Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa
File:                     AS401322.roa (raw, json)
Hash identifier:          +tXDfF9C3UpkNKHVyXPoL7E3gYVgZak7DjkW9DQh6+c=
Subject key identifier:   62:7F:34:A9:64:DB:D8:51:9C:5F:1D:BB:96:A9:29:10:94:83:C8:D3
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0EF1478EE49C5B09DF63F590554E6B38089B5671
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa
Signing time:             Thu 23 Apr 2026 13:08:20 +0000
ROA not before:           Thu 23 Apr 2026 13:03:20 +0000
ROA not after:            Thu 22 Apr 2027 13:08:20 +0000
asID:                     401322
IP address blocks:        178.93.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:f1:47:8e:e4:9c:5b:09:df:63:f5:90:55:4e:6b:38:08:9b:56:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 23 13:03:20 2026 GMT
            Not After : Apr 22 13:08:20 2027 GMT
        Subject: CN=627F34A964DBD8519C5F1DBB96A929109483C8D3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ae:26:1f:d4:79:c3:80:ed:25:3a:d1:70:8f:
                    bc:67:fb:b1:ce:db:3e:2b:c2:ac:5c:79:28:ef:4a:
                    87:af:f8:5f:17:91:6a:70:1a:5a:bc:9d:0f:11:0d:
                    70:5c:d7:6c:19:b7:41:81:5c:22:be:f2:1a:f5:31:
                    f4:8f:7c:4b:f9:02:7c:7d:25:36:ba:d3:df:25:02:
                    a1:2e:68:1c:32:e3:a6:cc:fb:19:7f:25:32:3e:48:
                    ae:6c:5a:23:87:b4:4e:c6:06:55:4b:28:45:38:d1:
                    42:60:c7:f4:7f:32:26:d9:69:32:2a:4b:6b:40:6b:
                    87:35:5d:cb:a0:b0:db:1d:c1:ce:83:95:70:67:50:
                    b8:8c:a9:b6:28:17:f3:d4:de:55:6d:03:a1:1e:b8:
                    88:27:ee:9c:65:42:0c:f0:22:1d:0b:9f:27:d6:2c:
                    4c:7b:2b:d2:a7:f9:24:28:0c:ea:d6:7e:c8:4e:76:
                    67:a7:49:7e:15:fa:2b:42:de:e5:36:a0:57:27:ef:
                    b9:d6:68:97:38:6e:fc:6e:0d:c2:e8:9d:a9:3a:01:
                    61:e6:95:60:8e:9c:45:d4:c9:0c:2b:01:46:36:cf:
                    98:a0:20:51:bc:7a:9c:be:67:07:b9:28:36:3b:c1:
                    56:48:33:ea:ba:73:5d:92:da:3b:1b:81:37:31:14:
                    ee:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:7F:34:A9:64:DB:D8:51:9C:5F:1D:BB:96:A9:29:10:94:83:C8:D3
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS401322.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:77:1c:f1:a9:a8:67:c4:0c:d4:6f:90:86:39:83:dd:63:91:
         b7:c2:aa:64:b4:29:27:42:c8:ea:e4:a7:07:42:d3:bc:dd:9c:
         45:69:38:eb:f7:1d:06:89:12:c3:aa:1a:9c:64:66:41:22:5c:
         f9:88:21:43:77:73:02:f2:94:71:d7:aa:6f:8f:f2:2e:ab:e5:
         0d:ce:aa:94:bc:17:49:ee:33:8b:4c:9d:33:1e:cb:a8:6d:c5:
         fa:ac:1b:f1:5c:ba:15:e4:00:89:04:02:3b:62:bf:23:2e:33:
         c4:7f:50:96:2a:7a:4d:66:cc:8a:93:03:70:ce:59:f0:84:35:
         9a:39:f0:22:de:14:67:82:0d:2e:09:f9:27:db:87:48:99:4c:
         d2:b2:fd:78:ac:ee:e8:a1:f5:93:5a:15:3c:09:9b:5a:f8:f7:
         f7:6d:c9:4f:68:2d:34:31:75:8c:19:67:57:2a:6e:fc:3f:e8:
         79:e6:be:23:d6:1d:c6:97:72:54:42:c5:39:d5:dc:bc:ff:43:
         2b:ce:f5:b4:09:a1:a0:1a:7b:7a:97:3f:7c:25:32:14:8b:63:
         78:11:2d:c6:e2:05:13:c6:fe:cd:dc:bb:ab:60:a3:9d:f3:f8:
         f8:ed:e6:3d:62:d5:bc:48:02:e6:d5:4a:a6:b1:d5:b0:d2:41:
         02:c4:6b:de
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUDvFHjuScWwnfY/WQVU5rOAibVnEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjMxMzAzMjBaFw0yNzA0MjIxMzA4MjBaMDMxMTAvBgNV
BAMTKDYyN0YzNEE5NjREQkQ4NTE5QzVGMURCQjk2QTkyOTEwOTQ4M0M4RDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMriYf1HnDgO0lOtFwj7xn+7HO
2z4rwqxceSjvSoev+F8XkWpwGlq8nQ8RDXBc12wZt0GBXCK+8hr1MfSPfEv5Anx9
JTa6098lAqEuaBwy46bM+xl/JTI+SK5sWiOHtE7GBlVLKEU40UJgx/R/MibZaTIq
S2tAa4c1XcugsNsdwc6DlXBnULiMqbYoF/PU3lVtA6EeuIgn7pxlQgzwIh0LnyfW
LEx7K9Kn+SQoDOrWfshOdmenSX4V+itC3uU2oFcn77nWaJc4bvxuDcLonak6AWHm
lWCOnEXUyQwrAUY2z5igIFG8epy+Zwe5KDY7wVZIM+q6c12S2jsbgTcxFO4pAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYn80qWTb2FGcXx27lqkpEJSDyNMwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAxMzIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl1M
MA0GCSqGSIb3DQEBCwUAA4IBAQCPdxzxqahnxAzUb5CGOYPdY5G3wqpktCknQsjq
5KcHQtO83ZxFaTjr9x0GiRLDqhqcZGZBIlz5iCFDd3MC8pRx16pvj/Iuq+UNzqqU
vBdJ7jOLTJ0zHsuobcX6rBvxXLoV5ACJBAI7Yr8jLjPEf1CWKnpNZsyKkwNwzlnw
hDWaOfAi3hRngg0uCfkn24dImUzSsv14rO7oofWTWhU8CZta+Pf3bclPaC00MXWM
GWdXKm78P+h55r4j1h3Gl3JUQsU51dy8/0MrzvW0CaGgGnt6lz98JTIUi2N4ES3G
4gUTxv7N3LurYKOd8/j47eY9YtW8SALm1UqmsdWw0kECxGve
-----END CERTIFICATE-----