Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          rLjo8nOQS6ddmT3A/az0/jYnOkgK7MC2nCgirK8bhSs=
Subject key identifier:   96:DA:5A:FB:47:D8:E3:49:22:EE:68:1C:29:FC:FB:14:91:4D:C0:30
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       3A792B1FA561AA116E2FBA27C0D567E8F4F966DE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa
Signing time:             Mon 13 Oct 2025 07:27:41 +0000
ROA not before:           Mon 13 Oct 2025 07:22:41 +0000
ROA not after:            Mon 12 Oct 2026 07:27:41 +0000
asID:                     395374
IP address blocks:        82.22.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 05:35:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3a:79:2b:1f:a5:61:aa:11:6e:2f:ba:27:c0:d5:67:e8:f4:f9:66:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Oct 13 07:22:41 2025 GMT
            Not After : Oct 12 07:27:41 2026 GMT
        Subject: CN=96DA5AFB47D8E34922EE681C29FCFB14914DC030
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c1:fd:07:f9:e9:7b:2c:f3:ad:fa:23:ec:e8:
                    46:ff:36:6d:10:01:71:b2:b2:dd:c7:bf:df:cc:da:
                    78:1f:3d:18:19:cf:0f:b8:27:2e:9c:ec:88:9f:63:
                    c7:d0:02:12:c7:97:19:d1:91:ae:09:a2:63:4e:d8:
                    e4:f2:a3:18:fe:73:72:2e:79:32:27:7a:5d:c0:5c:
                    7d:70:9b:ab:75:0d:65:f0:11:f8:13:60:63:8c:45:
                    ea:8d:91:d8:72:e1:0c:0b:80:34:94:97:85:8e:9a:
                    60:77:b7:10:31:aa:fa:77:cf:f4:ba:25:70:b4:bb:
                    c8:44:4f:c9:8d:47:6a:09:e1:f1:aa:e4:89:8d:0e:
                    b6:d3:ba:67:70:04:b6:c2:42:aa:0f:9d:0f:7c:e7:
                    1e:07:b5:d1:b4:ec:60:8c:48:7a:cc:1c:f2:c6:d1:
                    1f:e6:53:4a:27:09:1d:00:bf:6b:a5:66:2b:0b:c9:
                    79:71:ae:17:8e:80:64:f9:07:18:8f:6f:d5:6d:d7:
                    2c:db:81:aa:c8:b4:1c:6a:c1:7f:db:c5:98:58:ab:
                    be:ac:a6:e2:11:19:3b:f3:2c:fc:ef:26:2e:2e:29:
                    36:8d:fa:9d:9e:b5:6c:a5:18:e7:63:52:9b:e9:97:
                    9f:57:35:22:1e:bb:83:24:0d:4c:fb:61:b4:07:e8:
                    98:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DA:5A:FB:47:D8:E3:49:22:EE:68:1C:29:FC:FB:14:91:4D:C0:30
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:d0:a9:9b:ed:ad:16:8f:57:93:2d:0d:12:be:4e:e1:b0:07:
         02:69:9f:d0:ff:6a:ec:45:3f:ab:0a:7e:f3:33:82:c3:1f:66:
         db:99:d6:97:51:dc:ca:1c:df:4d:07:9e:c4:79:ff:0d:4f:c7:
         cd:11:b6:97:9b:ac:e2:61:7b:23:8c:b1:50:14:68:94:8e:65:
         27:ec:f2:b6:cd:33:9a:5e:ee:08:68:b0:c4:d5:68:e3:53:4c:
         fb:61:aa:e0:e0:14:1f:0d:8b:14:a6:33:b0:33:6a:df:0d:cb:
         11:20:0a:a6:55:51:43:5c:61:ff:3e:9e:de:ff:dd:df:1a:71:
         b0:9d:6b:cc:e1:18:cc:d2:e2:fa:05:bb:d9:5b:9b:6f:e1:76:
         9d:f8:61:d8:cf:e5:c3:74:d3:a4:76:6a:c7:a2:2a:eb:1d:42:
         d1:7b:0f:36:06:1b:b7:a0:b6:de:7a:78:9e:7f:59:71:0c:2d:
         b2:56:87:0a:0d:e9:c4:aa:c7:61:03:7a:a5:ff:40:9b:b9:8d:
         3b:51:3c:4b:2d:a0:ca:ef:b2:53:bb:ff:61:66:6d:90:ed:ed:
         90:72:cc:84:bb:3f:77:3e:b0:a3:c9:00:a4:cd:53:61:b8:ac:
         bb:56:42:6b:0d:ed:fe:9f:ac:e0:b3:7d:db:61:bc:0d:73:22:
         05:f7:67:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUOnkrH6VhqhFuL7onwNVn6PT5Zt4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTEwMTMwNzIyNDFaFw0yNjEwMTIwNzI3NDFaMDMxMTAvBgNV
BAMTKDk2REE1QUZCNDdEOEUzNDkyMkVFNjgxQzI5RkNGQjE0OTE0REMwMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDawf0H+el7LPOt+iPs6Eb/Nm0Q
AXGyst3Hv9/M2ngfPRgZzw+4Jy6c7IifY8fQAhLHlxnRka4JomNO2OTyoxj+c3Iu
eTInel3AXH1wm6t1DWXwEfgTYGOMReqNkdhy4QwLgDSUl4WOmmB3txAxqvp3z/S6
JXC0u8hET8mNR2oJ4fGq5ImNDrbTumdwBLbCQqoPnQ985x4HtdG07GCMSHrMHPLG
0R/mU0onCR0Av2ulZisLyXlxrheOgGT5BxiPb9Vt1yzbgarItBxqwX/bxZhYq76s
puIRGTvzLPzvJi4uKTaN+p2etWylGOdjUpvpl59XNSIeu4MkDUz7YbQH6JjPAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUltpa+0fY40ki7mgcKfz7FJFNwDAwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUhYx
MA0GCSqGSIb3DQEBCwUAA4IBAQAE0Kmb7a0Wj1eTLQ0Svk7hsAcCaZ/Q/2rsRT+r
Cn7zM4LDH2bbmdaXUdzKHN9NB57Eef8NT8fNEbaXm6ziYXsjjLFQFGiUjmUn7PK2
zTOaXu4IaLDE1WjjU0z7Yarg4BQfDYsUpjOwM2rfDcsRIAqmVVFDXGH/Pp7e/93f
GnGwnWvM4RjM0uL6BbvZW5tv4Xad+GHYz+XDdNOkdmrHoirrHULRew82Bhu3oLbe
enief1lxDC2yVocKDenEqsdhA3ql/0CbuY07UTxLLaDK77JTu/9hZm2Q7e2QcsyE
uz93PrCjyQCkzVNhuKy7VkJrDe3+n6zgs33bYbwNcyIF92f6
-----END CERTIFICATE-----