Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS395793.roa
File:                     AS395793.roa (raw, json)
Hash identifier:          V5JEB7lz8FwA4enu53vGQgB/6Qx37KJCclmB6l2ZUq0=
Subject key identifier:   06:72:A9:87:87:33:1A:E2:5E:99:68:87:76:B5:43:65:B1:64:96:E9
Certificate issuer:       /CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
Certificate serial:       5C010B68338907243A176CC80E2AEA1E3EF24F4E
Authority key identifier: 3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS395793.roa
Signing time:             Tue 30 Sep 2025 10:03:13 +0000
ROA not before:           Tue 30 Sep 2025 09:58:13 +0000
ROA not after:            Tue 29 Sep 2026 10:03:13 +0000
asID:                     395793
IP address blocks:        46.236.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:01:0b:68:33:89:07:24:3a:17:6c:c8:0e:2a:ea:1e:3e:f2:4f:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3feccb17be51ee59ec74d64eed917e221ee28a1b
        Validity
            Not Before: Sep 30 09:58:13 2025 GMT
            Not After : Sep 29 10:03:13 2026 GMT
        Subject: CN=0672A98787331AE25E99688776B54365B16496E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:a8:fa:a6:05:ba:d0:5d:f5:de:b5:65:63:f1:
                    c5:61:cb:5b:f7:51:e8:a2:d6:42:d0:31:b3:20:ba:
                    ba:56:69:f4:dc:b1:4d:a4:66:54:d5:dd:4f:e9:b3:
                    e4:87:e7:f8:d0:03:f3:84:9d:66:08:66:7c:76:28:
                    99:19:76:f0:a9:1d:a0:60:0c:8d:24:d9:59:3c:ea:
                    70:07:a5:c2:98:e1:ed:88:6f:e2:34:b4:1b:23:9f:
                    ad:71:57:19:54:fa:c9:e1:f6:77:68:2e:34:01:e2:
                    6d:63:c3:f0:86:41:e0:90:06:61:07:f5:4e:b3:58:
                    8a:12:b1:ba:e1:18:f5:2c:74:71:b8:15:9a:9a:92:
                    9d:a5:2d:68:e1:92:c7:b8:da:bc:6f:a9:2f:b2:73:
                    e8:fb:7b:dc:ac:c0:59:c0:b2:92:68:9a:08:5a:1a:
                    f6:fe:ac:94:f1:13:54:10:7c:84:75:29:6b:f8:bd:
                    e0:51:fc:ab:c3:ed:1f:a9:df:ce:0a:5a:19:6d:f8:
                    3e:d9:fd:d9:19:6d:fc:7e:ee:ed:20:4e:35:c3:c2:
                    5c:9b:33:e2:9a:c3:02:8b:2e:08:1d:c8:28:af:c6:
                    4e:af:6c:eb:ed:a8:6b:13:f0:45:a5:de:4d:f3:1f:
                    48:ee:98:12:a0:d0:b8:39:4a:69:b6:7a:52:c1:d1:
                    a4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:72:A9:87:87:33:1A:E2:5E:99:68:87:76:B5:43:65:B1:64:96:E9
            X509v3 Authority Key Identifier:
                keyid:3F:EC:CB:17:BE:51:EE:59:EC:74:D6:4E:ED:91:7E:22:1E:E2:8A:1B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/3FECCB17BE51EE59EC74D64EED917E221EE28A1B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P-zLF75R7lnsdNZO7ZF-Ih7iihs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/22db7555-9aa4-4983-9316-73809dd354bc/0/AS395793.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:f0:22:69:4b:92:63:33:1e:59:5f:03:87:fc:3b:50:ba:d5:
