Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa
File:                     AS395839.roa (raw, json)
Hash identifier:          ZSa6zxoPN43siuPBmmwrtx4sWam0/mfZ1eTm8sjH2jU=
Subject key identifier:   02:BE:8A:81:12:DC:B3:9D:64:46:03:1F:24:3B:37:EC:2F:C7:94:6E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       58E7A40642F2D60A274F93DFF85B0A69337DE978
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa
Signing time:             Mon 09 Mar 2026 01:46:48 +0000
ROA not before:           Mon 09 Mar 2026 01:41:48 +0000
ROA not after:            Mon 08 Mar 2027 01:46:48 +0000
asID:                     395839
IP address blocks:        191.96.148.0/24 maxlen: 24
                          191.96.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 19:32:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:e7:a4:06:42:f2:d6:0a:27:4f:93:df:f8:5b:0a:69:33:7d:e9:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Mar  9 01:41:48 2026 GMT
            Not After : Mar  8 01:46:48 2027 GMT
        Subject: CN=02BE8A8112DCB39D6446031F243B37EC2FC7946E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:97:3e:fe:95:3f:47:61:db:8c:5b:e9:d2:
                    e7:07:f8:6f:45:6f:f8:0e:cd:61:9c:6d:c3:fe:07:
                    1b:02:e5:2b:5d:81:40:35:ab:a1:06:c7:37:88:fb:
                    b8:5d:0f:b6:5f:cf:fd:9d:a6:81:e3:dd:c0:f8:da:
                    38:63:bd:08:65:85:b6:9c:16:9c:d2:45:a0:c8:c4:
                    e5:0e:5b:4e:c8:04:4c:a0:b5:8d:b0:b4:ff:c5:d1:
                    37:94:a8:eb:67:93:cc:0c:fe:fc:2e:6c:54:5e:9e:
                    dd:f2:68:a8:ed:ca:b2:13:2c:90:c8:af:33:07:62:
                    86:ab:8c:39:d9:59:fc:a0:04:74:e6:a3:3f:e7:74:
                    51:97:a8:19:e3:1e:82:07:f9:a7:bb:00:2e:0c:18:
                    61:f7:fa:72:4a:cf:72:6d:22:d7:a5:94:44:32:39:
                    5b:d9:6d:de:25:98:62:4a:60:28:54:45:33:d1:70:
                    27:7a:02:8e:b5:84:48:3b:15:ea:b4:f0:1b:39:d7:
                    43:f8:fc:ba:f8:3b:28:e9:b7:51:37:17:41:68:97:
                    36:f7:30:b0:5a:27:2f:7c:0a:e5:9b:cd:67:e0:ee:
                    90:3d:a4:5f:de:4d:fb:41:d4:5a:60:67:91:46:97:
                    0c:2e:ac:e1:d7:ae:33:ea:55:1c:c5:0a:5d:43:48:
                    44:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:BE:8A:81:12:DC:B3:9D:64:46:03:1F:24:3B:37:EC:2F:C7:94:6E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.148.0/24
                  191.96.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:85:e3:7f:d3:7f:22:9e:8f:bf:1e:64:e5:bc:14:52:36:a2:
         4c:6b:04:16:6e:c1:3e:5e:ca:f0:e0:db:7e:e3:0b:f2:91:cd:
         51:d5:34:3d:f6:3a:e4:99:fb:65:d8:d5:86:64:86:61:af:61:
         9a:c7:f7:f4:33:2a:a4:a2:76:8d:bb:35:d4:2a:21:68:82:ee:
         fc:b4:39:4c:1d:4f:ea:32:5d:0d:85:ca:0c:28:3f:48:38:b9:
         be:79:39:55:2e:0e:fc:db:e1:c0:a7:26:b7:7c:09:1a:94:df:
         de:87:c4:d5:9f:35:11:10:1d:7f:c2:9a:e7:a1:75:e5:e9:a3:
         3b:34:3b:29:b6:d1:49:e1:78:ba:42:45:8d:80:86:9f:86:39:
         9b:b6:00:5c:85:9d:33:ae:43:5b:36:96:16:c9:4b:f8:30:2d:
         4c:cc:db:86:c8:ca:2d:51:85:01:8c:f2:a9:71:fe:aa:bf:63:
         f1:ee:db:9d:04:a6:0d:0f:79:04:b0:e5:e8:22:16:74:81:c7:
         04:9d:2a:f9:c2:66:33:1c:03:7c:2c:a6:b0:0d:0b:a2:d5:7a:
         ba:76:68:01:96:c8:8a:3b:50:e6:e2:40:c2:64:90:65:68:d4:
         3b:d4:f1:dd:1b:15:20:f2:83:67:c4:73:d9:b9:cd:ee:b7:5a:
         25:12:a0:f3
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWOekBkLy1gonT5Pf+FsKaTN96XgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNjAzMDkwMTQxNDhaFw0yNzAzMDgwMTQ2NDhaMDMxMTAvBgNV
BAMTKDAyQkU4QTgxMTJEQ0IzOUQ2NDQ2MDMxRjI0M0IzN0VDMkZDNzk0NkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1sJc+/pU/R2HbjFvp0ucH+G9F
b/gOzWGcbcP+BxsC5StdgUA1q6EGxzeI+7hdD7Zfz/2dpoHj3cD42jhjvQhlhbac
FpzSRaDIxOUOW07IBEygtY2wtP/F0TeUqOtnk8wM/vwubFRent3yaKjtyrITLJDI
rzMHYoarjDnZWfygBHTmoz/ndFGXqBnjHoIH+ae7AC4MGGH3+nJKz3JtItellEQy
OVvZbd4lmGJKYChURTPRcCd6Ao61hEg7Feq08Bs510P4/Lr4Oyjpt1E3F0Folzb3
MLBaJy98CuWbzWfg7pA9pF/eTftB1FpgZ5FGlwwurOHXrjPqVRzFCl1DSETbAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUAr6KgRLcs51kRgMfJDs37C/HlG4wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk1ODM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2CU
AwQAv2DiMA0GCSqGSIb3DQEBCwUAA4IBAQBBheN/038ino+/HmTlvBRSNqJMawQW
bsE+Xsrw4Nt+4wvykc1R1TQ99jrkmftl2NWGZIZhr2Gax/f0MyqkonaNuzXUKiFo
gu78tDlMHU/qMl0NhcoMKD9IOLm+eTlVLg782+HApya3fAkalN/eh8TVnzUREB1/
wprnoXXl6aM7NDspttFJ4Xi6QkWNgIafhjmbtgBchZ0zrkNbNpYWyUv4MC1MzNuG
yMotUYUBjPKpcf6qv2Px7tudBKYND3kEsOXoIhZ0gccEnSr5wmYzHAN8LKawDQui
1Xq6dmgBlsiKO1Dm4kDCZJBlaNQ71PHdGxUg8oNnxHPZuc3ut1olEqDz
-----END CERTIFICATE-----