Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          LCdnQE/kzI7Cu6AN2Lyv1MV60FtvJIhCGGNrRP83VCo=
Subject key identifier:   BB:00:67:75:04:B1:20:28:1D:7B:38:FB:42:D9:0D:A2:A8:5D:9C:FE
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       6E866A14C524721E8D826194BAE7DFFEBB1692AD
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
Signing time:             Thu 04 Jun 2026 11:13:23 +0000
ROA not before:           Thu 04 Jun 2026 11:08:23 +0000
ROA not after:            Thu 03 Jun 2027 11:13:23 +0000
asID:                     393942
IP address blocks:        95.135.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:86:6a:14:c5:24:72:1e:8d:82:61:94:ba:e7:df:fe:bb:16:92:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun  4 11:08:23 2026 GMT
            Not After : Jun  3 11:13:23 2027 GMT
        Subject: CN=BB00677504B120281D7B38FB42D90DA2A85D9CFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ac:6a:f2:71:94:a6:47:d6:82:28:be:96:bd:
                    74:7d:f0:2f:30:11:9f:44:97:e0:c9:50:64:fc:12:
                    3e:03:fc:74:dd:96:39:48:fa:b3:6b:e8:00:bd:f6:
                    df:e2:24:10:16:d0:a6:79:2a:cc:77:bd:39:c3:9c:
                    4c:43:e7:da:c6:7b:18:59:04:06:47:58:c8:59:a4:
                    bd:51:8b:cd:45:e3:8c:53:72:4d:79:11:5d:3f:9b:
                    e8:5f:b1:34:d3:82:24:06:07:c1:8e:83:87:9b:4c:
                    ec:58:01:4e:5d:9c:89:87:7a:33:4a:7a:52:7d:36:
                    55:6e:eb:ec:b8:53:a5:d4:bb:a9:9d:83:3d:ca:6a:
                    e8:a1:f2:2e:da:ad:b8:7b:d9:dd:ea:e0:33:5a:a3:
                    66:23:b4:19:67:75:9d:07:0d:9a:e0:36:62:7a:17:
                    33:71:9b:1d:92:b8:d7:a0:1b:f2:8f:8a:71:1b:28:
                    44:16:23:11:a9:84:3c:84:c4:ce:a7:15:48:7d:55:
                    6a:95:2b:27:31:75:01:ac:f0:a9:2c:6f:a2:0d:9e:
                    5c:5d:42:9b:1c:bd:49:76:6e:bc:ed:12:42:27:55:
                    fb:07:1d:d2:d7:f1:fa:e2:fe:b3:77:25:0b:6f:8f:
                    57:87:22:b7:ae:4e:89:dd:74:bb:f9:19:39:d4:21:
                    55:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:00:67:75:04:B1:20:28:1D:7B:38:FB:42:D9:0D:A2:A8:5D:9C:FE
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:a0:ed:a9:39:e7:f9:04:d9:6a:24:bb:f0:7e:06:2e:a0:db:
         4e:bb:cc:83:7c:77:79:a8:ef:99:3c:fa:cf:47:76:dd:66:06:
         a7:a8:94:6e:b5:dc:f9:94:b4:8e:d3:9d:6b:8f:c4:82:f3:ee:
         b4:1d:40:7f:ae:0a:ba:5a:6e:00:0f:52:06:e2:1e:70:4d:55:
         5b:d7:c5:bc:f0:36:92:77:09:12:76:e2:87:8b:0d:8b:9f:f5:
         41:45:29:72:91:53:82:60:87:17:e3:92:ff:b6:e5:ac:7f:27:
         35:33:64:bb:85:09:29:72:c3:64:ba:03:0a:c6:fe:90:93:5f:
         d1:64:42:04:4b:37:24:43:9b:1a:57:a7:4c:b4:c5:3d:56:62:
         bb:6c:36:de:b1:e1:f4:00:64:28:50:29:34:52:46:02:ff:2c:
         e1:af:be:91:89:cb:89:01:dc:a6:1c:83:1b:cd:4c:c5:6d:2f:
         e7:c7:8e:46:63:6f:69:bd:85:37:26:34:fc:14:fa:c2:7c:54:
         ac:c3:0d:c5:4d:f8:23:50:a3:d2:54:d3:3b:6b:db:a1:cf:91:
         2d:bd:1c:2a:d4:e7:25:d3:a9:aa:4d:25:07:b3:66:52:e0:ba:
         f2:e7:b6:c5:38:93:38:ba:13:eb:04:fc:6c:5f:31:ab:67:1c:
         7f:5b:2e:05
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUboZqFMUkch6NgmGUuuff/rsWkq0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MDQxMTA4MjNaFw0yNzA2MDMxMTEzMjNaMDMxMTAvBgNV
BAMTKEJCMDA2Nzc1MDRCMTIwMjgxRDdCMzhGQjQyRDkwREEyQTg1RDlDRkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqrGrycZSmR9aCKL6WvXR98C8w
EZ9El+DJUGT8Ej4D/HTdljlI+rNr6AC99t/iJBAW0KZ5Ksx3vTnDnExD59rGexhZ
BAZHWMhZpL1Ri81F44xTck15EV0/m+hfsTTTgiQGB8GOg4ebTOxYAU5dnImHejNK
elJ9NlVu6+y4U6XUu6mdgz3Kauih8i7arbh72d3q4DNao2YjtBlndZ0HDZrgNmJ6
FzNxmx2SuNegG/KPinEbKEQWIxGphDyExM6nFUh9VWqVKycxdQGs8Kksb6INnlxd
QpscvUl2brztEkInVfsHHdLX8fri/rN3JQtvj1eHIreuTonddLv5GTnUIVWXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUuwBndQSxICgdezj7QtkNoqhdnP4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4eH
MA0GCSqGSIb3DQEBCwUAA4IBAQB7oO2pOef5BNlqJLvwfgYuoNtOu8yDfHd5qO+Z
PPrPR3bdZganqJRutdz5lLSO051rj8SC8+60HUB/rgq6Wm4AD1IG4h5wTVVb18W8
8DaSdwkSduKHiw2Ln/VBRSlykVOCYIcX45L/tuWsfyc1M2S7hQkpcsNkugMKxv6Q
k1/RZEIESzckQ5saV6dMtMU9VmK7bDbeseH0AGQoUCk0UkYC/yzhr76RicuJAdym
HIMbzUzFbS/nx45GY29pvYU3JjT8FPrCfFSsww3FTfgjUKPSVNM7a9uhz5EtvRwq
1Ocl06mqTSUHs2ZS4Lry57bFOJM4uhPrBPxsXzGrZxx/Wy4F
-----END CERTIFICATE-----