Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
File:                     AS395470.roa (raw, json)
Hash identifier:          fstmac5sPJ+rtRtkXeUibMpe0XnHY+VkKY8sl6uiqDo=
Subject key identifier:   7E:94:C5:DA:D2:C2:31:D3:57:5B:D3:27:CB:E3:44:7A:3A:FC:80:5E
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       5D167C8E9937877296F93A0B02A80CF0E3F10216
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
Signing time:             Thu 07 May 2026 11:05:27 +0000
ROA not before:           Thu 07 May 2026 11:00:27 +0000
ROA not after:            Thu 06 May 2027 11:05:27 +0000
asID:                     395470
IP address blocks:        46.203.78.0/24 maxlen: 24
                          95.134.31.0/24 maxlen: 24
                          178.94.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:16:7c:8e:99:37:87:72:96:f9:3a:0b:02:a8:0c:f0:e3:f1:02:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  7 11:00:27 2026 GMT
            Not After : May  6 11:05:27 2027 GMT
        Subject: CN=7E94C5DAD2C231D3575BD327CBE3447A3AFC805E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:5a:b2:78:78:cd:3b:43:14:dd:a7:f8:ee:03:
                    56:3e:e3:28:5a:a9:1c:3d:97:a7:18:1b:37:f7:35:
                    cb:9c:a0:39:84:b1:2e:d2:3f:7f:e4:c2:6d:2d:02:
                    21:b5:2d:e6:ed:3f:2d:78:16:2b:e2:5c:73:29:4e:
                    40:66:27:df:9c:72:22:ae:ac:58:c7:4d:5c:ad:0b:
                    36:5e:7f:b9:62:e0:a4:af:1e:d1:5b:d6:81:17:4c:
                    b3:2b:ca:12:9a:93:20:fb:cc:f5:9b:a4:a9:1b:a7:
                    a9:67:64:b1:bf:cd:c4:d0:b6:bb:61:4f:66:04:8c:
                    79:8a:1f:6c:89:d6:a6:3a:ca:7b:d2:7c:1f:1e:05:
                    80:66:ce:2b:6e:61:9f:8a:50:b8:30:ee:4b:91:a3:
                    ee:ca:b4:44:36:95:a0:64:83:23:45:9c:38:4f:2e:
                    02:7f:58:d4:21:52:be:4d:4f:65:f9:41:50:e3:f3:
                    3c:c7:9d:93:da:79:aa:f5:b8:a2:79:59:a2:8d:15:
                    b0:91:b7:16:6e:0c:24:92:4b:b0:18:f1:6e:de:14:
                    27:da:46:57:33:7c:14:15:b7:eb:ce:0a:62:ba:b1:
                    13:59:70:49:a3:f7:a7:76:54:65:5a:7f:55:7d:87:
                    31:65:b9:ba:2a:4d:5e:f9:7a:e9:dd:52:3f:26:03:
                    07:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:94:C5:DA:D2:C2:31:D3:57:5B:D3:27:CB:E3:44:7A:3A:FC:80:5E
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.78.0/24
                  95.134.31.0/24
                  178.94.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:da:ee:e5:0c:91:fa:76:27:59:ab:1b:dc:f7:67:ab:3c:d6:
         01:26:97:47:73:a4:e4:ec:b8:5a:6c:86:27:7d:e5:31:07:f0:
         ab:81:55:d4:d6:ca:82:99:9a:c9:27:65:f7:9e:f5:dd:ea:ba:
         51:08:a9:13:c8:8c:83:a1:38:fd:e6:cb:18:37:d3:51:5b:7c:
         89:cd:78:6a:d9:a6:83:9a:f1:4e:46:4b:21:51:83:f3:a8:0c:
         7f:56:62:f4:4f:e3:24:21:7e:e7:d0:99:6b:dc:00:60:41:f3:
         9d:60:37:97:4a:94:4b:ff:00:c1:c6:86:cc:7c:38:ad:c0:2e:
         d9:97:bf:77:3f:8c:76:9e:96:9f:9c:70:cf:c1:6d:93:85:23:
         d3:c6:f1:ae:92:3f:2f:09:e3:c2:4b:f7:35:a2:2d:a0:5f:2f:
         94:c3:c5:f3:62:c9:08:7d:c2:80:04:70:16:23:6b:d5:e2:84:
         ac:2b:f6:69:c7:66:82:59:6f:e5:69:cf:ce:2b:71:12:36:55:
         73:85:b1:b5:3d:3e:98:a7:e3:0f:15:5a:17:59:34:32:70:71:
         cd:e6:2b:6c:3c:00:79:70:22:e2:62:21:31:48:c3:51:48:08:
         08:6f:a0:f9:e6:e3:c9:69:97:1e:3e:f4:44:9b:03:3d:5c:df:
         fd:77:b9:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUXRZ8jpk3h3KW+ToLAqgM8OPxAhYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MDcxMTAwMjdaFw0yNzA1MDYxMTA1MjdaMDMxMTAvBgNV
BAMTKDdFOTRDNURBRDJDMjMxRDM1NzVCRDMyN0NCRTM0NDdBM0FGQzgwNUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1WrJ4eM07QxTdp/juA1Y+4yha
qRw9l6cYGzf3NcucoDmEsS7SP3/kwm0tAiG1LebtPy14FiviXHMpTkBmJ9+cciKu
rFjHTVytCzZef7li4KSvHtFb1oEXTLMryhKakyD7zPWbpKkbp6lnZLG/zcTQtrth
T2YEjHmKH2yJ1qY6ynvSfB8eBYBmzituYZ+KULgw7kuRo+7KtEQ2laBkgyNFnDhP
LgJ/WNQhUr5NT2X5QVDj8zzHnZPaear1uKJ5WaKNFbCRtxZuDCSSS7AY8W7eFCfa
RlczfBQVt+vOCmK6sRNZcEmj96d2VGVaf1V9hzFluboqTV75eundUj8mAwclAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUfpTF2tLCMdNXW9Mny+NEejr8gF4wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALstO
AwQAX4YfAwQAsl6wMA0GCSqGSIb3DQEBCwUAA4IBAQAr2u7lDJH6didZqxvc92er
PNYBJpdHc6Tk7LhabIYnfeUxB/CrgVXU1sqCmZrJJ2X3nvXd6rpRCKkTyIyDoTj9
5ssYN9NRW3yJzXhq2aaDmvFORkshUYPzqAx/VmL0T+MkIX7n0Jlr3ABgQfOdYDeX
SpRL/wDBxobMfDitwC7Zl793P4x2npafnHDPwW2ThSPTxvGukj8vCePCS/c1oi2g
Xy+Uw8XzYskIfcKABHAWI2vV4oSsK/Zpx2aCWW/lac/OK3ESNlVzhbG1PT6Yp+MP
FVoXWTQycHHN5itsPAB5cCLiYiExSMNRSAgIb6D55uPJaZcePvREmwM9XN/9d7kz
-----END CERTIFICATE-----