Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          NCJJUMAKORxjaCXeXMDHxONby5gx7wO+QSAKTuFJXnI=
Subject key identifier:   02:0D:31:24:45:82:17:97:35:3E:2A:2A:94:01:D3:F9:A8:EC:E3:9E
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       418BD3D8F3AFBF508C57D8331A3959C097FD9104
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
Signing time:             Wed 29 Apr 2026 08:53:33 +0000
ROA not before:           Wed 29 Apr 2026 08:48:33 +0000
ROA not after:            Wed 28 Apr 2027 08:53:33 +0000
asID:                     393942
IP address blocks:        82.47.174.0/24 maxlen: 24
                          178.83.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            41:8b:d3:d8:f3:af:bf:50:8c:57:d8:33:1a:39:59:c0:97:fd:91:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 29 08:48:33 2026 GMT
            Not After : Apr 28 08:53:33 2027 GMT
        Subject: CN=020D312445821797353E2A2A9401D3F9A8ECE39E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:a2:6a:d9:12:57:f1:ad:1d:5e:08:23:56:a3:
                    b4:a8:c9:24:df:75:77:eb:17:6a:c8:05:b1:68:d3:
                    da:35:7b:31:8d:cf:36:26:92:74:78:70:66:80:f5:
                    a4:1e:e4:c7:b1:30:4f:51:5d:f7:91:e3:39:9f:47:
                    a5:7d:44:66:7a:72:67:d9:ba:f3:3e:5a:5f:f3:c6:
                    af:a5:2c:65:96:08:fd:db:d6:6f:58:bf:6f:84:c7:
                    1b:ac:58:64:30:f6:c4:da:c8:24:6b:29:11:31:11:
                    a1:d8:e7:53:bd:24:62:b9:05:28:e3:86:b7:62:3d:
                    f8:09:c4:de:3e:87:6e:7b:c4:b1:fe:c4:8f:e2:d8:
                    63:27:95:49:58:bf:29:45:b9:dd:19:85:bc:ec:75:
                    3a:0c:bc:88:1b:42:68:d0:fb:bc:93:34:a0:d1:6f:
                    e0:34:aa:c9:3e:6a:a1:20:74:97:a1:c8:92:ce:fd:
                    7f:18:7f:66:4c:1b:84:48:08:49:42:cd:85:61:58:
                    02:43:96:bd:86:df:23:ab:12:32:1a:ad:45:b2:f1:
                    91:1b:d2:2e:e9:53:bf:5b:e3:31:9a:58:0b:7b:f8:
                    4c:e0:b7:e2:a0:b4:f9:0d:95:ee:0a:92:3b:fd:10:
                    f5:00:f6:c7:40:0b:f6:ea:53:b9:c2:ed:36:84:d0:
                    8c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:0D:31:24:45:82:17:97:35:3E:2A:2A:94:01:D3:F9:A8:EC:E3:9E
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.47.174.0/24
                  178.83.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:78:7d:47:3a:c1:8f:0f:0d:f4:8f:da:ff:14:66:cb:c0:13:
         fa:94:14:ab:e4:62:d6:92:62:68:24:9d:04:8a:f4:88:df:e5:
         07:28:bc:f6:5e:29:1e:d5:1f:dc:82:1b:97:23:c8:9d:59:68:
         4b:b8:f4:c1:9c:13:88:a0:a1:56:60:cb:a0:c1:e7:18:05:54:
         49:f0:cc:ed:ed:8e:8f:8f:43:ef:df:34:3b:71:04:2b:27:7d:
         ab:00:f7:86:75:d5:fe:e0:f9:5e:1c:e8:96:a7:b8:0d:fd:f5:
         b6:d4:7c:e6:b2:7c:b0:ed:e1:28:9d:10:f7:f9:bd:3c:7b:d6:
         f8:97:0d:ad:6d:5e:9e:21:52:45:08:dd:f6:5c:36:e6:72:70:
         f5:0b:f3:53:03:68:59:08:62:cc:c2:5c:55:5e:a2:65:0c:f2:
         1e:f5:93:13:25:e9:7e:44:f8:f7:8e:6f:0a:83:43:b5:a0:d0:
         36:f0:53:f0:61:3c:b3:eb:55:d6:df:01:d5:41:ce:31:26:34:
         fd:51:04:f2:a6:2f:39:f6:0f:2f:50:dc:aa:af:87:14:23:4d:
         94:b4:13:02:49:98:ff:64:dd:62:3c:58:b1:88:9f:97:b8:41:
         c5:ad:07:47:07:4d:05:89:11:26:d1:fc:11:7d:fd:d2:d6:7f:
         44:a3:fa:cd
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUQYvT2POvv1CMV9gzGjlZwJf9kQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MjkwODQ4MzNaFw0yNzA0MjgwODUzMzNaMDMxMTAvBgNV
BAMTKDAyMEQzMTI0NDU4MjE3OTczNTNFMkEyQTk0MDFEM0Y5QThFQ0UzOUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDvomrZElfxrR1eCCNWo7SoySTf
dXfrF2rIBbFo09o1ezGNzzYmknR4cGaA9aQe5MexME9RXfeR4zmfR6V9RGZ6cmfZ
uvM+Wl/zxq+lLGWWCP3b1m9Yv2+ExxusWGQw9sTayCRrKRExEaHY51O9JGK5BSjj
hrdiPfgJxN4+h257xLH+xI/i2GMnlUlYvylFud0ZhbzsdToMvIgbQmjQ+7yTNKDR
b+A0qsk+aqEgdJehyJLO/X8Yf2ZMG4RICElCzYVhWAJDlr2G3yOrEjIarUWy8ZEb
0i7pU79b4zGaWAt7+Ezgt+KgtPkNle4Kkjv9EPUA9sdAC/bqU7nC7TaE0IxlAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAg0xJEWCF5c1PioqlAHT+ajs454wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUi+u
AwQAslNBMA0GCSqGSIb3DQEBCwUAA4IBAQA8eH1HOsGPDw30j9r/FGbLwBP6lBSr
5GLWkmJoJJ0EivSI3+UHKLz2Xike1R/cghuXI8idWWhLuPTBnBOIoKFWYMugwecY
BVRJ8Mzt7Y6Pj0Pv3zQ7cQQrJ32rAPeGddX+4PleHOiWp7gN/fW21Hzmsnyw7eEo
nRD3+b08e9b4lw2tbV6eIVJFCN32XDbmcnD1C/NTA2hZCGLMwlxVXqJlDPIe9ZMT
Jel+RPj3jm8Kg0O1oNA28FPwYTyz61XW3wHVQc4xJjT9UQTypi859g8vUNyqr4cU
I02UtBMCSZj/ZN1iPFixiJ+XuEHFrQdHB00FiREm0fwRff3S1n9Eo/rN
-----END CERTIFICATE-----