Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396246.roa
File:                     AS396246.roa (raw, json)
Hash identifier:          IwJIxkABkgzYb3eEjV19EkqRhRVclm2A3qHe8Fa7BmA=
Subject key identifier:   56:78:5E:64:DA:47:E4:5E:D8:6B:99:25:1B:7F:3E:26:06:1B:79:52
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4F2F09A5DD873818992968C684DF9CF71BE292D8
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396246.roa
Signing time:             Sun 01 Mar 2026 07:43:09 +0000
ROA not before:           Sun 01 Mar 2026 07:38:09 +0000
ROA not after:            Sun 28 Feb 2027 07:43:09 +0000
asID:                     396246
IP address blocks:        95.134.196.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:2f:09:a5:dd:87:38:18:99:29:68:c6:84:df:9c:f7:1b:e2:92:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  1 07:38:09 2026 GMT
            Not After : Feb 28 07:43:09 2027 GMT
        Subject: CN=56785E64DA47E45ED86B99251B7F3E26061B7952
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:19:bb:2b:2e:b1:43:18:63:26:4b:24:33:ab:
                    fb:68:b9:5e:0b:a8:3d:70:dd:24:54:70:dc:51:c1:
                    84:db:5c:40:83:d2:66:2e:a2:5c:1e:46:4d:5b:13:
                    32:95:de:c1:06:64:90:0f:1b:02:92:2e:81:70:19:
                    e9:f1:6d:95:f3:60:08:41:3e:f8:d8:11:06:9a:1d:
                    03:a2:c8:6e:f0:f0:f4:86:04:c0:9e:b0:6f:3c:5f:
                    18:1c:43:23:47:a3:88:33:bc:5d:1e:70:2f:0f:36:
                    d3:65:3f:10:10:e8:6b:2f:7f:0b:c5:f1:5a:9e:cc:
                    1a:96:08:cb:8f:4e:e4:4f:ce:91:a1:55:62:ad:60:
                    42:d3:66:77:7e:31:99:10:ee:1c:b0:39:99:97:eb:
                    81:90:56:00:91:16:0c:14:34:b1:8f:6f:94:02:dd:
                    e9:73:75:b1:a9:cd:f0:d1:fd:5c:38:a4:26:f3:20:
                    5f:fd:c1:d1:a1:16:8d:0c:b5:7e:36:21:d7:b3:5a:
                    01:bb:86:3e:12:cf:3c:df:39:78:0b:20:79:0f:38:
                    c1:60:9d:45:66:d1:28:ae:69:35:ba:a6:a0:27:01:
                    3e:9a:2f:53:22:ec:e4:03:11:fe:d7:05:5c:51:3c:
                    c4:14:a7:b4:a5:18:8c:83:dd:6b:30:e5:29:29:e9:
                    5e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:78:5E:64:DA:47:E4:5E:D8:6B:99:25:1B:7F:3E:26:06:1B:79:52
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396246.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:62:6b:d7:f9:bd:9b:3a:aa:08:25:43:cb:c3:68:55:1e:2f:
         17:66:69:b3:fc:69:8d:39:b2:38:93:2e:66:6f:70:0a:ee:9f:
         d1:a3:42:92:8e:bc:8d:42:7f:57:a9:57:35:1f:3e:b7:df:b8:
         0a:05:5c:de:28:ff:d9:00:c1:4f:1b:56:80:66:98:f2:7c:77:
         f5:d2:09:c3:12:1b:1f:f1:8e:9f:cc:8c:4a:f4:61:e7:c0:a9:
         d2:5c:3e:29:13:e3:5f:72:84:88:cb:3f:1b:fe:6c:5f:92:8d:
         ab:90:57:49:48:f3:e0:33:9a:1f:d3:64:f2:d4:44:3f:df:e9:
         46:48:2e:8f:c0:39:c6:5e:41:aa:b0:d4:6c:08:f0:28:1b:95:
         97:f6:d6:cb:d5:1d:c7:2c:eb:35:92:66:52:2c:dc:3a:f8:32:
         56:9d:60:5e:68:0c:71:0e:dd:92:59:e6:0d:6b:69:fe:dd:b3:
         1f:3a:eb:fd:31:79:3a:91:0e:34:6b:16:2b:05:75:a1:a1:17:
         aa:57:6e:77:5b:8c:ec:aa:1e:87:a9:4d:3d:a6:9f:ff:eb:91:
         7a:61:30:c3:a9:46:9d:60:5b:e9:2f:d0:29:99:88:6c:ed:ee:
         0f:78:8c:1e:a5:11:c6:cf:22:8c:de:7d:8b:60:c8:4b:63:99:
         0d:ab:47:24
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTy8Jpd2HOBiZKWjGhN+c9xviktgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDEwNzM4MDlaFw0yNzAyMjgwNzQzMDlaMDMxMTAvBgNV
BAMTKDU2Nzg1RTY0REE0N0U0NUVEODZCOTkyNTFCN0YzRTI2MDYxQjc5NTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDgGbsrLrFDGGMmSyQzq/touV4L
qD1w3SRUcNxRwYTbXECD0mYuolweRk1bEzKV3sEGZJAPGwKSLoFwGenxbZXzYAhB
PvjYEQaaHQOiyG7w8PSGBMCesG88XxgcQyNHo4gzvF0ecC8PNtNlPxAQ6GsvfwvF
8VqezBqWCMuPTuRPzpGhVWKtYELTZnd+MZkQ7hywOZmX64GQVgCRFgwUNLGPb5QC
3elzdbGpzfDR/Vw4pCbzIF/9wdGhFo0MtX42IdezWgG7hj4SzzzfOXgLIHkPOMFg
nUVm0SiuaTW6pqAnAT6aL1Mi7OQDEf7XBVxRPMQUp7SlGIyD3Wsw5Skp6V5hAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUVnheZNpH5F7Ya5klG38+JgYbeVIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk2MjQ2LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCX4bE
MA0GCSqGSIb3DQEBCwUAA4IBAQBnYmvX+b2bOqoIJUPLw2hVHi8XZmmz/GmNObI4
ky5mb3AK7p/Ro0KSjryNQn9XqVc1Hz6337gKBVzeKP/ZAMFPG1aAZpjyfHf10gnD
Ehsf8Y6fzIxK9GHnwKnSXD4pE+NfcoSIyz8b/mxfko2rkFdJSPPgM5of02Ty1EQ/
3+lGSC6PwDnGXkGqsNRsCPAoG5WX9tbL1R3HLOs1kmZSLNw6+DJWnWBeaAxxDt2S
WeYNa2n+3bMfOuv9MXk6kQ40axYrBXWhoReqV253W4zsqh6HqU09pp//65F6YTDD
qUadYFvpL9ApmYhs7e4PeIwepRHGzyKM3n2LYMhLY5kNq0ck
-----END CERTIFICATE-----