Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          WhuU85y1L4xUu0qSm4eFfpANcLWE1VIKmMZXwi0cxoY=
Subject key identifier:   9B:16:ED:4D:56:5C:B9:72:20:2C:8C:85:4B:87:22:5E:F7:62:07:FE
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       59865D083BEE3B36A94BA9A4A98695B911A34AC0
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa
Signing time:             Sun 15 Feb 2026 02:31:34 +0000
ROA not before:           Sun 15 Feb 2026 02:26:34 +0000
ROA not after:            Sun 14 Feb 2027 02:31:34 +0000
asID:                     393942
IP address blocks:        194.60.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 04:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:86:5d:08:3b:ee:3b:36:a9:4b:a9:a4:a9:86:95:b9:11:a3:4a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Feb 15 02:26:34 2026 GMT
            Not After : Feb 14 02:31:34 2027 GMT
        Subject: CN=9B16ED4D565CB972202C8C854B87225EF76207FE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:e1:4e:f3:24:5a:b3:4a:84:6f:bf:b8:cd:00:
                    79:b2:5c:d7:26:34:9e:b5:a8:28:f5:ce:7c:48:7b:
                    46:dd:fb:71:56:d2:7f:d7:01:90:f2:c5:1c:2b:6d:
                    9a:4b:4e:05:3d:97:8d:fd:62:90:df:b5:6e:a2:83:
                    2a:b8:43:03:79:cc:dc:cd:f7:43:94:99:77:77:dc:
                    23:06:32:dc:ac:7c:fd:42:c7:72:c9:a2:eb:97:f3:
                    3d:68:a4:ba:42:60:1b:d6:e7:31:34:1d:26:6b:ba:
                    69:c9:a7:90:d5:81:5d:bb:1a:e8:76:5d:eb:b8:bd:
                    9e:72:b5:c2:cc:d3:dd:e5:70:81:e4:43:fc:93:1d:
                    f2:2b:79:86:bc:a2:67:bf:03:2a:f3:f1:f1:e3:54:
                    ba:dd:9e:09:2a:6e:ee:6f:cd:67:ae:55:9d:27:0c:
                    c5:a4:ab:43:90:71:c3:f1:8f:f0:1f:b6:3c:e9:03:
                    3b:f2:94:22:04:a3:70:5f:88:3a:e0:99:50:20:7f:
                    1c:81:23:7a:e5:6e:71:50:52:fc:2b:63:92:f9:41:
                    e0:e7:30:db:5b:75:c8:de:46:c7:e0:d2:e0:45:45:
                    35:98:14:04:af:54:ed:f8:5c:23:1d:89:dd:6d:8d:
                    f8:fe:9a:e8:62:c5:dd:c4:b4:bb:1a:6f:2a:4a:d9:
                    f7:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:16:ED:4D:56:5C:B9:72:20:2C:8C:85:4B:87:22:5E:F7:62:07:FE
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:88:a1:94:a5:16:3a:09:a6:ba:70:10:c5:24:ff:07:e3:5e:
         f6:08:6e:79:00:4d:04:86:70:eb:bc:a4:7d:c9:c7:40:85:af:
         cc:de:bd:5b:95:14:8e:ff:6b:13:a3:dc:d7:76:bd:5e:55:23:
         fe:e1:21:28:87:f5:aa:68:b8:69:06:a4:6b:c1:21:2c:67:09:
         74:59:07:40:12:49:cf:0b:a9:ab:49:ae:92:e3:c7:90:56:b6:
         b6:11:36:2b:ea:3a:5b:48:da:96:0b:1f:35:93:13:26:cd:89:
         d0:d9:5c:6d:5a:4a:b8:15:60:8d:6e:af:82:e4:e3:3b:8a:ff:
         1a:7a:48:f9:7e:fb:ab:e0:1b:f0:c6:ab:9f:dd:95:90:0d:21:
         38:52:f0:2a:b4:3c:84:78:6f:c8:a8:2e:f6:a0:5a:61:02:b2:
         f0:de:12:fe:4f:98:4b:2b:0f:66:a7:21:0d:32:51:d4:7c:d6:
         1c:a9:5e:c1:ca:34:99:bf:6f:e6:43:0a:dd:aa:68:44:f7:68:
         aa:b6:48:ac:0a:d6:20:37:6b:cb:96:16:b2:4e:ba:03:84:31:
         85:b8:3b:db:2f:f4:97:7c:91:a6:5f:96:b0:f2:6e:96:cd:11:
         61:f6:ba:e4:66:59:71:51:4b:5c:cf:93:74:fa:5e:34:64:08:
         f6:0b:3b:74
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWYZdCDvuOzapS6mkqYaVuRGjSsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjAyMTUwMjI2MzRaFw0yNzAyMTQwMjMxMzRaMDMxMTAvBgNV
BAMTKDlCMTZFRDRENTY1Q0I5NzIyMDJDOEM4NTRCODcyMjVFRjc2MjA3RkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDV4U7zJFqzSoRvv7jNAHmyXNcm
NJ61qCj1znxIe0bd+3FW0n/XAZDyxRwrbZpLTgU9l439YpDftW6igyq4QwN5zNzN
90OUmXd33CMGMtysfP1Cx3LJouuX8z1opLpCYBvW5zE0HSZrumnJp5DVgV27Guh2
Xeu4vZ5ytcLM093lcIHkQ/yTHfIreYa8ome/Ayrz8fHjVLrdngkqbu5vzWeuVZ0n
DMWkq0OQccPxj/AftjzpAzvylCIEo3BfiDrgmVAgfxyBI3rlbnFQUvwrY5L5QeDn
MNtbdcjeRsfg0uBFRTWYFASvVO34XCMdid1tjfj+muhixd3EtLsabypK2fctAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmxbtTVZcuXIgLIyFS4ciXvdiB/4wHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxZ
MA0GCSqGSIb3DQEBCwUAA4IBAQBLiKGUpRY6Caa6cBDFJP8H4172CG55AE0EhnDr
vKR9ycdAha/M3r1blRSO/2sTo9zXdr1eVSP+4SEoh/WqaLhpBqRrwSEsZwl0WQdA
EknPC6mrSa6S48eQVra2ETYr6jpbSNqWCx81kxMmzYnQ2VxtWkq4FWCNbq+C5OM7
iv8aekj5fvur4Bvwxquf3ZWQDSE4UvAqtDyEeG/IqC72oFphArLw3hL+T5hLKw9m
pyENMlHUfNYcqV7ByjSZv2/mQwrdqmhE92iqtkisCtYgN2vLlhayTroDhDGFuDvb
L/SXfJGmX5aw8m6WzRFh9rrkZllxUUtcz5N0+l40ZAj2Czt0
-----END CERTIFICATE-----