         c2:1a:f8:d9:6c:0a:19:0b:15:a1:37:b8:e7:6b:ea:ee:c9:c4:
         50:73:b8:30:88:78:94:17:a8:3e:ad:91:7b:c8:81:51:c0:c4:
         82:b0:b0:b4:50:a4:ae:27:66:06:bb:21:bc:00:44:f2:e5:fd:
         18:2f:82:de:64:05:66:4f:1e:69:56:df:39:41:fb:23:1d:6b:
         23:b9:85:54:5a:2d:7c:aa:44:b6:c3:44:bf:d8:cf:f4:b7:d7:
         37:04:95:a6:49:55:d8:a7:47:db:fe:29:3c:f4:77:60:da:f4:
         55:e0:16:c8:a1:ef:10:e1:25:e1:57:0f:73:14:ae:3c:6a:ba:
         80:a8:82:74:31:05:f9:a6:b3:40:be:54:9b:15:95:d3:13:71:
         a5:ad:68:10:5e:62:39:c8:9a:2e:1b:76:57:d2:e8:ac:04:34:
         57:9b:4e:59:1d:5e:be:33:ab:2f:69:a0:b2:c5:b4:f0:7c:b6:
         68:95:70:fa:d6:bb:99:cd:c7:38:c9:6c:e0:5e:a9:6e:b3:d7:
         46:c9:a5:81:9f:24:a8:d1:32:fb:6c:33:9f:b4:0b:7d:87:35:
         3e:25:5c:09:07:6b:2d:e2:60:d9:13:1b:9f:2b:fe:f7:f1:40:
         7f:dc:09:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXAELaDOJByQ6F2zIDirqHj7yT04wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoM2ZlY2NiMTdiZTUxZWU1OWVjNzRkNjRlZWQ5MTdlMjIx
ZWUyOGExYjAeFw0yNTA5MzAwOTU4MTNaFw0yNjA5MjkxMDAzMTNaMDMxMTAvBgNV
BAMTKDA2NzJBOTg3ODczMzFBRTI1RTk5Njg4Nzc2QjU0MzY1QjE2NDk2RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGqPqmBbrQXfXetWVj8cVhy1v3
Ueii1kLQMbMgurpWafTcsU2kZlTV3U/ps+SH5/jQA/OEnWYIZnx2KJkZdvCpHaBg
DI0k2Vk86nAHpcKY4e2Ib+I0tBsjn61xVxlU+snh9ndoLjQB4m1jw/CGQeCQBmEH
9U6zWIoSsbrhGPUsdHG4FZqakp2lLWjhkse42rxvqS+yc+j7e9yswFnAspJomgha
Gvb+rJTxE1QQfIR1KWv4veBR/KvD7R+p384KWhlt+D7Z/dkZbfx+7u0gTjXDwlyb
M+KawwKLLggdyCivxk6vbOvtqGsT8EWl3k3zH0jumBKg0Lg5Smm2elLB0aTFAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUBnKph4czGuJemWiHdrVDZbFklukwHwYDVR0j
BBgwFoAUP+zLF75R7lnsdNZO7ZF+Ih7iihswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMjJkYjc1NTUtOWFhNC00OTgzLTkzMTYtNzM4MDlkZDM1
NGJjLzAvM0ZFQ0NCMTdCRTUxRUU1OUVDNzRENjRFRUQ5MTdFMjIxRUUyOEExQi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1AtekxGNzVSN2xuc2ROWk83WkYtSWg3
aWlocy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzIyZGI3NTU1LTlhYTQt
NDk4My05MzE2LTczODA5ZGQzNTRiYy8wL0FTMzk1NzkzLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzH
MA0GCSqGSIb3DQEBCwUAA4IBAQCg8CJpS5JjMx5ZXwOH/DtQutXCGvjZbAoZCxWh
N7jna+ruycRQc7gwiHiUF6g+rZF7yIFRwMSCsLC0UKSuJ2YGuyG8AETy5f0YL4Le
ZAVmTx5pVt85QfsjHWsjuYVUWi18qkS2w0S/2M/0t9c3BJWmSVXYp0fb/ik89Hdg
2vRV4BbIoe8Q4SXhVw9zFK48arqAqIJ0MQX5prNAvlSbFZXTE3GlrWgQXmI5yJou
G3ZX0uisBDRXm05ZHV6+M6svaaCyxbTwfLZolXD61ruZzcc4yWzgXqlus9dGyaWB
nySo0TL7bDOftAt9hzU+JVwJB2st4mDZExufK/738UB/3AmG
-----END CERTIFICATE-----