Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          xdBqDJH8knTocpIIZUL0qgZqEV55E00DPJO+fl5tsTU=
Subject key identifier:   50:02:EF:50:56:E5:A6:96:51:1A:8C:AE:9B:0B:B8:CF:98:EA:1A:FA
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       4A280448F70D889BFE6401B56A97AC47C4C2AF85
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS395374.roa
Signing time:             Mon 09 Mar 2026 08:22:59 +0000
ROA not before:           Mon 09 Mar 2026 08:17:59 +0000
ROA not after:            Mon 08 Mar 2027 08:22:59 +0000
asID:                     395374
IP address blocks:        213.139.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 10:34:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4a:28:04:48:f7:0d:88:9b:fe:64:01:b5:6a:97:ac:47:c4:c2:af:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Mar  9 08:17:59 2026 GMT
            Not After : Mar  8 08:22:59 2027 GMT
        Subject: CN=5002EF5056E5A696511A8CAE9B0BB8CF98EA1AFA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:83:eb:b7:8f:42:64:cf:f3:0c:22:2f:76:dc:
                    38:29:5a:9b:33:b2:54:31:ac:5d:43:31:eb:31:1d:
                    a6:9f:79:33:0d:6b:e0:d6:45:e0:19:57:61:5a:f4:
                    1e:eb:1f:41:a2:6a:f4:1c:ed:28:b1:22:3e:e1:4c:
                    f3:b1:5c:65:14:3c:0e:85:f7:3c:ad:0e:6f:23:94:
                    e3:32:3d:bf:bd:3a:90:c8:53:b0:0a:11:21:af:0d:
                    d5:37:85:ee:a2:8c:93:be:04:3d:df:df:03:b7:78:
                    1a:67:2a:19:bb:17:a5:d9:a9:23:a7:fd:2c:dc:51:
                    fd:78:84:65:ef:f8:42:a7:11:4d:cc:b1:37:50:4f:
                    7f:6a:3f:13:41:66:58:42:14:00:e4:41:b1:e8:2a:
                    86:a2:cb:66:0e:56:bd:bb:7a:8c:66:7b:dd:8e:df:
                    ae:1c:43:46:4c:ea:30:9e:48:ed:29:fa:63:c9:59:
                    ba:4b:42:7c:83:44:a7:0b:42:63:72:6b:4a:44:2f:
                    59:fc:c0:f2:ea:00:9a:a3:c0:5c:31:98:16:60:10:
                    76:5e:26:d7:3b:6b:67:94:2e:cc:e1:28:de:c0:01:
                    30:40:b7:c8:bb:d9:43:4a:ef:6b:9b:b8:d5:24:b0:
                    02:a9:38:3b:b8:4b:ac:45:6f:a5:97:9d:9f:ad:39:
                    07:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:02:EF:50:56:E5:A6:96:51:1A:8C:AE:9B:0B:B8:CF:98:EA:1A:FA
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.139.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:c9:52:15:e3:0b:fe:f8:8b:8a:0f:c6:4c:c5:5c:b7:18:38:
         fe:b1:cb:71:2a:1d:a0:56:b5:a5:e2:0c:99:23:58:0a:c3:90:
         b7:59:f4:a9:7c:d3:9d:42:fc:b2:70:ac:e2:57:cb:17:d9:f4:
         38:9f:3d:75:8d:37:0d:65:ab:87:7b:47:3c:9f:2b:d2:18:18:
         ff:ee:f8:da:bf:08:97:76:e3:18:ef:d4:ca:a1:9d:60:90:94:
         61:24:6c:00:bb:e4:96:7f:68:26:a0:0d:d9:ab:7e:68:d5:11:
         fe:88:20:5c:5d:e4:54:09:3e:58:6f:4a:60:5b:45:34:52:c3:
         7c:ab:6e:a2:1d:92:9c:74:7b:f1:dd:d3:ae:c9:93:c2:a8:37:
         e2:3f:a3:a8:34:b8:a7:6e:68:1e:0e:7f:c3:c4:f1:10:c9:f8:
         6f:f6:79:fe:12:ca:ee:74:78:ca:54:f8:c6:89:80:55:1e:ef:
         39:72:9d:7c:15:08:f6:d2:62:d8:03:69:6f:4a:d6:dc:72:0e:
         db:f7:00:36:78:e8:6c:66:50:75:ca:9d:49:2d:4e:a5:37:f5:
         9a:58:4d:c6:bd:18:c8:33:36:44:44:56:fd:72:b4:eb:b7:3d:
         8c:d3:a0:db:a2:eb:48:60:9b:22:2e:0d:8b:a1:b7:bf:ad:5f:
         9a:81:49:1d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUSigESPcNiJv+ZAG1apesR8TCr4UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjAzMDkwODE3NTlaFw0yNzAzMDgwODIyNTlaMDMxMTAvBgNV
BAMTKDUwMDJFRjUwNTZFNUE2OTY1MTFBOENBRTlCMEJCOENGOThFQTFBRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXg+u3j0Jkz/MMIi923DgpWpsz
slQxrF1DMesxHaafeTMNa+DWReAZV2Fa9B7rH0GiavQc7SixIj7hTPOxXGUUPA6F
9zytDm8jlOMyPb+9OpDIU7AKESGvDdU3he6ijJO+BD3f3wO3eBpnKhm7F6XZqSOn
/SzcUf14hGXv+EKnEU3MsTdQT39qPxNBZlhCFADkQbHoKoaiy2YOVr27eoxme92O
364cQ0ZM6jCeSO0p+mPJWbpLQnyDRKcLQmNya0pEL1n8wPLqAJqjwFwxmBZgEHZe
Jtc7a2eULszhKN7AATBAt8i72UNK72ubuNUksAKpODu4S6xFb6WXnZ+tOQfHAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUUALvUFblppZRGoyumwu4z5jqGvowHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Yvj
MA0GCSqGSIb3DQEBCwUAA4IBAQCmyVIV4wv++IuKD8ZMxVy3GDj+sctxKh2gVrWl
4gyZI1gKw5C3WfSpfNOdQvyycKziV8sX2fQ4nz11jTcNZauHe0c8nyvSGBj/7vja
vwiXduMY79TKoZ1gkJRhJGwAu+SWf2gmoA3Zq35o1RH+iCBcXeRUCT5Yb0pgW0U0
UsN8q26iHZKcdHvx3dOuyZPCqDfiP6OoNLinbmgeDn/DxPEQyfhv9nn+EsrudHjK
VPjGiYBVHu85cp18FQj20mLYA2lvStbccg7b9wA2eOhsZlB1yp1JLU6lN/WaWE3G
vRjIMzZERFb9crTrtz2M06DboutIYJsiLg2Lobe/rV+agUkd
-----END CERTIFICATE-----