Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          3nRnZwGZkKlHOjGJ7RaZazKhLsnb8sjh9DL9vwWC+Pw=
Subject key identifier:   33:AF:9C:D1:3A:9D:96:28:B2:58:42:50:97:3D:14:4F:9C:66:03:14
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       790A77ECE64C85C7A0819ACAE846D7291270BB13
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
Signing time:             Thu 11 Sep 2025 00:09:09 +0000
ROA not before:           Thu 11 Sep 2025 00:04:09 +0000
ROA not after:            Thu 10 Sep 2026 00:09:09 +0000
asID:                     393942
IP address blocks:        82.29.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            79:0a:77:ec:e6:4c:85:c7:a0:81:9a:ca:e8:46:d7:29:12:70:bb:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Sep 11 00:04:09 2025 GMT
            Not After : Sep 10 00:09:09 2026 GMT
        Subject: CN=33AF9CD13A9D9628B2584250973D144F9C660314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:68:81:1d:47:83:ee:d2:9c:3c:a6:80:bc:a9:
                    39:a0:0b:5e:99:9b:25:92:bb:f6:12:45:8d:73:cb:
                    22:bf:57:dd:a2:f7:42:3c:c6:25:3e:f9:8d:52:99:
                    af:fb:92:e7:f1:6d:b4:5a:59:92:fe:ac:e3:dd:84:
                    8e:e9:1b:89:eb:34:f9:d7:06:72:6b:71:eb:67:ff:
                    8b:1e:d2:78:e4:e1:d2:2f:e0:51:2b:e1:9f:d3:6a:
                    9c:40:63:0c:30:f7:09:e9:1e:99:77:c4:3e:c1:b8:
                    af:df:0d:64:3e:69:a3:4e:77:c2:cf:23:6f:f1:1a:
                    1b:d5:22:b8:7e:36:58:79:b0:c7:02:22:5f:06:c6:
                    92:7f:17:91:eb:60:b0:df:50:ae:92:44:aa:2c:e7:
                    60:d7:3c:9f:61:1e:36:e7:67:db:64:16:b3:12:3b:
                    5a:c0:0b:1e:e3:0a:cc:5b:1c:7c:c3:d3:a8:b5:98:
                    62:07:7f:51:51:e0:83:0a:f3:a1:b2:65:d1:01:a7:
                    7e:a4:56:5d:37:12:83:8f:9d:2b:9a:4a:5a:80:48:
                    e3:cb:82:47:c0:33:de:91:09:94:93:09:ea:bb:57:
                    4f:89:e4:5a:a2:c8:2b:19:1b:bc:43:60:0c:90:b6:
                    36:31:cf:51:05:db:d9:7e:fc:db:8d:5c:97:b6:31:
                    66:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:AF:9C:D1:3A:9D:96:28:B2:58:42:50:97:3D:14:4F:9C:66:03:14
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:56:28:bf:33:25:b0:a2:83:81:fb:51:7f:f3:5d:20:28:15:
         ec:33:ab:21:f7:11:2e:13:ed:3c:22:73:bc:6b:af:00:20:d7:
         a8:55:36:5f:ee:8e:78:63:cb:91:d9:3b:c2:00:b5:e7:f0:d6:
         c7:51:ab:7e:50:4b:59:97:bc:c6:80:c5:41:17:c0:ab:fb:c2:
         92:78:13:9e:87:a8:7a:df:72:06:d5:d2:56:66:46:c8:47:8d:
         a0:6b:e6:40:45:80:d3:e9:da:0c:42:88:3e:dc:97:a6:f8:8a:
         c7:fe:13:df:5a:fc:30:5f:85:b1:fa:07:99:e2:d7:d4:b3:1a:
         22:28:1e:c3:00:9d:e8:37:c4:20:67:80:80:1b:ce:40:32:a8:
         87:24:a7:5d:bf:e8:ab:50:34:0e:07:3a:46:c9:c6:4d:4d:09:
         32:fe:99:f9:34:86:38:6f:29:f7:d1:26:4f:7e:9a:f1:c5:f3:
         64:09:39:6b:64:5e:e9:d0:f3:81:0a:d3:78:4f:95:d0:fd:96:
         95:52:40:42:87:d9:5f:3f:2b:e1:cb:89:a4:d3:00:23:73:c2:
         fb:f5:76:10:05:13:70:fd:b2:3a:f6:fe:46:f6:8c:1d:2b:d3:
         e7:f3:a6:90:0f:c6:10:23:eb:a4:55:ba:fc:b9:9b:d7:ea:56:
         1a:7a:fe:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUeQp37OZMhceggZrK6EbXKRJwuxMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTA5MTEwMDA0MDlaFw0yNjA5MTAwMDA5MDlaMDMxMTAvBgNV
BAMTKDMzQUY5Q0QxM0E5RDk2MjhCMjU4NDI1MDk3M0QxNDRGOUM2NjAzMTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvaIEdR4Pu0pw8poC8qTmgC16Z
myWSu/YSRY1zyyK/V92i90I8xiU++Y1Sma/7kufxbbRaWZL+rOPdhI7pG4nrNPnX
BnJrcetn/4se0njk4dIv4FEr4Z/TapxAYwww9wnpHpl3xD7BuK/fDWQ+aaNOd8LP
I2/xGhvVIrh+Nlh5sMcCIl8GxpJ/F5HrYLDfUK6SRKos52DXPJ9hHjbnZ9tkFrMS
O1rACx7jCsxbHHzD06i1mGIHf1FR4IMK86GyZdEBp36kVl03EoOPnSuaSlqASOPL
gkfAM96RCZSTCeq7V0+J5FqiyCsZG7xDYAyQtjYxz1EF29l+/NuNXJe2MWZFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUM6+c0TqdliiyWEJQlz0UT5xmAxQwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh1f
MA0GCSqGSIb3DQEBCwUAA4IBAQBTVii/MyWwooOB+1F/810gKBXsM6sh9xEuE+08
InO8a68AINeoVTZf7o54Y8uR2TvCALXn8NbHUat+UEtZl7zGgMVBF8Cr+8KSeBOe
h6h633IG1dJWZkbIR42ga+ZARYDT6doMQog+3Jem+IrH/hPfWvwwX4Wx+geZ4tfU
sxoiKB7DAJ3oN8QgZ4CAG85AMqiHJKddv+irUDQOBzpGycZNTQky/pn5NIY4byn3
0SZPfprxxfNkCTlrZF7p0POBCtN4T5XQ/ZaVUkBCh9lfPyvhy4mk0wAjc8L79XYQ
BRNw/bI69v5G9owdK9Pn86aQD8YQI+ukVbr8uZvX6lYaev5V
-----END CERTIFICATE-----