Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          5RNTbtmedNn3y2c9CuSK13zM1IbZydOMYrQP1AXwhqw=
Subject key identifier:   9A:AB:9E:76:2F:5E:88:D2:9B:E6:AC:6E:20:CB:26:E0:78:A4:86:70
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       66DA648CAB8FB579486E979C665E3DAA5302EABE
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395374.roa
Signing time:             Fri 08 May 2026 02:47:11 +0000
ROA not before:           Fri 08 May 2026 02:42:11 +0000
ROA not after:            Fri 07 May 2027 02:47:11 +0000
asID:                     395374
IP address blocks:        194.60.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 08:58:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:da:64:8c:ab:8f:b5:79:48:6e:97:9c:66:5e:3d:aa:53:02:ea:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: May  8 02:42:11 2026 GMT
            Not After : May  7 02:47:11 2027 GMT
        Subject: CN=9AAB9E762F5E88D29BE6AC6E20CB26E078A48670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:22:84:6b:37:fb:0e:41:01:2a:97:82:7b:a1:
                    f2:b2:6b:61:81:44:27:50:ad:31:32:23:c1:eb:92:
                    3d:3d:05:c8:7d:b3:d8:60:fe:39:2a:c4:67:a9:dc:
                    8d:ef:f3:a4:d9:5f:18:5a:39:d1:f3:1a:03:9a:46:
                    29:4e:ed:64:89:20:9b:2a:fa:b6:a7:cc:86:88:f0:
                    fc:a3:d4:83:dc:41:ea:05:df:74:d8:ee:e0:d6:2c:
                    62:d2:ea:b2:c3:ec:c4:69:32:36:1f:b6:45:a1:c2:
                    b8:65:7b:11:71:64:2b:9f:46:24:eb:90:6e:e1:12:
                    d0:26:8a:3d:e9:1d:2c:d7:75:53:bb:4d:3b:bb:c9:
                    3a:93:a6:4e:44:c0:69:c9:f1:fb:a1:39:f7:31:c0:
                    45:a7:c0:57:97:de:38:d8:41:7c:76:d9:bc:97:93:
                    52:ea:c6:0d:5e:36:b0:92:8b:0d:c2:24:75:44:c2:
                    28:26:42:38:b3:4c:f8:a3:fa:a6:8a:91:16:a7:99:
                    db:0f:98:d7:c4:95:8c:77:d3:c2:2a:d2:a0:ce:75:
                    39:1e:89:69:0d:1d:b7:fc:51:c8:8d:5c:6a:8a:be:
                    aa:e7:4b:1e:09:d1:2d:7a:25:aa:31:8c:b1:fd:ee:
                    84:37:9d:60:60:e9:3a:ce:11:c1:5d:95:ac:fc:a3:
                    7d:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:AB:9E:76:2F:5E:88:D2:9B:E6:AC:6E:20:CB:26:E0:78:A4:86:70
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:cf:57:86:f6:3a:21:19:d5:18:11:68:e1:9c:2d:f6:0d:a7:
         2a:de:34:37:43:3d:5b:80:7a:b9:ac:62:ef:af:8a:f9:06:75:
         79:63:94:66:f0:f7:4b:6a:e1:33:78:6f:d3:65:8b:a6:fb:f8:
         a7:de:2e:b2:dc:1e:e0:ba:f8:fe:ee:5e:d7:b5:49:ed:21:bf:
         5b:be:17:5a:54:7e:b6:70:5b:8b:c0:c9:c3:c9:7d:aa:2a:03:
         45:de:d7:a5:52:94:7b:52:f4:bb:2d:10:aa:26:f5:b1:0c:25:
         f8:24:3a:33:fe:1c:fc:2b:71:52:e6:4d:cc:ef:3a:8b:53:be:
         15:2c:7a:9d:74:70:b8:4e:65:24:0d:c3:08:e6:03:a2:7d:4e:
         b0:06:59:e9:5f:e2:d7:c1:fc:fa:08:9c:5a:88:02:e1:33:37:
         61:fb:9e:9b:6a:92:fb:e4:ef:cb:c3:6a:ad:19:7b:85:50:0a:
         0b:38:d2:98:c6:97:9c:19:1d:42:fa:80:c4:50:fd:67:39:2b:
         d9:3f:f5:cd:87:57:e2:25:10:25:3c:0f:4f:a1:21:de:da:5a:
         5d:bd:79:e1:e7:7c:38:db:82:61:b2:d0:92:25:89:51:84:cd:
         0b:62:0c:54:8b:f2:04:84:3d:50:78:7a:db:a4:ff:6f:11:1b:
         82:10:47:5f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUZtpkjKuPtXlIbpecZl49qlMC6r4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA1MDgwMjQyMTFaFw0yNzA1MDcwMjQ3MTFaMDMxMTAvBgNV
BAMTKDlBQUI5RTc2MkY1RTg4RDI5QkU2QUM2RTIwQ0IyNkUwNzhBNDg2NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDxIoRrN/sOQQEql4J7ofKya2GB
RCdQrTEyI8Hrkj09Bch9s9hg/jkqxGep3I3v86TZXxhaOdHzGgOaRilO7WSJIJsq
+ranzIaI8Pyj1IPcQeoF33TY7uDWLGLS6rLD7MRpMjYftkWhwrhlexFxZCufRiTr
kG7hEtAmij3pHSzXdVO7TTu7yTqTpk5EwGnJ8fuhOfcxwEWnwFeX3jjYQXx22byX
k1Lqxg1eNrCSiw3CJHVEwigmQjizTPij+qaKkRanmdsPmNfElYx308Iq0qDOdTke
iWkNHbf8UciNXGqKvqrnSx4J0S16JaoxjLH97oQ3nWBg6TrOEcFdlaz8o33ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmquedi9eiNKb5qxuIMsm4HikhnAwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxc
MA0GCSqGSIb3DQEBCwUAA4IBAQBCz1eG9johGdUYEWjhnC32Dacq3jQ3Qz1bgHq5
rGLvr4r5BnV5Y5Rm8PdLauEzeG/TZYum+/in3i6y3B7guvj+7l7XtUntIb9bvhda
VH62cFuLwMnDyX2qKgNF3telUpR7UvS7LRCqJvWxDCX4JDoz/hz8K3FS5k3M7zqL
U74VLHqddHC4TmUkDcMI5gOifU6wBlnpX+LXwfz6CJxaiALhMzdh+56bapL75O/L
w2qtGXuFUAoLONKYxpecGR1C+oDEUP1nOSvZP/XNh1fiJRAlPA9PoSHe2lpdvXnh
53w424JhstCSJYlRhM0LYgxUi/IEhD1QeHrbpP9vERuCEEdf
-----END CERTIFICATE-----