Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa
File:                     AS401322.roa (raw, json)
Hash identifier:          xbWvg32KWvSGPybMPGERVblChZ709b2PRw6fWh17KrQ=
Subject key identifier:   25:F9:AD:D0:C6:2D:2D:DD:E9:85:D8:A0:48:D5:40:EC:64:F5:C9:25
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0C3DA038F501FDAC483C2741478A1720DF5DDDB4
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa
Signing time:             Mon 23 Mar 2026 13:08:23 +0000
ROA not before:           Mon 23 Mar 2026 13:03:23 +0000
ROA not after:            Mon 22 Mar 2027 13:08:23 +0000
asID:                     401322
IP address blocks:        92.113.194.0/24 maxlen: 24
                          178.93.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:3d:a0:38:f5:01:fd:ac:48:3c:27:41:47:8a:17:20:df:5d:dd:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 23 13:03:23 2026 GMT
            Not After : Mar 22 13:08:23 2027 GMT
        Subject: CN=25F9ADD0C62D2DDDE985D8A048D540EC64F5C925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:8e:ed:b6:2d:c4:88:36:e8:fe:77:7d:d1:89:
                    a4:80:8f:af:d9:87:93:d1:a4:2a:61:1a:ef:1d:39:
                    99:44:51:75:e1:a7:5a:5c:f2:69:03:37:4f:2e:f5:
                    e5:1b:60:87:c2:da:79:b4:7f:34:96:8f:18:aa:bb:
                    65:15:a0:b7:ab:b2:75:c6:d8:95:26:39:af:20:2b:
                    da:12:cd:6b:4e:bb:69:62:f8:ba:e9:b8:19:4d:b3:
                    16:e7:01:15:ec:a2:83:f1:13:ae:e9:c0:db:fe:01:
                    c4:be:9d:98:88:13:e8:4d:9a:52:2e:e7:25:de:de:
                    32:6f:85:d9:4d:e3:85:2b:17:3c:18:44:88:1d:d0:
                    46:d8:b1:96:13:b8:d3:3f:59:86:d2:36:b0:61:b3:
                    5b:48:99:f7:a4:ac:0b:0c:e3:8e:f1:0e:f5:b3:9a:
                    50:1e:59:7a:fe:a0:3c:c0:3e:55:c1:07:d0:ab:b7:
                    a5:2c:8d:67:bc:da:89:9c:84:a3:bf:24:7b:a4:ad:
                    8e:38:b6:46:3f:3a:dd:ee:af:86:26:8b:99:61:8e:
                    82:64:62:35:7f:16:a3:ce:e9:2e:ce:43:24:1f:23:
                    1d:9c:2b:bf:8e:7a:06:57:02:88:a4:46:e2:c0:fd:
                    05:6e:dd:0c:e8:ec:96:b1:7f:df:90:08:a0:79:94:
                    29:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:F9:AD:D0:C6:2D:2D:DD:E9:85:D8:A0:48:D5:40:EC:64:F5:C9:25
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.194.0/24
                  178.93.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:72:ab:61:05:ff:d1:6c:4d:ae:df:38:f3:03:d6:8c:72:e9:
         6c:59:04:d3:a6:df:0c:c0:b3:7b:b9:de:5f:f5:3b:d3:bd:18:
         e7:cf:84:6e:a7:a4:9b:29:a1:6c:a8:60:ce:6e:8c:b6:91:23:
         d7:de:3f:2e:7c:3c:8a:c2:36:e9:cc:bb:3d:90:d2:09:e3:39:
         8d:d3:ca:fc:97:ed:af:37:00:f7:81:7b:90:c2:71:fd:93:1f:
         1c:7e:a8:b0:f8:47:3e:49:94:07:f4:ce:d8:56:b1:37:21:8d:
         44:a5:27:6f:bb:9c:79:35:44:4c:31:ee:ed:7e:8d:f3:b7:8f:
         c2:6f:7d:04:7e:33:4f:21:65:a4:1b:6e:e3:c1:26:18:b8:fe:
         50:cc:e9:2b:9f:cc:66:02:39:8f:68:4d:92:9e:89:d0:80:7b:
         a1:f5:54:52:e0:e3:8b:ab:f8:ca:d5:47:dc:96:2a:45:fa:27:
         00:56:04:aa:24:d4:18:54:4e:e6:34:d3:2b:7c:fa:8e:65:e7:
         66:83:b2:96:d8:e2:85:80:2d:47:d8:2b:ec:63:77:99:ef:94:
         49:80:97:11:5c:20:bd:00:d5:2f:e2:bb:26:ff:73:91:d5:25:
         b7:99:78:04:9e:df:3f:59:11:03:33:03:ae:bc:ad:8c:8c:29:
         82:b0:d5:e0
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUDD2gOPUB/axIPCdBR4oXIN9d3bQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMjMxMzAzMjNaFw0yNzAzMjIxMzA4MjNaMDMxMTAvBgNV
BAMTKDI1RjlBREQwQzYyRDJERERFOTg1RDhBMDQ4RDU0MEVDNjRGNUM5MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwju22LcSINuj+d33RiaSAj6/Z
h5PRpCphGu8dOZlEUXXhp1pc8mkDN08u9eUbYIfC2nm0fzSWjxiqu2UVoLersnXG
2JUmOa8gK9oSzWtOu2li+LrpuBlNsxbnARXsooPxE67pwNv+AcS+nZiIE+hNmlIu
5yXe3jJvhdlN44UrFzwYRIgd0EbYsZYTuNM/WYbSNrBhs1tImfekrAsM447xDvWz
mlAeWXr+oDzAPlXBB9Crt6UsjWe82omchKO/JHukrY44tkY/Ot3ur4Ymi5lhjoJk
YjV/FqPO6S7OQyQfIx2cK7+OegZXAoikRuLA/QVu3Qzo7Jaxf9+QCKB5lClrAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUJfmt0MYtLd3phdigSNVA7GT1ySUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAxMzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXHHC
AwQAsl1MMA0GCSqGSIb3DQEBCwUAA4IBAQA/cqthBf/RbE2u3zjzA9aMculsWQTT
pt8MwLN7ud5f9TvTvRjnz4Rup6SbKaFsqGDOboy2kSPX3j8ufDyKwjbpzLs9kNIJ
4zmN08r8l+2vNwD3gXuQwnH9kx8cfqiw+Ec+SZQH9M7YVrE3IY1EpSdvu5x5NURM
Me7tfo3zt4/Cb30EfjNPIWWkG27jwSYYuP5QzOkrn8xmAjmPaE2SnonQgHuh9VRS
4OOLq/jK1UfclipF+icAVgSqJNQYVE7mNNMrfPqOZedmg7KW2OKFgC1H2CvsY3eZ
75RJgJcRXCC9ANUv4rsm/3OR1SW3mXgEnt8/WREDMwOuvK2MjCmCsNXg
-----END CERTIFICATE-----