Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          lDz0aK93s6uErDkyAcRA56fV95TBw7NhRZp+t/BC1xY=
Subject key identifier:   A1:41:70:E3:82:27:1C:B5:9C:27:0A:9C:29:20:B3:1E:26:39:54:BE
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       7E9B4133F05B2246941C81D117F3E51F0A4B270C
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
Signing time:             Wed 15 Apr 2026 00:01:50 +0000
ROA not before:           Tue 14 Apr 2026 23:56:50 +0000
ROA not after:            Wed 14 Apr 2027 00:01:50 +0000
asID:                     395374
IP address blocks:        152.89.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 23:56:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:9b:41:33:f0:5b:22:46:94:1c:81:d1:17:f3:e5:1f:0a:4b:27:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 14 23:56:50 2026 GMT
            Not After : Apr 14 00:01:50 2027 GMT
        Subject: CN=A14170E382271CB59C270A9C2920B31E263954BE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:64:f0:48:f4:86:4a:a5:55:23:17:4a:ec:c3:
                    30:d8:15:05:0e:a8:1e:2d:55:7f:cc:12:72:ff:57:
                    f2:6f:54:22:63:e1:f1:75:01:fc:4c:67:1b:31:84:
                    d0:a6:d5:9e:65:5f:24:41:a3:42:cd:b8:da:77:f2:
                    e5:66:e1:ea:a9:40:e9:c0:35:14:8f:52:2e:20:e3:
                    b6:11:d6:4b:19:d8:ad:eb:2e:12:b0:3b:a4:6b:20:
                    3a:59:f4:3e:ae:b4:6a:63:f9:28:fb:e7:64:c1:17:
                    eb:06:d3:54:9f:9a:9b:26:5a:1a:57:d7:8c:62:0a:
                    b8:30:4f:60:c9:07:9b:ef:db:41:02:82:c0:11:a6:
                    a1:77:36:d8:2a:68:28:ea:89:89:d4:36:d9:30:97:
                    ee:0c:46:d1:73:4a:b1:77:a4:3d:a7:59:44:5c:df:
                    2e:32:84:0c:ce:bd:e4:db:56:e2:9f:38:a2:25:a2:
                    95:1c:ba:93:81:f7:de:45:48:9b:e8:96:81:37:17:
                    2d:dc:5b:90:05:07:23:34:b1:7d:2a:0f:7c:6e:f8:
                    97:3b:92:e0:fa:fd:78:cc:15:e7:1b:26:d8:da:58:
                    b1:df:9f:a5:dc:4d:a9:35:c6:2d:04:28:7d:05:27:
                    32:26:72:09:7d:ae:f7:fe:6f:fa:4a:fb:6b:e1:b1:
                    3e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:41:70:E3:82:27:1C:B5:9C:27:0A:9C:29:20:B3:1E:26:39:54:BE
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:ce:80:df:86:23:1c:71:d9:4c:7c:21:db:f0:b7:c9:fa:6e:
         2d:7a:0b:bf:8b:3e:9e:4a:c6:1c:8c:21:be:96:93:92:e0:9e:
         60:a0:10:0d:3a:7f:f4:34:bb:48:80:94:0e:d8:c6:87:6d:25:
         06:c1:d1:18:1f:50:1a:35:64:9c:a4:db:38:05:95:35:6a:fe:
         e7:18:8a:47:be:14:06:4e:9c:b3:3d:c8:b2:e7:3c:e1:94:4f:
         f9:1b:23:be:4a:89:22:60:b1:65:d1:61:0a:08:18:60:b0:48:
         6f:66:c9:92:11:9d:4d:71:1f:e0:f1:d7:84:ef:1f:ad:8b:ee:
         e1:64:77:f8:4b:6e:99:5e:38:01:4d:0b:cb:4a:54:96:64:66:
         32:25:16:ab:b4:df:ab:a0:ce:2f:9f:6d:ae:c5:ec:34:c0:2e:
         1a:22:e0:45:12:92:d6:5c:07:00:50:0f:bb:26:22:56:42:0f:
         88:ca:fb:72:26:f0:c9:7b:7a:d7:15:24:c0:35:84:37:c0:05:
         d3:61:1b:75:e0:cd:a6:0d:07:d8:90:88:b3:94:28:08:f1:23:
         df:22:b6:fe:83:de:a8:bb:b2:34:54:72:58:d9:02:61:49:5f:
         42:91:7e:34:2c:33:82:1a:ff:b4:eb:86:52:23:70:30:1e:2e:
         6d:fb:04:41
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUfptBM/BbIkaUHIHRF/PlHwpLJwwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjA0MTQyMzU2NTBaFw0yNzA0MTQwMDAxNTBaMDMxMTAvBgNV
BAMTKEExNDE3MEUzODIyNzFDQjU5QzI3MEE5QzI5MjBCMzFFMjYzOTU0QkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDYZPBI9IZKpVUjF0rswzDYFQUO
qB4tVX/MEnL/V/JvVCJj4fF1AfxMZxsxhNCm1Z5lXyRBo0LNuNp38uVm4eqpQOnA
NRSPUi4g47YR1ksZ2K3rLhKwO6RrIDpZ9D6utGpj+Sj752TBF+sG01SfmpsmWhpX
14xiCrgwT2DJB5vv20ECgsARpqF3NtgqaCjqiYnUNtkwl+4MRtFzSrF3pD2nWURc
3y4yhAzOveTbVuKfOKIlopUcupOB995FSJvoloE3Fy3cW5AFByM0sX0qD3xu+Jc7
kuD6/XjMFecbJtjaWLHfn6XcTak1xi0EKH0FJzImcgl9rvf+b/pK+2vhsT75AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUoUFw44InHLWcJwqcKSCzHiY5VL4wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFn6
MA0GCSqGSIb3DQEBCwUAA4IBAQBdzoDfhiMccdlMfCHb8LfJ+m4tegu/iz6eSsYc
jCG+lpOS4J5goBANOn/0NLtIgJQO2MaHbSUGwdEYH1AaNWScpNs4BZU1av7nGIpH
vhQGTpyzPciy5zzhlE/5GyO+SokiYLFl0WEKCBhgsEhvZsmSEZ1NcR/g8deE7x+t
i+7hZHf4S26ZXjgBTQvLSlSWZGYyJRartN+roM4vn22uxew0wC4aIuBFEpLWXAcA
UA+7JiJWQg+IyvtyJvDJe3rXFSTANYQ3wAXTYRt14M2mDQfYkIizlCgI8SPfIrb+
g96ou7I0VHJY2QJhSV9CkX40LDOCGv+064ZSI3AwHi5t+wRB
-----END CERTIFICATE-----