Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          Is4GKuL35OylhrMXVtcY4/A8TcB7I/BysPDGVHbfQnU=
Subject key identifier:   1D:28:0C:8B:88:C3:EE:83:7A:BB:80:F3:46:6D:D2:D0:F8:DB:A3:68
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       5DFB881B8A954E93DF52D71C66DF7A248AFF425C
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa
Signing time:             Tue 24 Mar 2026 13:17:47 +0000
ROA not before:           Tue 24 Mar 2026 13:12:47 +0000
ROA not after:            Tue 23 Mar 2027 13:17:47 +0000
asID:                     395374
IP address blocks:        178.83.69.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:fb:88:1b:8a:95:4e:93:df:52:d7:1c:66:df:7a:24:8a:ff:42:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Mar 24 13:12:47 2026 GMT
            Not After : Mar 23 13:17:47 2027 GMT
        Subject: CN=1D280C8B88C3EE837ABB80F3466DD2D0F8DBA368
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:d6:20:6a:7c:01:38:a9:4f:c6:03:d0:c0:0f:
                    46:3e:9e:d1:52:50:ed:99:13:53:ab:74:76:5a:8f:
                    5b:9f:c4:f1:8d:fa:0a:79:85:b2:0d:9a:bc:36:d3:
                    d2:3f:57:7c:5a:ad:c4:0b:49:4b:ee:60:1b:34:4b:
                    93:76:f7:b7:32:d4:72:93:14:af:fc:f0:1b:02:2a:
                    a2:b1:0a:10:9e:3d:99:6a:9a:2d:b0:ff:cd:cc:76:
                    d0:26:46:cd:e2:05:7f:a0:b0:30:f3:73:86:0e:95:
                    66:d7:e8:09:08:93:d9:87:42:90:13:29:17:3c:f3:
                    7a:53:1f:da:81:c6:90:d7:2a:4c:2e:06:69:f8:5b:
                    25:53:6f:6e:96:f4:b0:b6:f5:6a:92:73:c3:b5:d6:
                    cf:c0:39:fe:1e:fd:91:0a:04:e7:05:9b:32:3f:3b:
                    3d:a3:bc:00:3c:9f:52:b0:f7:47:de:3d:ef:d4:d4:
                    2e:ea:c3:5b:df:18:aa:e6:6b:62:45:a7:8f:60:4c:
                    e4:4e:ad:37:07:04:39:65:09:77:98:4b:e5:fa:79:
                    00:45:e5:79:00:ef:9b:22:b0:e8:a5:8d:55:5c:06:
                    e1:4f:f3:f0:d3:ad:3c:c4:26:88:7f:0c:e2:70:43:
                    cc:96:fa:c2:69:85:13:aa:6b:a2:7b:fb:3e:cc:18:
                    43:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:28:0C:8B:88:C3:EE:83:7A:BB:80:F3:46:6D:D2:D0:F8:DB:A3:68
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.83.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:7d:4f:33:b4:bd:6f:7b:55:88:05:97:9e:6f:a6:e5:de:12:
         6a:10:1c:3f:f5:bb:c0:41:8d:31:36:78:2e:c5:b3:86:6c:f5:
         60:63:ee:c4:15:d2:29:7a:bd:3b:4d:67:b5:88:96:6c:d8:0e:
         88:d8:a6:7c:a8:90:1a:a6:24:36:49:a5:19:75:26:e4:28:b3:
         92:34:83:80:a6:85:df:a4:0f:c4:d3:f3:86:b7:f2:47:98:3a:
         b5:1b:34:a7:e8:22:fc:bd:44:23:b3:1e:2e:a6:23:de:cf:4d:
         aa:b0:2a:79:a5:90:eb:94:a1:75:5c:27:10:3b:92:90:d1:79:
         be:86:01:3d:e3:66:68:8a:c9:3d:34:f3:5d:96:45:de:8d:ff:
         e1:08:9f:83:1f:34:e3:7e:b8:87:2d:1a:ff:6c:7e:35:b3:8f:
         1c:73:89:bc:0f:b3:77:bf:f2:19:c5:a9:e9:6f:38:99:c0:85:
         56:1d:04:0d:39:01:e8:19:11:cc:72:61:d6:24:46:0b:94:63:
         b0:86:3e:88:32:4d:67:68:83:65:c3:56:8a:a7:87:d9:65:02:
         03:3c:4b:c8:ae:a5:5d:72:e6:b2:ce:12:80:af:4d:71:5a:3e:
         85:27:dc:d7:e9:97:a8:4d:c7:d8:d8:14:da:b4:3a:e6:da:7c:
         57:af:6d:8e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXfuIG4qVTpPfUtccZt96JIr/QlwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjAzMjQxMzEyNDdaFw0yNzAzMjMxMzE3NDdaMDMxMTAvBgNV
BAMTKDFEMjgwQzhCODhDM0VFODM3QUJCODBGMzQ2NkREMkQwRjhEQkEzNjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi1iBqfAE4qU/GA9DAD0Y+ntFS
UO2ZE1OrdHZaj1ufxPGN+gp5hbINmrw209I/V3xarcQLSUvuYBs0S5N297cy1HKT
FK/88BsCKqKxChCePZlqmi2w/83MdtAmRs3iBX+gsDDzc4YOlWbX6AkIk9mHQpAT
KRc883pTH9qBxpDXKkwuBmn4WyVTb26W9LC29WqSc8O11s/AOf4e/ZEKBOcFmzI/
Oz2jvAA8n1Kw90fePe/U1C7qw1vfGKrma2JFp49gTOROrTcHBDllCXeYS+X6eQBF
5XkA75sisOiljVVcBuFP8/DTrTzEJoh/DOJwQ8yW+sJphROqa6J7+z7MGEOXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUHSgMi4jD7oN6u4DzRm3S0Pjbo2gwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslNF
MA0GCSqGSIb3DQEBCwUAA4IBAQCZfU8ztL1ve1WIBZeeb6bl3hJqEBw/9bvAQY0x
NnguxbOGbPVgY+7EFdIper07TWe1iJZs2A6I2KZ8qJAapiQ2SaUZdSbkKLOSNIOA
poXfpA/E0/OGt/JHmDq1GzSn6CL8vUQjsx4upiPez02qsCp5pZDrlKF1XCcQO5KQ
0Xm+hgE942Zoisk9NPNdlkXejf/hCJ+DHzTjfriHLRr/bH41s48cc4m8D7N3v/IZ
xanpbziZwIVWHQQNOQHoGRHMcmHWJEYLlGOwhj6IMk1naINlw1aKp4fZZQIDPEvI
rqVdcuayzhKAr01xWj6FJ9zX6ZeoTcfY2BTatDrm2nxXr22O
-----END CERTIFICATE-----