Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa
File:                     AS399073.roa (raw, json)
Hash identifier:          9zkJH6RM6Lzp5amLwFXT86QTuCoZWSezzJy+okCJ47g=
Subject key identifier:   3F:27:B2:1C:A2:FF:CE:15:78:82:0C:87:8C:1E:97:AE:D8:3A:0D:CB
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       731399CB194BAABA9B71E1706588503EC6610891
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa
Signing time:             Wed 13 Aug 2025 09:26:26 +0000
ROA not before:           Wed 13 Aug 2025 09:21:26 +0000
ROA not after:            Wed 12 Aug 2026 09:26:26 +0000
asID:                     399073
IP address blocks:        95.135.189.0/24 maxlen: 24
                          178.92.53.0/24 maxlen: 24
                          178.93.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:13:99:cb:19:4b:aa:ba:9b:71:e1:70:65:88:50:3e:c6:61:08:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 13 09:21:26 2025 GMT
            Not After : Aug 12 09:26:26 2026 GMT
        Subject: CN=3F27B21CA2FFCE1578820C878C1E97AED83A0DCB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:80:ff:30:72:4b:a3:56:64:a9:f5:a9:3b:d3:
                    fc:93:13:81:c7:6d:37:f1:86:19:31:31:ac:bd:ec:
                    07:cd:67:0e:ee:9c:35:4f:01:9e:ec:44:14:8f:57:
                    fa:4b:cd:9b:10:7a:f8:1a:6e:97:43:d5:df:5f:62:
                    2b:5c:20:10:c0:0f:3f:ab:08:63:47:1a:86:8c:94:
                    8a:3a:7b:73:e4:dd:63:77:86:e4:a9:40:c0:2e:08:
                    70:53:27:1f:d6:14:76:ef:c1:76:79:de:71:0d:ff:
                    1c:e8:df:64:98:41:d3:9c:ba:8b:a5:d1:63:6d:f7:
                    a9:db:e5:f5:42:24:19:0c:e0:8d:b0:0f:dc:f0:4e:
                    27:f6:6b:d9:ba:1c:49:28:e4:08:27:5a:1e:ab:05:
                    f0:02:d5:da:9c:74:54:fd:4d:2d:63:a2:ef:c4:bd:
                    87:59:68:f6:13:20:a0:c5:45:46:29:8f:dd:71:ab:
                    c0:b6:05:54:bc:cd:3c:6f:d4:d9:b2:eb:53:9f:09:
                    e7:60:ae:11:d5:5d:be:9e:0d:6f:f3:45:09:cc:e5:
                    53:df:02:e4:68:bb:61:c2:5a:4f:b0:a7:39:54:a3:
                    7b:bc:09:79:b1:1b:6a:5e:2c:1d:fd:1c:9b:c3:80:
                    2b:d1:32:13:94:a7:bc:d4:9f:21:90:9a:7b:a0:42:
                    0c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:27:B2:1C:A2:FF:CE:15:78:82:0C:87:8C:1E:97:AE:D8:3A:0D:CB
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.189.0/24
                  178.92.53.0/24
                  178.93.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:a6:9c:23:84:9f:c7:7d:e1:00:9f:d3:8c:54:b9:14:98:e9:
         9b:37:91:bf:05:2a:40:38:87:b0:50:e2:4c:e2:9b:fa:0b:96:
         43:94:8c:3d:6f:d9:e2:44:47:ca:e6:8f:1c:7a:c4:28:d0:21:
         99:94:b8:af:db:76:a2:f2:11:7a:13:6d:34:89:8d:c3:e2:1e:
         e7:58:29:25:92:51:7c:b8:67:c5:c8:e9:72:38:20:27:96:2e:
         dc:0f:25:a6:d8:70:7f:0a:14:66:fd:c7:2c:f9:a4:66:8a:6a:
         fb:54:1e:80:10:48:39:6c:22:8a:0c:8a:f3:a7:c4:00:0e:df:
         1c:5d:8a:85:12:ee:e3:86:20:1c:ff:63:a0:36:09:af:e9:bd:
         15:88:2b:4c:70:85:00:60:c3:e7:8d:27:9f:3d:26:7e:ff:68:
         9c:86:99:a9:d9:70:4e:0d:5a:4b:8a:e4:57:e9:92:d7:cb:28:
         4e:e4:b4:37:59:a2:22:f0:80:c7:ef:81:6c:9b:53:0a:83:dc:
         bc:f2:80:49:43:fb:24:6c:fa:76:0e:8d:49:67:62:20:c3:d4:
         4d:60:69:67:ea:ff:04:9c:a9:b3:e4:e4:c7:a3:67:90:70:81:
         71:cb:e3:d9:76:0c:b2:48:c0:ee:a5:4f:b5:c0:90:9f:1b:00:
         4c:0a:86:bb
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUcxOZyxlLqrqbceFwZYhQPsZhCJEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MTMwOTIxMjZaFw0yNjA4MTIwOTI2MjZaMDMxMTAvBgNV
BAMTKDNGMjdCMjFDQTJGRkNFMTU3ODgyMEM4NzhDMUU5N0FFRDgzQTBEQ0IwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrgP8wckujVmSp9ak70/yTE4HH
bTfxhhkxMay97AfNZw7unDVPAZ7sRBSPV/pLzZsQevgabpdD1d9fYitcIBDADz+r
CGNHGoaMlIo6e3Pk3WN3huSpQMAuCHBTJx/WFHbvwXZ53nEN/xzo32SYQdOcuoul
0WNt96nb5fVCJBkM4I2wD9zwTif2a9m6HEko5AgnWh6rBfAC1dqcdFT9TS1jou/E
vYdZaPYTIKDFRUYpj91xq8C2BVS8zTxv1Nmy61OfCedgrhHVXb6eDW/zRQnM5VPf
AuRou2HCWk+wpzlUo3u8CXmxG2peLB39HJvDgCvRMhOUp7zUnyGQmnugQgyNAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUPyeyHKL/zhV4ggyHjB6Xrtg6DcswHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk5MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAX4e9
AwQAslw1AwQAsl0hMA0GCSqGSIb3DQEBCwUAA4IBAQBKppwjhJ/HfeEAn9OMVLkU
mOmbN5G/BSpAOIewUOJM4pv6C5ZDlIw9b9niREfK5o8cesQo0CGZlLiv23ai8hF6
E200iY3D4h7nWCklklF8uGfFyOlyOCAnli7cDyWm2HB/ChRm/ccs+aRmimr7VB6A
EEg5bCKKDIrzp8QADt8cXYqFEu7jhiAc/2OgNgmv6b0ViCtMcIUAYMPnjSefPSZ+
/2ichpmp2XBODVpLiuRX6ZLXyyhO5LQ3WaIi8IDH74Fsm1MKg9y88oBJQ/skbPp2
Do1JZ2Igw9RNYGln6v8EnKmz5OTHo2eQcIFxy+PZdgyySMDupU+1wJCfGwBMCoa7
-----END CERTIFICATE-----