Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          06k0W83lcsYz1ezhrOVBLOVdvfVkZBs+hBoGnRk+vMc=
Subject key identifier:   23:97:A9:FF:88:19:8A:33:02:88:83:A9:23:CD:C0:1C:DD:FA:AF:A6
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       2923D6ECD8A42D1872BF9AA58927D1E0AF55369A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa
Signing time:             Sun 01 Mar 2026 00:18:23 +0000
ROA not before:           Sun 01 Mar 2026 00:13:23 +0000
ROA not after:            Sun 28 Feb 2027 00:18:23 +0000
asID:                     398704
IP address blocks:        178.93.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 08:09:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:23:d6:ec:d8:a4:2d:18:72:bf:9a:a5:89:27:d1:e0:af:55:36:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar  1 00:13:23 2026 GMT
            Not After : Feb 28 00:18:23 2027 GMT
        Subject: CN=2397A9FF88198A33028883A923CDC01CDDFAAFA6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:ec:b6:31:2a:50:6c:15:f7:56:af:23:46:06:
                    1b:86:53:18:f1:d8:77:14:42:b0:4b:c8:04:f6:56:
                    34:c8:d0:ac:32:44:e6:90:86:47:db:76:fd:da:c8:
                    2c:72:df:f8:36:d8:0c:a4:0f:f9:19:3e:f6:85:b1:
                    cb:f8:d7:81:d0:d0:cd:35:5b:99:c3:ee:41:23:ea:
                    a3:53:29:62:02:79:b0:73:97:b9:44:9b:b3:5f:5a:
                    24:dd:9d:3f:c5:b2:1e:52:9a:f7:f4:ad:60:93:a2:
                    18:95:48:7a:53:53:ce:ec:64:e6:19:b7:a7:3d:1b:
                    55:c8:81:5b:8f:12:13:3e:31:30:3b:2e:32:6e:d7:
                    b5:b4:4d:bf:30:73:30:6e:3f:49:ca:34:65:2f:d5:
                    08:3c:eb:bf:65:ec:7c:8b:19:8b:2a:11:33:fa:9b:
                    77:9e:78:c7:46:02:25:e1:ca:dc:f4:ea:c1:ea:4f:
                    2d:f4:d9:02:e5:e4:14:0f:be:c6:60:da:1f:93:e1:
                    b7:fe:d6:4c:c2:bc:2b:f8:df:1a:fe:cf:8f:c9:63:
                    98:3f:d3:9a:9c:67:c4:9d:f2:3e:fe:20:7c:83:f5:
                    17:ba:0b:34:7e:47:2b:3f:89:ee:10:c6:98:5f:70:
                    43:f8:b3:f7:f7:0e:90:93:fc:d1:f0:08:78:11:4d:
                    e8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:97:A9:FF:88:19:8A:33:02:88:83:A9:23:CD:C0:1C:DD:FA:AF:A6
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:f0:4f:96:7d:ad:09:45:51:80:84:70:1e:28:a1:2c:b2:f9:
         7b:48:a9:f1:63:c9:f4:d1:30:29:13:1c:49:a2:9e:45:19:b0:
         3e:68:e5:16:81:6b:e9:10:7f:3d:fe:d3:38:87:49:be:a4:d0:
         b4:c1:8c:df:27:f8:d3:ae:1b:1a:b3:f1:52:5b:5c:89:d7:00:
         5e:31:95:68:d3:9e:db:74:b7:ae:f9:f4:10:c1:4b:8d:e9:12:
         bb:0e:94:1c:b2:c7:a8:8b:b7:f4:5d:c2:2c:a6:03:94:5c:20:
         52:63:75:f5:19:e5:bc:ac:5c:02:9c:75:60:9c:10:43:da:f0:
         25:8a:c7:45:a2:1a:50:4f:cc:33:33:69:1f:93:af:f5:2f:fd:
         2a:60:01:7a:ac:3b:24:bf:02:97:a6:71:d6:ed:42:bc:cd:cf:
         2c:14:32:34:c5:b0:5a:ec:e3:20:b5:5f:18:ba:e9:d3:57:dd:
         7b:ba:ae:65:7c:eb:f1:87:ce:47:5a:28:25:9f:af:f9:71:af:
         48:9f:40:76:6d:81:57:0f:0a:30:12:68:3d:7b:a5:e9:56:82:
         97:54:5c:79:da:93:11:38:7c:67:f4:e3:cf:fd:6b:ba:8c:ae:
         dc:08:d1:fe:21:fe:d2:af:25:b4:4c:7d:9d:e4:a9:35:5c:a4:
         3a:3e:ed:44
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKSPW7NikLRhyv5qliSfR4K9VNpowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMDEwMDEzMjNaFw0yNzAyMjgwMDE4MjNaMDMxMTAvBgNV
BAMTKDIzOTdBOUZGODgxOThBMzMwMjg4ODNBOTIzQ0RDMDFDRERGQUFGQTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR7LYxKlBsFfdWryNGBhuGUxjx
2HcUQrBLyAT2VjTI0KwyROaQhkfbdv3ayCxy3/g22AykD/kZPvaFscv414HQ0M01
W5nD7kEj6qNTKWICebBzl7lEm7NfWiTdnT/Fsh5Smvf0rWCTohiVSHpTU87sZOYZ
t6c9G1XIgVuPEhM+MTA7LjJu17W0Tb8wczBuP0nKNGUv1Qg8679l7HyLGYsqETP6
m3eeeMdGAiXhytz06sHqTy302QLl5BQPvsZg2h+T4bf+1kzCvCv43xr+z4/JY5g/
05qcZ8Sd8j7+IHyD9Re6CzR+Rys/ie4QxphfcEP4s/f3DpCT/NHwCHgRTehpAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUI5ep/4gZijMCiIOpI83AHN36r6YwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCsl0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAG8E+Wfa0JRVGAhHAeKKEssvl7SKnxY8n00TAp
ExxJop5FGbA+aOUWgWvpEH89/tM4h0m+pNC0wYzfJ/jTrhsas/FSW1yJ1wBeMZVo
057bdLeu+fQQwUuN6RK7DpQcsseoi7f0XcIspgOUXCBSY3X1GeW8rFwCnHVgnBBD
2vAlisdFohpQT8wzM2kfk6/1L/0qYAF6rDskvwKXpnHW7UK8zc8sFDI0xbBa7OMg
tV8YuunTV917uq5lfOvxh85HWigln6/5ca9In0B2bYFXDwowEmg9e6XpVoKXVFx5
2pMROHxn9OPP/Wu6jK7cCNH+If7SryW0TH2d5Kk1XKQ6Pu1E
-----END CERTIFICATE-----