Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          /2Ob8WqqSu+BW0PE4m8OJ9btKK3hcPx+CMJmh8ozgEg=
Subject key identifier:   2F:44:6C:0F:57:42:E1:62:B0:AE:B5:A8:B5:04:DC:9A:BB:FD:1C:2E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       0261C2B83D13953091ABAFA72BF282F1F1460F6A
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395374.roa
Signing time:             Thu 19 Mar 2026 01:19:06 +0000
ROA not before:           Thu 19 Mar 2026 01:14:06 +0000
ROA not after:            Thu 18 Mar 2027 01:19:06 +0000
asID:                     395374
IP address blocks:        181.215.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:18:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            02:61:c2:b8:3d:13:95:30:91:ab:af:a7:2b:f2:82:f1:f1:46:0f:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar 19 01:14:06 2026 GMT
            Not After : Mar 18 01:19:06 2027 GMT
        Subject: CN=2F446C0F5742E162B0AEB5A8B504DC9ABBFD1C2E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:ce:eb:ce:61:b8:d3:98:7d:85:31:83:13:7d:
                    36:93:7c:80:a9:46:59:c3:42:ac:9b:e7:25:42:33:
                    ff:5d:d4:e5:f9:4d:69:44:19:e2:c0:18:33:e3:ed:
                    de:7a:e2:32:4c:a8:58:22:23:76:1a:b8:64:6b:a2:
                    55:f5:76:d4:bd:fc:9d:85:67:51:e0:fd:56:67:02:
                    3e:d2:c4:fa:0e:11:0b:66:fe:77:da:8d:76:22:6f:
                    2d:4a:a9:88:b9:d8:ad:05:a5:cb:80:74:92:e2:a9:
                    b6:b7:03:c3:4e:1f:b6:4d:1b:76:8b:c5:8b:c1:74:
                    63:75:fd:56:d4:03:42:c6:b5:82:30:c5:7f:23:24:
                    1b:84:15:30:63:a2:6e:3b:a2:54:bc:d1:44:63:b6:
                    d1:dc:cb:c3:c0:82:5c:9f:2d:ae:e7:69:78:ca:7c:
                    71:b6:ca:28:3a:11:e9:b7:1a:97:5f:41:f3:01:71:
                    c7:63:36:c1:ba:a8:bf:ba:65:ac:72:02:e4:44:8e:
                    c3:bf:6b:cf:23:6b:47:06:7b:5f:fd:dd:c4:7d:95:
                    7c:e7:1d:ee:f8:82:ed:71:68:cc:6e:f0:fe:cf:f6:
                    cd:78:f2:43:d0:ec:26:35:dd:7e:da:de:6a:3b:f8:
                    c0:64:9d:aa:60:bb:b6:49:3b:10:99:19:4f:88:51:
                    88:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:44:6C:0F:57:42:E1:62:B0:AE:B5:A8:B5:04:DC:9A:BB:FD:1C:2E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  181.215.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:9b:ae:2b:14:56:fe:a3:70:e8:27:b7:d9:1a:c7:52:2f:d5:
         47:19:0c:3f:2f:b0:56:5d:60:c6:67:a3:65:0e:a5:8f:93:48:
         f2:0a:98:65:84:36:86:c3:dd:f0:aa:2e:30:3a:ff:b5:d4:06:
         f8:61:a5:59:ca:9a:ad:8c:31:3f:99:1f:ea:32:21:5e:9f:a7:
         d1:64:9a:16:bf:71:bd:fb:c6:ae:cf:cf:70:6c:ad:32:60:ce:
         60:9c:45:8c:7e:44:31:91:35:b1:47:f0:4f:a0:e8:ad:5f:59:
         16:07:54:91:89:d4:36:a5:6d:c6:9a:3a:90:c9:04:27:df:71:
         9b:2c:d0:57:ef:07:2b:e4:88:a1:36:0b:34:d2:c8:ba:a3:62:
         ec:d7:29:a2:f0:d7:28:ef:06:eb:24:62:f7:30:ee:b3:47:f6:
         f4:25:0a:8a:4a:d8:13:70:31:6e:d4:34:20:91:16:60:7a:24:
         7a:d6:47:d9:7f:2f:f6:c1:8c:46:b5:7a:bb:e9:64:38:7e:1d:
         b2:15:93:31:81:1a:dd:7c:28:e6:45:68:fd:75:e3:07:b0:f9:
         ed:11:b6:47:10:ad:35:51:df:e6:a4:8b:52:87:e1:12:f0:bc:
         eb:e5:df:3a:a4:c5:e4:28:85:f8:f1:b5:ee:a9:17:4a:c0:4e:
         02:50:74:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUAmHCuD0TlTCRq6+nK/KC8fFGD2owDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMTkwMTE0MDZaFw0yNzAzMTgwMTE5MDZaMDMxMTAvBgNV
BAMTKDJGNDQ2QzBGNTc0MkUxNjJCMEFFQjVBOEI1MDREQzlBQkJGRDFDMkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEzuvOYbjTmH2FMYMTfTaTfICp
RlnDQqyb5yVCM/9d1OX5TWlEGeLAGDPj7d564jJMqFgiI3YauGRrolX1dtS9/J2F
Z1Hg/VZnAj7SxPoOEQtm/nfajXYiby1KqYi52K0FpcuAdJLiqba3A8NOH7ZNG3aL
xYvBdGN1/VbUA0LGtYIwxX8jJBuEFTBjom47olS80URjttHcy8PAglyfLa7naXjK
fHG2yig6Eem3GpdfQfMBccdjNsG6qL+6ZaxyAuREjsO/a88ja0cGe1/93cR9lXzn
He74gu1xaMxu8P7P9s148kPQ7CY13X7a3mo7+MBknapgu7ZJOxCZGU+IUYjzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUL0RsD1dC4WKwrrWotQTcmrv9HC4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAtdc4
MA0GCSqGSIb3DQEBCwUAA4IBAQBqm64rFFb+o3DoJ7fZGsdSL9VHGQw/L7BWXWDG
Z6NlDqWPk0jyCphlhDaGw93wqi4wOv+11Ab4YaVZypqtjDE/mR/qMiFen6fRZJoW
v3G9+8auz89wbK0yYM5gnEWMfkQxkTWxR/BPoOitX1kWB1SRidQ2pW3GmjqQyQQn
33GbLNBX7wcr5IihNgs00si6o2Ls1ymi8Nco7wbrJGL3MO6zR/b0JQqKStgTcDFu
1DQgkRZgeiR61kfZfy/2wYxGtXq76WQ4fh2yFZMxgRrdfCjmRWj9deMHsPntEbZH
EK01Ud/mpItSh+ES8Lzr5d86pMXkKIX48bXuqRdKwE4CUHTW
-----END CERTIFICATE-----