Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396120.roa
File:                     AS396120.roa (raw, json)
Hash identifier:          xT6ctrLMEGj/eYCX71xRh5f4quopyhCqLu9ml+6DZXM=
Subject key identifier:   59:C1:3D:0F:EA:D2:77:D0:47:D3:43:40:B7:55:73:F2:5B:07:99:D1
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       12966BB60F645835E5FB6B68455F68E04909FBE7
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396120.roa
Signing time:             Fri 01 May 2026 04:00:58 +0000
ROA not before:           Fri 01 May 2026 03:55:58 +0000
ROA not after:            Fri 30 Apr 2027 04:00:58 +0000
asID:                     396120
IP address blocks:        82.29.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            12:96:6b:b6:0f:64:58:35:e5:fb:6b:68:45:5f:68:e0:49:09:fb:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: May  1 03:55:58 2026 GMT
            Not After : Apr 30 04:00:58 2027 GMT
        Subject: CN=59C13D0FEAD277D047D34340B75573F25B0799D1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:42:b8:e5:88:bf:08:57:d4:95:2a:39:3e:16:
                    88:cb:e2:bb:2b:a3:56:e9:f0:3f:37:20:74:03:ff:
                    de:cc:79:29:76:23:45:ae:06:79:54:b0:3f:23:b8:
                    95:ba:93:4f:87:f0:4f:a6:08:f7:8e:ea:22:ee:54:
                    76:15:98:c8:69:84:28:99:39:dc:9d:cd:68:a6:78:
                    bb:56:cf:da:0a:ff:03:f3:d4:7c:a8:ac:96:56:60:
                    ab:d8:fd:a6:c9:2e:9a:35:4f:b9:9b:01:9d:56:d8:
                    4d:ef:69:b3:db:ef:53:66:0d:4c:bf:d8:c9:b0:df:
                    95:c2:5b:b6:01:8e:c9:aa:a4:78:bd:24:c5:ee:c0:
                    b7:4b:ab:dc:c6:b3:e0:c5:4a:6c:3f:21:32:62:fb:
                    fd:cd:8f:c0:49:4b:d2:31:5d:48:b6:08:a9:41:a3:
                    d7:50:43:74:b3:c2:72:c5:c9:db:2a:59:93:4e:3b:
                    27:ee:2c:dc:8d:8f:8f:d4:df:46:3a:4f:f5:ce:49:
                    9b:3d:bd:9f:00:83:ed:f6:5f:bb:d8:79:7a:87:bf:
                    29:f3:84:54:0a:ce:d2:1f:5a:7d:7c:95:5d:de:b1:
                    54:28:b0:f8:86:77:40:58:fc:88:45:17:1a:0a:bc:
                    59:7f:da:3b:76:93:5f:cd:7d:3d:9e:3a:86:c8:1f:
                    e6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:C1:3D:0F:EA:D2:77:D0:47:D3:43:40:B7:55:73:F2:5B:07:99:D1
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS396120.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.29.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f7:89:ed:ce:35:10:cf:16:04:95:ba:3e:e5:16:0b:65:ee:
         11:e7:f9:0f:60:f3:dc:e9:7d:45:3c:48:d1:ab:4a:de:d5:ba:
         04:33:4b:c8:48:96:3d:1d:25:64:3b:82:a6:d6:89:92:b7:bc:
         9f:0b:2a:5f:f3:3d:a5:e4:19:51:f9:68:fc:9d:8c:7e:cb:4f:
         00:30:18:12:72:11:8f:25:9f:48:6b:70:73:bf:89:cd:97:f6:
         0d:e5:9d:ab:10:e0:75:dd:23:e7:ac:bb:3a:cb:67:c1:72:4b:
         7f:09:1a:4c:af:dc:a8:88:0c:db:4c:d5:98:83:ed:cc:c6:83:
         31:ba:d7:89:59:11:d5:e2:26:55:c8:a5:3c:fb:af:a2:c1:82:
         e8:2a:38:70:58:fa:68:08:24:94:27:f0:0e:8f:19:e7:83:5e:
         d6:ee:01:c8:bf:25:e7:d6:46:2f:b6:e3:19:72:be:de:1f:20:
         a4:7e:a5:8c:33:79:8d:6c:2c:22:1f:30:f7:69:e8:d9:08:eb:
         72:a6:e3:4e:c9:d3:ba:7e:f3:40:a4:65:c6:aa:05:25:5c:54:
         ef:00:59:34:ed:66:aa:b8:8e:57:95:16:0f:ba:5f:31:f3:de:
         8e:fd:b0:d2:0f:b1:ad:1b:79:4e:39:9d:50:b7:e7:ec:94:d4:
         d0:76:fd:68
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEpZrtg9kWDXl+2toRV9o4EkJ++cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA1MDEwMzU1NThaFw0yNzA0MzAwNDAwNThaMDMxMTAvBgNV
BAMTKDU5QzEzRDBGRUFEMjc3RDA0N0QzNDM0MEI3NTU3M0YyNUIwNzk5RDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8QrjliL8IV9SVKjk+FojL4rsr
o1bp8D83IHQD/97MeSl2I0WuBnlUsD8juJW6k0+H8E+mCPeO6iLuVHYVmMhphCiZ
OdydzWimeLtWz9oK/wPz1HyorJZWYKvY/abJLpo1T7mbAZ1W2E3vabPb71NmDUy/
2Mmw35XCW7YBjsmqpHi9JMXuwLdLq9zGs+DFSmw/ITJi+/3Nj8BJS9IxXUi2CKlB
o9dQQ3SzwnLFydsqWZNOOyfuLNyNj4/U30Y6T/XOSZs9vZ8Ag+32X7vYeXqHvynz
hFQKztIfWn18lV3esVQosPiGd0BY/IhFFxoKvFl/2jt2k1/NfT2eOobIH+arAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUWcE9D+rSd9BH00NAt1Vz8lsHmdEwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzk2MTIwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUh15
MA0GCSqGSIb3DQEBCwUAA4IBAQBi94ntzjUQzxYElbo+5RYLZe4R5/kPYPPc6X1F
PEjRq0re1boEM0vISJY9HSVkO4Km1omSt7yfCypf8z2l5BlR+Wj8nYx+y08AMBgS
chGPJZ9Ia3Bzv4nNl/YN5Z2rEOB13SPnrLs6y2fBckt/CRpMr9yoiAzbTNWYg+3M
xoMxuteJWRHV4iZVyKU8+6+iwYLoKjhwWPpoCCSUJ/AOjxnng17W7gHIvyXn1kYv
tuMZcr7eHyCkfqWMM3mNbCwiHzD3aejZCOtypuNOydO6fvNApGXGqgUlXFTvAFk0
7WaquI5XlRYPul8x896O/bDSD7GtG3lOOZ1Qt+fslNTQdv1o
-----END CERTIFICATE-----