Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          X4qmMq10fIukOaNaR0mz1U8vABiK7b+7O3m8wD7Zt6s=
Subject key identifier:   23:0B:26:A0:2C:11:06:68:58:E9:18:3E:AA:A2:B8:70:90:16:4E:30
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       26ED05B8813BF2905E0E4FFA881DE42F5CB27C11
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
Signing time:             Fri 27 Jun 2025 09:46:01 +0000
ROA not before:           Fri 27 Jun 2025 09:41:01 +0000
ROA not after:            Fri 26 Jun 2026 09:46:01 +0000
asID:                     393942
IP address blocks:        178.92.117.0/24 maxlen: 24
                          178.92.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:ed:05:b8:81:3b:f2:90:5e:0e:4f:fa:88:1d:e4:2f:5c:b2:7c:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 27 09:41:01 2025 GMT
            Not After : Jun 26 09:46:01 2026 GMT
        Subject: CN=230B26A02C11066858E9183EAAA2B87090164E30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:c1:17:34:58:78:07:1e:3f:13:e3:76:06:f7:
                    2f:19:08:b2:23:10:a4:55:8d:50:23:dd:53:ee:05:
                    bf:05:a2:7f:6d:78:d8:32:11:57:83:8f:e3:c7:a7:
                    04:ee:24:b3:34:e0:30:07:ac:9b:22:da:04:a3:80:
                    7e:2d:7c:16:56:66:1a:c7:45:2c:a4:13:19:41:7c:
                    5e:88:d5:d5:eb:e8:30:bf:fc:0c:af:15:1e:0b:f4:
                    2d:b4:ef:16:6c:97:e7:cc:61:b5:3b:98:1e:b7:fd:
                    c7:a8:b1:45:d1:71:c1:6b:5e:41:ba:f3:d1:64:19:
                    77:ba:0d:45:a2:f8:a6:35:a9:5e:e1:1d:a3:f1:02:
                    a6:25:41:8d:c5:56:94:38:0f:34:c4:b9:18:e5:1b:
                    ac:11:3e:df:b7:e1:c1:82:08:b8:e0:7f:4a:79:d7:
                    09:02:21:11:da:39:be:00:7f:c5:76:c7:ae:75:e1:
                    c1:ce:20:8a:ac:bd:fa:a7:91:bc:d9:70:85:fd:3e:
                    9f:b2:28:66:05:9d:26:e5:99:73:42:e5:6a:be:b3:
                    f5:c7:0d:f3:2d:f4:0a:94:21:80:d1:5d:cd:02:72:
                    0f:9d:03:32:23:bb:b0:8d:56:a6:41:90:28:bb:b2:
                    6a:07:8f:8e:d3:c9:c9:ce:01:f6:28:08:2b:99:c7:
                    3c:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:0B:26:A0:2C:11:06:68:58:E9:18:3E:AA:A2:B8:70:90:16:4E:30
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.117.0/24
                  178.92.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:b9:1b:3e:50:dc:74:f9:79:22:e5:01:d8:f8:55:c5:be:2b:
         27:94:3d:e5:c2:b0:bf:83:3d:86:35:54:26:15:cd:dc:ff:cf:
         91:fc:5c:d4:b8:5e:80:d0:27:76:bd:32:13:72:b9:4d:dc:df:
         02:74:c6:20:13:9a:95:ec:26:41:77:5e:aa:e4:5c:71:dc:81:
         53:40:ee:a0:89:0c:c4:23:dd:b0:65:d8:df:ed:d6:25:ef:a3:
         b2:d6:b7:11:23:25:4a:49:7b:51:a1:f5:a6:15:ea:f3:07:24:
         2b:14:e3:49:c1:c1:0a:c2:2a:cb:74:91:d1:a0:ff:6c:ea:d9:
         65:ae:27:0c:51:1f:c2:5e:0d:58:2a:14:76:ce:a9:c5:90:5e:
         28:ae:55:08:97:15:47:2f:72:23:bc:a6:3b:07:08:83:98:60:
         6a:b5:33:20:63:9f:66:55:7d:0b:24:b5:7d:cc:3a:4e:75:7a:
         04:63:74:62:48:a6:fd:21:ab:12:f5:2f:80:1a:c9:96:04:b0:
         09:1a:96:03:0b:6a:7e:0e:bb:8a:3d:cc:35:e8:e3:00:c0:0c:
         a9:6c:cc:50:91:c4:7a:cb:8b:63:e1:bb:ea:b8:e7:74:51:b8:
         e6:8b:f0:16:23:30:a1:df:9a:ea:62:27:d1:cc:f5:a5:cf:4e:
         2e:b0:43:f8
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUJu0FuIE78pBeDk/6iB3kL1yyfBEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MjcwOTQxMDFaFw0yNjA2MjYwOTQ2MDFaMDMxMTAvBgNV
BAMTKDIzMEIyNkEwMkMxMTA2Njg1OEU5MTgzRUFBQTJCODcwOTAxNjRFMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCKwRc0WHgHHj8T43YG9y8ZCLIj
EKRVjVAj3VPuBb8Fon9teNgyEVeDj+PHpwTuJLM04DAHrJsi2gSjgH4tfBZWZhrH
RSykExlBfF6I1dXr6DC//AyvFR4L9C207xZsl+fMYbU7mB63/ceosUXRccFrXkG6
89FkGXe6DUWi+KY1qV7hHaPxAqYlQY3FVpQ4DzTEuRjlG6wRPt+34cGCCLjgf0p5
1wkCIRHaOb4Af8V2x6514cHOIIqsvfqnkbzZcIX9Pp+yKGYFnSblmXNC5Wq+s/XH
DfMt9AqUIYDRXc0Ccg+dAzIju7CNVqZBkCi7smoHj47TycnOAfYoCCuZxzzDAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUIwsmoCwRBmhY6Rg+qqK4cJAWTjAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAslx1
AwQAslyAMA0GCSqGSIb3DQEBCwUAA4IBAQBFuRs+UNx0+Xki5QHY+FXFvisnlD3l
wrC/gz2GNVQmFc3c/8+R/FzUuF6A0Cd2vTITcrlN3N8CdMYgE5qV7CZBd16q5Fxx
3IFTQO6giQzEI92wZdjf7dYl76Oy1rcRIyVKSXtRofWmFerzByQrFONJwcEKwirL
dJHRoP9s6tllricMUR/CXg1YKhR2zqnFkF4orlUIlxVHL3IjvKY7BwiDmGBqtTMg
Y59mVX0LJLV9zDpOdXoEY3RiSKb9IasS9S+AGsmWBLAJGpYDC2p+DruKPcw16OMA
wAypbMxQkcR6y4tj4bvquOd0Ubjmi/AWIzCh35rqYifRzPWlz04usEP4
-----END CERTIFICATE-----