Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          uHIbD1oh0+zwHYmKEnjDGzaagLxzNY0zltglix2N1h8=
Subject key identifier:   85:8F:7B:F6:D7:84:BF:4C:5D:5B:69:84:A5:B8:7B:51:99:47:9F:12
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       5AB28EA69B3EACF9850C8FB18F5201FF811CDED9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
Signing time:             Thu 19 Mar 2026 01:18:18 +0000
ROA not before:           Thu 19 Mar 2026 01:13:18 +0000
ROA not after:            Thu 18 Mar 2027 01:18:18 +0000
asID:                     393942
IP address blocks:        181.214.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5a:b2:8e:a6:9b:3e:ac:f9:85:0c:8f:b1:8f:52:01:ff:81:1c:de:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 01:13:18 2026 GMT
            Not After : Mar 18 01:18:18 2027 GMT
        Subject: CN=858F7BF6D784BF4C5D5B6984A5B87B5199479F12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:78:d3:57:0b:d9:d4:5e:8d:c2:77:42:ba:00:
                    c7:7b:1f:4a:ed:8e:6c:af:64:46:8a:36:59:54:d5:
                    85:d5:d6:55:29:f8:dc:7b:5e:58:e7:7c:bc:b5:0b:
                    49:7f:44:0b:8e:4a:84:13:9f:d7:a3:bb:5c:ee:b3:
                    97:58:18:64:ff:79:00:b8:c9:e8:24:c4:2f:21:93:
                    40:36:d6:2f:db:72:18:77:b2:22:da:44:31:e9:d4:
                    b2:a6:ef:53:92:35:53:60:b1:74:e1:cf:20:73:ef:
                    f9:29:5c:6e:ed:ba:79:a0:64:aa:2d:74:8f:13:c9:
                    4d:62:d7:48:80:fa:d5:07:36:6a:a7:82:f3:44:ab:
                    31:69:72:91:89:b0:06:ff:50:5d:55:3a:88:70:cb:
                    20:5b:5a:2f:37:f8:3c:15:29:9a:20:50:f5:4b:4f:
                    44:5c:00:63:b0:d1:9f:69:df:5a:b4:97:d1:b2:49:
                    0a:c2:ea:2c:e6:f8:e9:ae:31:f3:a5:1d:65:6c:46:
                    f8:1e:97:74:68:70:07:99:91:58:a8:36:d3:d5:ef:
                    19:b9:47:30:92:c5:9c:a9:b9:5d:df:7b:82:91:24:
                    4c:a2:cc:d2:cc:f9:38:43:d9:b7:29:d0:ad:34:40:
                    26:c5:4d:77:59:e8:e2:4e:1b:39:3f:7e:12:61:ef:
                    e6:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:8F:7B:F6:D7:84:BF:4C:5D:5B:69:84:A5:B8:7B:51:99:47:9F:12
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.214.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:c2:18:50:82:65:e4:59:f2:3a:a9:22:2c:cc:7d:ec:5e:11:
         96:44:e9:39:50:b9:fb:d0:80:db:25:63:da:3a:e8:7e:5f:15:
         9f:56:18:c8:22:a9:7a:00:b4:a0:25:85:49:14:a3:23:5b:f0:
         9c:8f:f3:13:2c:57:19:6e:62:2b:93:02:a9:7f:c6:bc:d9:84:
         3e:ff:80:8e:cc:a8:8c:bc:f2:01:8a:ff:59:7b:2b:84:d7:8c:
         41:05:55:2c:72:65:84:45:bf:18:6d:17:be:71:0b:9c:c4:0e:
         ba:13:af:8f:f3:ab:ec:41:51:03:09:7a:36:b6:44:be:1c:3d:
         f1:8a:8c:d5:a4:0f:1d:6e:cf:63:d4:db:9c:64:43:58:f5:ae:
         2e:29:d5:b6:36:69:f8:6b:76:ca:1d:6f:64:8d:30:d2:18:bd:
         48:a9:cd:ee:7e:d2:47:9f:cb:03:18:f0:e9:dc:8c:cf:32:56:
         08:5d:41:96:b3:b0:35:d5:80:7d:75:e9:82:6d:38:c1:1c:de:
         82:17:80:f3:23:a2:76:1b:a8:9e:90:a9:e5:12:42:af:07:ed:
         8f:e2:af:fb:e9:b8:39:ef:c0:35:95:23:c0:52:cc:0e:8f:b8:
         bd:b5:76:db:ca:d9:ae:d1:30:8d:ef:1b:dc:93:55:93:a7:3a:
         26:80:01:12
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWrKOpps+rPmFDI+xj1IB/4Ec3tkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTkwMTEzMThaFw0yNzAzMTgwMTE4MThaMDMxMTAvBgNV
BAMTKDg1OEY3QkY2RDc4NEJGNEM1RDVCNjk4NEE1Qjg3QjUxOTk0NzlGMTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZeNNXC9nUXo3Cd0K6AMd7H0rt
jmyvZEaKNllU1YXV1lUp+Nx7XljnfLy1C0l/RAuOSoQTn9eju1zus5dYGGT/eQC4
yegkxC8hk0A21i/bchh3siLaRDHp1LKm71OSNVNgsXThzyBz7/kpXG7tunmgZKot
dI8TyU1i10iA+tUHNmqngvNEqzFpcpGJsAb/UF1VOohwyyBbWi83+DwVKZogUPVL
T0RcAGOw0Z9p31q0l9GySQrC6izm+OmuMfOlHWVsRvgel3RocAeZkVioNtPV7xm5
RzCSxZypuV3fe4KRJEyizNLM+ThD2bcp0K00QCbFTXdZ6OJOGzk/fhJh7+ajAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUhY979teEv0xdW2mEpbh7UZlHnxIwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdYV
MA0GCSqGSIb3DQEBCwUAA4IBAQBYwhhQgmXkWfI6qSIszH3sXhGWROk5ULn70IDb
JWPaOuh+XxWfVhjIIql6ALSgJYVJFKMjW/Ccj/MTLFcZbmIrkwKpf8a82YQ+/4CO
zKiMvPIBiv9ZeyuE14xBBVUscmWERb8YbRe+cQucxA66E6+P86vsQVEDCXo2tkS+
HD3xiozVpA8dbs9j1NucZENY9a4uKdW2Nmn4a3bKHW9kjTDSGL1Iqc3uftJHn8sD
GPDp3IzPMlYIXUGWs7A11YB9demCbTjBHN6CF4DzI6J2G6iekKnlEkKvB+2P4q/7
6bg578A1lSPAUswOj7i9tXbbytmu0TCN7xvck1WTpzomgAES
-----END CERTIFICATE-----