Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa
File:                     AS399073.roa (raw, json)
Hash identifier:          y6CuVGX6hljZoo8dehZGTnyzITmZOEeCCJPZ15NI4qc=
Subject key identifier:   72:DA:D2:C6:36:55:86:A8:41:14:66:65:64:22:B1:BA:BC:7F:EC:46
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       211751767CD54E4C0694C3D4D2D270E3DF171E46
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa
Signing time:             Mon 05 May 2025 05:24:44 +0000
ROA not before:           Mon 05 May 2025 05:19:44 +0000
ROA not after:            Mon 04 May 2026 05:24:44 +0000
asID:                     399073
IP address blocks:        95.135.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 03:37:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:17:51:76:7c:d5:4e:4c:06:94:c3:d4:d2:d2:70:e3:df:17:1e:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  5 05:19:44 2025 GMT
            Not After : May  4 05:24:44 2026 GMT
        Subject: CN=72DAD2C6365586A8411466656422B1BABC7FEC46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:4a:77:29:16:30:c3:64:a3:f9:60:a3:a4:e7:
                    26:23:91:1c:02:3d:61:71:f0:49:33:60:c4:48:cb:
                    12:41:7a:6c:73:01:d1:8e:43:9e:0d:24:2d:7c:0b:
                    2e:40:85:dc:08:6e:7d:4a:30:f6:71:c4:61:41:ea:
                    9d:61:e5:20:16:37:cd:60:01:15:a9:64:ac:aa:7b:
                    61:b3:0e:d1:93:59:31:1f:d1:46:1a:19:5a:fe:b1:
                    15:ad:57:d8:03:2d:75:09:f4:10:7a:16:1c:3b:e2:
                    64:7e:b8:64:86:9c:cd:34:54:c1:a9:dc:df:34:68:
                    ba:df:b9:72:11:7c:60:42:91:4b:fb:80:6f:05:3f:
                    7f:51:65:02:cb:93:7c:4c:d9:b8:36:31:b9:24:ca:
                    00:3b:84:70:e2:a1:24:57:a3:3f:39:e3:ed:c1:7e:
                    87:bf:c6:89:ee:62:fa:3f:e9:d2:4b:ed:4f:23:05:
                    84:9e:60:ec:b1:f9:e0:fb:47:20:33:7c:a9:65:ea:
                    00:85:00:65:f3:f1:19:75:c6:86:16:18:1b:7a:d4:
                    b3:d9:ac:7e:e9:01:dc:0f:f9:50:f3:a0:34:92:0b:
                    63:95:fa:b8:31:0a:f5:08:b8:29:00:d0:20:1d:2a:
                    b6:a6:88:35:65:42:b6:de:4b:74:92:57:b2:ad:ef:
                    a1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DA:D2:C6:36:55:86:A8:41:14:66:65:64:22:B1:BA:BC:7F:EC:46
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS399073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:b6:fa:fe:7e:46:18:66:04:ca:af:86:d1:d4:02:c5:ac:ee:
         fd:69:0a:81:a4:76:c3:d6:69:45:31:8b:77:01:f8:bb:25:cf:
         c1:e3:d5:6f:59:79:c3:74:8d:66:19:4b:93:27:33:41:47:a4:
         ca:63:b5:a0:30:49:13:70:8c:36:25:5f:f9:9e:fb:5c:a0:41:
         57:26:d4:77:d6:41:70:64:05:b8:42:c2:ce:43:b2:a4:d7:a8:
         c3:43:39:61:8c:63:25:9c:ae:b3:67:45:2a:29:71:80:c5:35:
         b4:4a:f2:52:2e:f3:31:7d:90:15:0e:71:c4:81:bf:bc:aa:00:
         ea:19:f6:4b:c5:37:70:aa:f0:36:9f:d6:4c:7b:0d:fe:f3:5d:
         91:61:09:30:65:ef:0d:3d:fa:f6:7e:4b:f5:46:e4:d0:64:ff:
         13:6d:8b:e9:3c:4c:44:ad:c3:be:32:74:a6:3d:bf:13:be:39:
         c3:80:f4:20:26:76:46:c5:3a:f6:a5:e5:71:40:90:55:8c:6a:
         7d:29:6a:38:46:4e:f6:a4:f6:fe:5e:de:c1:82:e7:d4:ba:0b:
         2b:98:bb:f4:4d:95:ac:14:09:61:64:8c:ba:4a:72:40:a0:16:
         b4:79:99:f9:73:58:9b:09:aa:7b:fe:06:33:60:9e:dd:29:5c:
         1e:d6:2d:58
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIRdRdnzVTkwGlMPU0tJw498XHkYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA1MDUwNTE5NDRaFw0yNjA1MDQwNTI0NDRaMDMxMTAvBgNV
BAMTKDcyREFEMkM2MzY1NTg2QTg0MTE0NjY2NTY0MjJCMUJBQkM3RkVDNDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSSncpFjDDZKP5YKOk5yYjkRwC
PWFx8EkzYMRIyxJBemxzAdGOQ54NJC18Cy5AhdwIbn1KMPZxxGFB6p1h5SAWN81g
ARWpZKyqe2GzDtGTWTEf0UYaGVr+sRWtV9gDLXUJ9BB6Fhw74mR+uGSGnM00VMGp
3N80aLrfuXIRfGBCkUv7gG8FP39RZQLLk3xM2bg2MbkkygA7hHDioSRXoz854+3B
foe/xonuYvo/6dJL7U8jBYSeYOyx+eD7RyAzfKll6gCFAGXz8Rl1xoYWGBt61LPZ
rH7pAdwP+VDzoDSSC2OV+rgxCvUIuCkA0CAdKramiDVlQrbeS3SSV7Kt76GZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUctrSxjZVhqhBFGZlZCKxurx/7EYwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk5MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4f2
MA0GCSqGSIb3DQEBCwUAA4IBAQAttvr+fkYYZgTKr4bR1ALFrO79aQqBpHbD1mlF
MYt3Afi7Jc/B49VvWXnDdI1mGUuTJzNBR6TKY7WgMEkTcIw2JV/5nvtcoEFXJtR3
1kFwZAW4QsLOQ7Kk16jDQzlhjGMlnK6zZ0UqKXGAxTW0SvJSLvMxfZAVDnHEgb+8
qgDqGfZLxTdwqvA2n9ZMew3+812RYQkwZe8NPfr2fkv1RuTQZP8TbYvpPExErcO+
MnSmPb8TvjnDgPQgJnZGxTr2peVxQJBVjGp9KWo4Rk72pPb+Xt7BgufUugsrmLv0
TZWsFAlhZIy6SnJAoBa0eZn5c1ibCap7/gYzYJ7dKVwe1i1Y
-----END CERTIFICATE-----