Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          oN71dbZ1EzgBW2NggpnS+SCEepKTkAfNziJMx8U6pXQ=
Subject key identifier:   10:7D:C4:38:32:0B:0E:71:A5:87:84:0D:0A:49:33:9B:C6:26:2F:CA
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       08BA898A69DF69A69B42C0A4F1DF3E34702172FE
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
Signing time:             Mon 11 May 2026 00:00:17 +0000
ROA not before:           Sun 10 May 2026 23:55:17 +0000
ROA not after:            Mon 10 May 2027 00:00:17 +0000
asID:                     393942
IP address blocks:        95.135.135.0/24 maxlen: 24
                          95.135.179.0/24 maxlen: 24
                          95.135.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:ba:89:8a:69:df:69:a6:9b:42:c0:a4:f1:df:3e:34:70:21:72:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 10 23:55:17 2026 GMT
            Not After : May 10 00:00:17 2027 GMT
        Subject: CN=107DC438320B0E71A587840D0A49339BC6262FCA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:57:b7:4c:45:b3:cf:63:5d:89:25:bd:fc:14:
                    b1:7b:0b:e6:95:45:9c:c7:b7:13:37:05:32:91:8c:
                    4e:0c:f1:cf:5b:c1:8d:91:a7:c5:8c:5f:5b:c1:c2:
                    11:d8:1e:40:e6:4a:33:2a:08:2a:46:6a:a7:2e:b0:
                    a4:5c:77:2d:3c:74:d4:d5:13:b2:1e:44:f9:48:f2:
                    a9:00:36:b5:03:e9:c6:42:7d:39:09:f8:46:d9:c5:
                    bc:16:3a:54:36:bc:f5:f0:46:32:21:7c:7a:b4:ba:
                    8f:b7:a5:ee:0d:7a:88:e3:d4:28:2d:d0:ec:fa:a5:
                    f0:72:cf:f9:e5:36:6a:5b:a3:24:8d:72:91:34:91:
                    98:74:4a:8b:d6:71:ce:e3:81:95:cc:e2:73:f7:18:
                    12:c1:91:a3:3a:7d:e0:e5:f9:b1:09:35:7d:09:c5:
                    34:dd:22:1d:13:c9:aa:a3:b3:8b:e6:33:db:c0:cc:
                    69:92:2a:f6:91:45:60:e9:09:6c:07:a3:e1:e4:33:
                    f6:cd:c3:61:cc:a4:57:8d:51:56:b0:b2:90:e4:71:
                    ea:8c:88:27:4e:a7:9b:cc:d7:be:0c:18:33:8b:74:
                    da:17:ac:41:7a:23:3b:e0:cb:b1:1e:33:5f:20:ce:
                    42:ef:6e:43:4d:94:5b:8a:65:87:09:f4:99:a1:37:
                    14:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7D:C4:38:32:0B:0E:71:A5:87:84:0D:0A:49:33:9B:C6:26:2F:CA
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.135.0/24
                  95.135.179.0/24
                  95.135.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:d2:ad:c9:0c:db:e6:f6:48:32:be:6b:4a:78:cd:33:98:f9:
         fa:db:bc:b7:da:27:df:c8:7e:ac:f6:95:67:9f:ab:1a:a7:a9:
         0d:2a:ab:04:bc:b0:47:69:56:36:8e:84:0a:5c:74:1c:8c:9e:
         50:1c:77:54:a3:31:4e:99:30:1e:ef:16:6e:89:32:6f:96:8f:
         fd:7f:69:5b:db:85:7f:50:0c:b8:a1:f4:c3:df:64:04:1f:fd:
         83:68:8b:c8:56:aa:40:09:9d:64:0d:62:fe:c4:a9:a5:c4:56:
         5e:bb:7f:bf:07:b7:23:07:7e:63:45:5b:b2:4c:41:39:e3:1b:
         2b:34:4e:e3:67:0a:27:9d:39:fd:d5:c0:c4:23:37:5f:5e:3b:
         02:b8:0f:04:0b:28:9e:5f:10:c7:25:22:0e:e9:96:0a:3d:02:
         c6:2a:0b:d0:90:8e:7b:32:2b:8a:c8:3c:f5:df:a3:3e:4b:b7:
         fe:ec:2e:cb:3d:c7:76:07:15:97:a5:5c:ed:ba:b3:7b:9b:6a:
         e9:b9:2b:36:86:3d:54:59:7f:90:66:06:aa:38:c7:4f:e4:2a:
         5a:5a:45:95:e5:b1:24:9a:4f:6b:a1:9a:bd:0d:f0:71:dd:4f:
         d9:2a:69:4f:85:9f:22:10:98:66:2b:5c:6b:fc:a7:e6:4a:f0:
         2d:b0:83:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUCLqJimnfaaabQsCk8d8+NHAhcv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MTAyMzU1MTdaFw0yNzA1MTAwMDAwMTdaMDMxMTAvBgNV
BAMTKDEwN0RDNDM4MzIwQjBFNzFBNTg3ODQwRDBBNDkzMzlCQzYyNjJGQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfV7dMRbPPY12JJb38FLF7C+aV
RZzHtxM3BTKRjE4M8c9bwY2Rp8WMX1vBwhHYHkDmSjMqCCpGaqcusKRcdy08dNTV
E7IeRPlI8qkANrUD6cZCfTkJ+EbZxbwWOlQ2vPXwRjIhfHq0uo+3pe4Neojj1Cgt
0Oz6pfByz/nlNmpboySNcpE0kZh0SovWcc7jgZXM4nP3GBLBkaM6feDl+bEJNX0J
xTTdIh0Tyaqjs4vmM9vAzGmSKvaRRWDpCWwHo+HkM/bNw2HMpFeNUVawspDkceqM
iCdOp5vM174MGDOLdNoXrEF6Izvgy7EeM18gzkLvbkNNlFuKZYcJ9JmhNxQfAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUEH3EODILDnGlh4QNCkkzm8YmL8owHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX4eH
AwQAX4ezAwQAX4fdMA0GCSqGSIb3DQEBCwUAA4IBAQBR0q3JDNvm9kgyvmtKeM0z
mPn627y32iffyH6s9pVnn6sap6kNKqsEvLBHaVY2joQKXHQcjJ5QHHdUozFOmTAe
7xZuiTJvlo/9f2lb24V/UAy4ofTD32QEH/2DaIvIVqpACZ1kDWL+xKmlxFZeu3+/
B7cjB35jRVuyTEE54xsrNE7jZwonnTn91cDEIzdfXjsCuA8ECyieXxDHJSIO6ZYK
PQLGKgvQkI57MiuKyDz136M+S7f+7C7LPcd2BxWXpVzturN7m2rpuSs2hj1UWX+Q
ZgaqOMdP5CpaWkWV5bEkmk9roZq9DfBx3U/ZKmlPhZ8iEJhmK1xr/KfmSvAtsIPy
-----END CERTIFICATE-----