Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          L9zlF5+8WF6tW1dOMaHbEVS420cf8nfw4b9l2KxJJXI=
Subject key identifier:   62:B7:97:F1:C4:97:35:42:4C:F1:61:C6:2E:CD:66:44:EF:06:AA:BD
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       1AD9D8C75C698DE4E51B9F98B887473BD973BE42
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa
Signing time:             Thu 12 Feb 2026 08:02:10 +0000
ROA not before:           Thu 12 Feb 2026 07:57:10 +0000
ROA not after:            Thu 11 Feb 2027 08:02:10 +0000
asID:                     395374
IP address blocks:        45.158.9.0/24 maxlen: 24
                          152.89.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:19:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:d9:d8:c7:5c:69:8d:e4:e5:1b:9f:98:b8:87:47:3b:d9:73:be:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Feb 12 07:57:10 2026 GMT
            Not After : Feb 11 08:02:10 2027 GMT
        Subject: CN=62B797F1C49735424CF161C62ECD6644EF06AABD
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:45:15:89:f9:cf:b8:be:8e:b9:ed:d3:f2:ee:
                    57:bf:93:aa:63:08:84:a0:49:50:fd:f9:23:60:1e:
                    1f:f1:92:ce:ac:56:6f:3b:b5:26:cc:d8:0f:6c:2c:
                    f4:84:59:2d:b1:9f:37:3a:0e:31:26:7f:db:3b:8a:
                    04:7c:d9:08:56:4e:b1:58:53:ad:8d:d1:f2:0c:d5:
                    0a:3d:8c:31:82:9a:d2:4d:b8:c9:69:49:fd:91:65:
                    fb:1a:7f:28:32:80:67:56:b2:e2:4f:01:34:9a:b9:
                    d8:5d:ff:e6:51:49:87:e6:8e:7c:94:87:ca:c2:73:
                    2b:76:00:eb:36:d8:67:da:3c:1c:7d:6a:a7:80:d4:
                    9f:9c:b0:f4:72:1f:00:65:3f:0d:51:2d:13:c2:66:
                    0f:79:58:b6:65:81:7f:8e:49:54:1e:f8:d9:57:88:
                    79:9a:e9:f5:7e:ab:18:b8:00:51:ca:71:ec:c6:e6:
                    11:a3:25:45:88:ac:fe:05:c4:6b:d1:bb:3a:f0:d5:
                    ad:82:aa:1f:6d:58:a4:ce:f8:ee:30:12:7b:09:1f:
                    09:55:60:e8:53:7c:ba:57:55:89:15:a6:7d:56:d1:
                    23:22:c8:32:a9:cb:4d:a4:b0:b0:3c:eb:eb:d7:38:
                    71:1f:40:90:33:2e:b1:63:5e:ac:14:95:d2:dc:08:
                    a7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B7:97:F1:C4:97:35:42:4C:F1:61:C6:2E:CD:66:44:EF:06:AA:BD
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.9.0/24
                  152.89.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:07:8b:c6:b8:df:79:8c:6a:21:cf:61:4a:bc:53:ac:6c:ba:
         6c:81:2b:82:76:41:ad:bd:ef:3b:96:ab:b1:02:7f:db:a4:a4:
         17:9e:29:1b:e1:ca:3b:7a:1a:6a:a3:1b:d6:1b:77:97:d2:0b:
         a1:9e:7f:cd:ff:b3:5c:4a:80:24:10:bf:10:a3:8a:a2:f2:41:
         4a:a9:d3:5d:cc:56:a2:b8:99:a3:ed:3c:69:ae:0c:89:cf:c2:
         e8:51:3c:6d:00:3b:d8:bf:70:d2:af:cd:30:e1:ce:a6:e7:80:
         5f:29:8a:8e:7e:c5:88:65:e4:2f:e0:ef:de:e3:fe:50:7c:a3:
         78:19:fa:7c:78:1b:6a:e5:89:9d:da:1a:1a:b7:d1:15:52:d7:
         60:a5:09:a5:41:f1:c6:64:eb:6e:78:23:bd:88:e3:31:80:ce:
         2d:5f:6e:5b:1d:42:5c:8d:90:9c:34:b7:82:3f:b5:58:26:9f:
         4a:a6:1f:dc:07:0d:a0:53:69:fb:61:87:df:c8:21:3a:e0:8c:
         e6:91:4a:42:76:7a:ed:39:f9:87:4b:ec:e6:4e:89:69:ea:48:
         ae:87:57:27:96:2a:13:f7:5c:c0:08:88:fa:f4:5e:97:a1:b9:
         73:f8:90:b4:e2:b5:ad:8e:e7:25:80:ed:1d:a9:d9:9f:1e:47:
         98:bb:b6:49
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGtnYx1xpjeTlG5+YuIdHO9lzvkIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNjAyMTIwNzU3MTBaFw0yNzAyMTEwODAyMTBaMDMxMTAvBgNV
BAMTKDYyQjc5N0YxQzQ5NzM1NDI0Q0YxNjFDNjJFQ0Q2NjQ0RUYwNkFBQkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGRRWJ+c+4vo657dPy7le/k6pj
CISgSVD9+SNgHh/xks6sVm87tSbM2A9sLPSEWS2xnzc6DjEmf9s7igR82QhWTrFY
U62N0fIM1Qo9jDGCmtJNuMlpSf2RZfsafygygGdWsuJPATSaudhd/+ZRSYfmjnyU
h8rCcyt2AOs22GfaPBx9aqeA1J+csPRyHwBlPw1RLRPCZg95WLZlgX+OSVQe+NlX
iHma6fV+qxi4AFHKcezG5hGjJUWIrP4FxGvRuzrw1a2Cqh9tWKTO+O4wEnsJHwlV
YOhTfLpXVYkVpn1W0SMiyDKpy02ksLA86+vXOHEfQJAzLrFjXqwUldLcCKeDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUYreX8cSXNUJM8WHGLs1mRO8Gqr0wHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ4J
AwQAmFn6MA0GCSqGSIb3DQEBCwUAA4IBAQCqB4vGuN95jGohz2FKvFOsbLpsgSuC
dkGtve87lquxAn/bpKQXnikb4co7ehpqoxvWG3eX0guhnn/N/7NcSoAkEL8Qo4qi
8kFKqdNdzFaiuJmj7TxprgyJz8LoUTxtADvYv3DSr80w4c6m54BfKYqOfsWIZeQv
4O/e4/5QfKN4Gfp8eBtq5Ymd2hoat9EVUtdgpQmlQfHGZOtueCO9iOMxgM4tX25b
HUJcjZCcNLeCP7VYJp9Kph/cBw2gU2n7YYffyCE64IzmkUpCdnrtOfmHS+zmTolp
6kiuh1cnlioT91zACIj69F6Xoblz+JC04rWtjuclgO0dqdmfHkeYu7ZJ
-----END CERTIFICATE-----