Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          46l3bM7TWiGl0BQ1hT2AGGcKGBGq0dWoMtWX2ZzlhYQ=
Subject key identifier:   28:7A:A8:50:4E:BE:97:C9:D0:A9:45:D0:92:16:4F:AE:ED:41:90:93
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       4BED985B94AB45172F71787CAA3B007729874447
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS393942.roa
Signing time:             Mon 13 Oct 2025 07:26:37 +0000
ROA not before:           Mon 13 Oct 2025 07:21:37 +0000
ROA not after:            Mon 12 Oct 2026 07:26:37 +0000
asID:                     393942
IP address blocks:        82.139.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:ed:98:5b:94:ab:45:17:2f:71:78:7c:aa:3b:00:77:29:87:44:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Oct 13 07:21:37 2025 GMT
            Not After : Oct 12 07:26:37 2026 GMT
        Subject: CN=287AA8504EBE97C9D0A945D092164FAEED419093
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b6:ea:f7:20:83:35:e3:ba:a3:24:83:37:be:
                    c6:e8:60:da:71:61:78:27:1d:3e:47:4e:75:3f:b3:
                    f5:ea:07:69:07:e8:7f:ed:fc:13:ab:c2:c8:74:fc:
                    0c:4a:59:c5:0f:c3:10:ef:13:35:3a:b2:ea:ce:5d:
                    07:f7:75:3f:65:85:b4:f5:73:2c:6f:8a:a8:fc:19:
                    cc:c0:a3:54:60:da:f6:61:29:83:01:b5:5e:9f:4d:
                    31:ba:44:ef:c5:7e:25:16:b7:53:9a:ef:04:42:94:
                    b2:5e:9e:30:aa:59:6d:e2:c1:f8:df:c9:24:c9:d0:
                    95:ca:75:d6:d6:4f:52:50:31:3a:0a:50:75:cb:5e:
                    7e:76:fb:2f:9f:e8:b6:67:54:80:84:9c:5d:ac:2e:
                    d0:15:87:6c:1d:8e:11:2d:2c:98:b3:74:5f:d0:28:
                    16:df:65:ae:14:c2:22:9b:bd:99:91:41:98:86:25:
                    cb:06:e7:98:eb:81:55:c8:b9:d4:cf:84:10:1b:eb:
                    cc:93:c7:7e:a4:4b:da:a9:ff:bf:cb:1a:51:52:c9:
                    fa:6c:84:68:e1:d0:25:be:95:0b:98:56:30:6c:d9:
                    89:18:6b:e8:da:9a:08:8a:75:c7:1d:6f:5d:c4:a5:
                    8c:57:80:01:17:a7:f6:10:38:8d:90:fe:ce:64:f9:
                    18:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:7A:A8:50:4E:BE:97:C9:D0:A9:45:D0:92:16:4F:AE:ED:41:90:93
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.139.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:1f:34:2d:d2:8d:e2:20:1f:65:0c:76:90:46:3b:d0:29:bf:
         a4:17:ad:d2:94:21:ec:ab:52:f4:96:1b:97:0b:09:db:43:5c:
         17:cf:93:63:d3:ff:23:93:0a:ce:04:26:8b:31:17:64:6e:0c:
         af:1b:2c:64:ac:f0:7a:c1:33:f0:0b:4a:d3:ba:64:37:b6:c4:
         8d:47:e5:c2:89:04:72:8c:8a:48:83:6f:91:da:bc:8c:6f:f2:
         3e:aa:19:52:81:a4:95:a3:a8:65:87:86:c7:2d:8b:15:ef:12:
         1f:5a:5e:08:80:e7:48:e2:6e:00:9a:4f:4e:ca:71:34:4d:69:
         bf:33:a6:4d:58:ee:e2:1e:29:5e:b7:3c:82:ae:7e:55:8e:ca:
         d8:e1:7a:1e:06:7d:a6:90:e6:2c:b8:05:e4:22:95:80:c9:2d:
         33:25:2b:a3:39:5e:e1:95:9d:dd:fe:26:b9:d1:d6:5f:b1:bf:
         bb:02:e7:06:e4:eb:67:42:69:5a:c0:ce:58:19:d5:de:98:3c:
         43:50:ff:0e:54:1d:eb:55:35:a9:15:90:d4:13:2d:fc:87:0c:
         f5:51:ba:73:77:90:63:83:7b:f5:34:de:01:76:ef:9c:55:74:
         3d:69:03:4f:06:28:44:2a:3e:ca:89:40:84:e9:13:37:1e:fa:
         ae:86:35:ad
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS+2YW5SrRRcvcXh8qjsAdymHREcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTEwMTMwNzIxMzdaFw0yNjEwMTIwNzI2MzdaMDMxMTAvBgNV
BAMTKDI4N0FBODUwNEVCRTk3QzlEMEE5NDVEMDkyMTY0RkFFRUQ0MTkwOTMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDtur3IIM147qjJIM3vsboYNpx
YXgnHT5HTnU/s/XqB2kH6H/t/BOrwsh0/AxKWcUPwxDvEzU6surOXQf3dT9lhbT1
cyxviqj8GczAo1Rg2vZhKYMBtV6fTTG6RO/FfiUWt1Oa7wRClLJenjCqWW3iwfjf
ySTJ0JXKddbWT1JQMToKUHXLXn52+y+f6LZnVICEnF2sLtAVh2wdjhEtLJizdF/Q
KBbfZa4UwiKbvZmRQZiGJcsG55jrgVXIudTPhBAb68yTx36kS9qp/7/LGlFSyfps
hGjh0CW+lQuYVjBs2YkYa+jamgiKdccdb13EpYxXgAEXp/YQOI2Q/s5k+RhfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUKHqoUE6+l8nQqUXQkhZPru1BkJMwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUovq
MA0GCSqGSIb3DQEBCwUAA4IBAQAxHzQt0o3iIB9lDHaQRjvQKb+kF63SlCHsq1L0
lhuXCwnbQ1wXz5Nj0/8jkwrOBCaLMRdkbgyvGyxkrPB6wTPwC0rTumQ3tsSNR+XC
iQRyjIpIg2+R2ryMb/I+qhlSgaSVo6hlh4bHLYsV7xIfWl4IgOdI4m4Amk9OynE0
TWm/M6ZNWO7iHiletzyCrn5VjsrY4XoeBn2mkOYsuAXkIpWAyS0zJSujOV7hlZ3d
/ia50dZfsb+7AucG5OtnQmlawM5YGdXemDxDUP8OVB3rVTWpFZDUEy38hwz1Ubpz
d5Bjg3v1NN4Bdu+cVXQ9aQNPBihEKj7KiUCE6RM3HvquhjWt
-----END CERTIFICATE-----