Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa
File:                     AS7393.roa (raw, json)
Hash identifier:          5TYtC7tC9pFTxextTZBbDJorE725BxSeUDoS57DnneY=
Subject key identifier:   9D:C4:FE:12:10:A0:2B:E4:A2:E8:93:2A:FA:81:78:A9:93:66:59:F2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7CB789B12135B7EC367DDB0A333F921A6E69B2BE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa
Signing time:             Wed 03 Jun 2026 13:33:46 +0000
ROA not before:           Wed 03 Jun 2026 13:28:46 +0000
ROA not after:            Wed 02 Jun 2027 13:33:46 +0000
asID:                     7393
IP address blocks:        140.150.192.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7c:b7:89:b1:21:35:b7:ec:36:7d:db:0a:33:3f:92:1a:6e:69:b2:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  3 13:28:46 2026 GMT
            Not After : Jun  2 13:33:46 2027 GMT
        Subject: CN=9DC4FE1210A02BE4A2E8932AFA8178A9936659F2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:ef:e0:b3:72:86:73:f1:7e:68:aa:e6:ee:67:
                    d9:d9:a5:da:41:c8:ad:d2:63:38:02:b1:e6:99:a6:
                    ac:63:0b:2d:d4:df:fc:50:b0:33:53:54:4c:42:8b:
                    5a:d3:a8:21:be:d0:c1:6d:47:e1:6f:3a:d1:15:28:
                    b1:b1:ba:46:37:76:0a:65:37:d1:1e:e8:7a:f7:de:
                    ee:c9:24:54:a3:08:2c:f9:2b:61:4b:0d:71:9b:5f:
                    c0:ce:0d:c9:6c:15:7d:97:80:bf:8b:44:cd:e1:bd:
                    cd:8e:7a:07:9f:7d:bd:d3:a3:db:1a:f3:5d:78:6b:
                    f9:a0:97:95:03:25:f1:a2:18:a4:7d:80:fd:63:53:
                    ad:79:54:4f:03:30:db:9d:35:69:82:ab:fa:32:fe:
                    31:42:a2:12:bb:44:39:6c:94:a1:0f:09:f0:34:3a:
                    50:28:54:ff:f4:9d:06:9a:a1:fc:a7:3c:5d:44:47:
                    20:92:4a:ae:da:ea:3b:7b:78:29:3f:f2:b6:b3:b6:
                    49:44:df:05:52:ac:72:40:17:67:db:a2:ec:5d:fc:
                    7d:6f:41:c1:87:b9:a4:32:e2:3d:fc:1c:02:a3:df:
                    c5:4c:24:27:36:5d:e5:18:ac:8d:88:b3:56:7a:47:
                    ce:5a:72:38:a3:3a:c7:22:fa:ac:e6:ba:dc:57:f9:
                    53:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C4:FE:12:10:A0:2B:E4:A2:E8:93:2A:FA:81:78:A9:93:66:59:F2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         76:4e:a9:a1:40:03:12:55:26:d3:50:3e:ae:ed:3c:96:7d:0a:
         f0:23:f2:25:6a:1c:62:2d:13:0d:c9:2c:85:ee:33:a2:82:01:
         3c:91:32:8a:13:f4:3e:45:63:78:1f:0b:8c:01:75:f6:a9:04:
         69:69:b9:10:aa:50:2d:2e:06:bb:ef:f1:fc:64:c9:6b:f1:3b:
         b0:a3:f1:9a:1f:fa:0b:28:25:55:94:1a:d6:4e:c9:0f:cb:b2:
         ed:ca:b9:3f:f5:d6:45:12:e2:3f:88:df:62:8c:cf:eb:d5:94:
         1c:f7:fc:61:86:c2:c7:22:8b:12:50:22:d4:bc:90:52:ba:31:
         97:17:ab:67:b5:55:3f:7f:de:fa:03:28:b1:88:b7:9e:18:42:
         9f:93:ee:16:59:0e:d5:d8:95:66:f1:69:51:14:82:a8:d0:67:
         b5:f0:19:47:c0:79:ce:6c:4b:aa:d8:da:a5:4d:ff:b3:83:55:
         20:18:6c:02:bc:c4:64:9f:b8:ca:79:09:8d:11:0d:65:7f:e7:
         1e:6f:2b:3d:e6:52:9f:2e:6a:1f:85:dc:2c:2c:24:43:ef:07:
         ee:15:38:df:6d:a6:25:10:f6:55:1c:cb:22:96:03:75:b5:ce:
         51:b9:bf:f6:37:3e:35:62:90:4a:86:dd:5b:20:db:8c:1c:11:
         ca:5a:b4:ea
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUfLeJsSE1t+w2fdsKMz+SGm5psr4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDMxMzI4NDZaFw0yNzA2MDIxMzMzNDZaMDMxMTAvBgNV
BAMTKDlEQzRGRTEyMTBBMDJCRTRBMkU4OTMyQUZBODE3OEE5OTM2NjU5RjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ7+CzcoZz8X5oqubuZ9nZpdpB
yK3SYzgCseaZpqxjCy3U3/xQsDNTVExCi1rTqCG+0MFtR+FvOtEVKLGxukY3dgpl
N9Ee6Hr33u7JJFSjCCz5K2FLDXGbX8DODclsFX2XgL+LRM3hvc2Oegeffb3To9sa
8114a/mgl5UDJfGiGKR9gP1jU615VE8DMNudNWmCq/oy/jFCohK7RDlslKEPCfA0
OlAoVP/0nQaaofynPF1ERyCSSq7a6jt7eCk/8raztklE3wVSrHJAF2fbouxd/H1v
QcGHuaQy4j38HAKj38VMJCc2XeUYrI2Is1Z6R85acjijOsci+qzmutxX+VP9AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUncT+EhCgK+Si6JMq+oF4qZNmWfIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzM5My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBYyWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAdk6poUADElUm01A+ru08ln0K8CPyJWocYi0TDcks
he4zooIBPJEyihP0PkVjeB8LjAF19qkEaWm5EKpQLS4Gu+/x/GTJa/E7sKPxmh/6
CyglVZQa1k7JD8uy7cq5P/XWRRLiP4jfYozP69WUHPf8YYbCxyKLElAi1LyQUrox
lxerZ7VVP3/e+gMosYi3nhhCn5PuFlkO1diVZvFpURSCqNBntfAZR8B5zmxLqtja
pU3/s4NVIBhsArzEZJ+4ynkJjRENZX/nHm8rPeZSny5qH4XcLCwkQ+8H7hU4322m
JRD2VRzLIpYDdbXOUbm/9jc+NWKQSobdWyDbjBwRylq06g==
-----END CERTIFICATE-----