d4:f1:12:44:46:cf:b3:88:9d:0b:89:b8:4a:6a:2b:27:29:cd:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 11 19:24:12 2026 GMT
            Not After : Feb 10 19:29:12 2027 GMT
        Subject: CN=492F99EFB98FBAA1B140F713964A9AEA1C6B4C41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:c3:e8:17:59:ef:8e:ac:4e:d4:65:51:75:
                    55:16:38:07:27:2e:35:aa:72:68:7d:22:a2:03:35:
                    c2:e3:4f:25:fc:78:c1:14:84:57:6c:fc:a6:2a:dc:
                    54:7c:43:19:ed:e4:f8:7e:f1:7d:9f:25:75:18:a2:
                    71:d8:eb:7b:79:b3:3b:77:a7:05:6e:70:85:25:7a:
                    3a:97:39:46:1c:64:7a:3f:e6:57:4f:bf:0c:81:6f:
                    af:a4:5b:31:65:07:d9:8a:d2:2f:6b:ce:8e:88:f5:
                    f3:51:e6:a4:cf:56:d8:73:cd:ad:f3:c0:44:7c:d2:
                    48:45:02:29:16:1a:f4:78:36:11:d8:8f:c2:e8:db:
                    11:cb:76:e5:bf:87:e7:d1:07:5c:af:74:d7:32:49:
                    3c:46:33:b6:f8:52:55:bc:0d:95:a9:58:5d:6f:a2:
                    7e:0d:e9:ab:36:9d:92:ec:2f:2c:02:81:94:e4:3f:
                    2e:c0:0d:e0:63:b2:f1:4d:d5:c1:88:50:85:72:fe:
                    12:8a:c7:78:ff:40:25:9b:51:5f:3f:30:35:2f:74:
                    bf:d2:fa:d6:6c:65:bd:5d:78:5b:38:6f:ac:36:ee:
                    23:4f:2f:1c:86:33:7f:b7:3b:c0:d9:fa:a1:4d:a8:
                    a2:26:e9:c0:4d:02:79:1c:77:92:4c:41:8f:6b:b2:
                    ea:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:2F:99:EF:B9:8F:BA:A1:B1:40:F7:13:96:4A:9A:EA:1C:6B:4C:41
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS393406.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.111.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:dc:59:c2:e1:1f:1d:0e:a6:0e:c4:ce:dc:64:35:5b:c9:55:
         d9:c3:11:1c:e4:4f:5b:c3:25:cd:cf:5d:33:21:d9:f6:33:b3:
         c8:82:34:d3:6e:ff:8f:f6:2b:92:ae:c1:89:99:76:b2:df:9a:
         8d:0d:49:cd:12:3f:e5:cf:88:3f:79:13:31:25:12:54:d6:2a:
         bd:03:1a:0a:ae:69:bb:e0:c6:8c:5b:0d:0e:a7:f2:0b:77:0b:
         5f:03:67:cc:e5:6f:22:b3:20:56:d9:be:86:a6:85:85:51:79:
         f0:8b:d0:a1:ab:4e:8b:4c:48:ee:27:4f:1b:89:0d:3a:a3:95:
         94:48:82:0b:f9:60:64:5e:da:f9:49:40:1c:7f:05:10:20:ac:
         a3:ad:82:bd:45:dc:6b:a6:79:61:6d:78:ac:b5:bf:d5:29:58:
         a3:5d:e2:81:b6:f9:4d:20:2d:d7:8a:76:ee:20:26:47:6c:86:
         71:fd:da:67:3c:42:d6:0f:92:d1:9f:a3:e3:0b:64:53:eb:bc:
         f0:f6:fe:1e:50:35:31:dd:d0:bf:6d:e6:74:f9:7a:6f:6f:5b:
         cb:d1:6e:f6:91:70:2b:1a:ed:e9:7c:4c:b0:08:11:e4:c8:67:
         c3:63:a6:02:81:15:d9:bf:d0:ea:55:4d:88:b8:37:0e:d6:e8:
         95:6a:d0:6f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUM9TxEkRGz7OInQuJuEpqKycpzXwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMTExOTI0MTJaFw0yNzAyMTAxOTI5MTJaMDMxMTAvBgNV
BAMTKDQ5MkY5OUVGQjk4RkJBQTFCMTQwRjcxMzk2NEE5QUVBMUM2QjRDNDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUJcPoF1nvjqxO1GVRdVUWOAcn
LjWqcmh9IqIDNcLjTyX8eMEUhFds/KYq3FR8Qxnt5Ph+8X2fJXUYonHY63t5szt3
pwVucIUlejqXOUYcZHo/5ldPvwyBb6+kWzFlB9mK0i9rzo6I9fNR5qTPVthzza3z
wER80khFAikWGvR4NhHYj8Lo2xHLduW/h+fRB1yvdNcySTxGM7b4UlW8DZWpWF1v
on4N6as2nZLsLywCgZTkPy7ADeBjsvFN1cGIUIVy/hKKx3j/QCWbUV8/MDUvdL/S
+tZsZb1deFs4b6w27iNPLxyGM3+3O8DZ+qFNqKIm6cBNAnkcd5JMQY9rsurrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUSS+Z77mPuqGxQPcTlkqa6hxrTEEwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzkzNDA2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW98
MA0GCSqGSIb3DQEBCwUAA4IBAQCV3FnC4R8dDqYOxM7cZDVbyVXZwxEc5E9bwyXN
z10zIdn2M7PIgjTTbv+P9iuSrsGJmXay35qNDUnNEj/lz4g/eRMxJRJU1iq9AxoK
rmm74MaMWw0Op/ILdwtfA2fM5W8isyBW2b6GpoWFUXnwi9Chq06LTEjuJ08biQ06
o5WUSIIL+WBkXtr5SUAcfwUQIKyjrYK9RdxrpnlhbXistb/VKVijXeKBtvlNIC3X
inbuICZHbIZx/dpnPELWD5LRn6PjC2RT67zw9v4eUDUx3dC/beZ0+Xpvb1vL0W72
kXArGu3pfEywCBHkyGfDY6YCgRXZv9DqVU2IuDcO1uiVatBv
-----END CERTIFICATE-----