Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          34Dm58+vEp87aAWazFYn6LPxf2PllZv18qraoKfAM/o=
Subject key identifier:   3C:4A:12:F6:A7:AD:A3:78:7D:08:2E:F3:41:EB:F7:2F:14:5D:41:7F
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       29A77901E9C5D626B021B1F461836F178F479D60
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa
Signing time:             Mon 01 Jun 2026 12:26:08 +0000
ROA not before:           Mon 01 Jun 2026 12:21:08 +0000
ROA not after:            Mon 31 May 2027 12:26:08 +0000
asID:                     393942
IP address blocks:        84.75.11.0/24 maxlen: 24
                          178.83.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 15:55:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:a7:79:01:e9:c5:d6:26:b0:21:b1:f4:61:83:6f:17:8f:47:9d:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jun  1 12:21:08 2026 GMT
            Not After : May 31 12:26:08 2027 GMT
        Subject: CN=3C4A12F6A7ADA3787D082EF341EBF72F145D417F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:34:26:ae:5d:ac:5d:12:cf:ba:ad:98:d2:a6:
                    b1:54:70:22:38:c3:80:44:f3:3e:df:9d:40:fe:78:
                    42:19:74:92:20:57:fd:bd:e2:01:fc:c5:2d:a6:4c:
                    b2:d5:bd:e6:cf:c2:6d:0f:b5:50:b6:80:3f:c1:42:
                    61:27:2a:27:46:f9:6a:9e:be:8d:1c:70:5f:43:7b:
                    6b:f1:f5:42:c5:c4:dc:21:ed:d9:6d:04:2b:9f:35:
                    18:ed:e5:24:c4:df:ae:bc:07:ca:ca:23:16:01:9c:
                    af:19:d2:2c:f6:94:54:bb:ff:6b:9d:4b:ec:d2:12:
                    0d:f5:e2:7b:11:c3:08:40:1f:e5:b8:1c:3e:7b:5c:
                    24:49:19:f6:41:95:74:41:e1:5c:7f:de:c9:6c:3a:
                    c1:10:6c:66:15:e2:38:4c:c9:40:82:65:8c:7f:c2:
                    e1:e6:52:3b:44:cb:1b:8f:7e:cd:c0:4d:a2:9c:0b:
                    84:6a:be:c2:f7:d3:4e:f4:4c:2c:6d:e5:95:f9:ae:
                    9e:39:eb:88:9b:ad:58:a2:75:b7:fa:39:15:eb:1f:
                    68:fd:95:b2:2d:86:d9:31:77:64:eb:aa:b5:1c:2a:
                    27:8e:40:a4:44:ae:d4:9b:37:04:3f:cc:20:91:4c:
                    bf:e4:11:bd:14:cd:2e:93:07:da:15:6f:19:96:64:
                    7d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:4A:12:F6:A7:AD:A3:78:7D:08:2E:F3:41:EB:F7:2F:14:5D:41:7F
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.75.11.0/24
                  178.83.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:82:02:d5:49:73:09:d8:dd:92:d4:b0:48:d1:69:c9:69:7b:
         63:8c:9d:e3:39:8c:c0:ff:9d:86:3f:9f:6f:22:63:58:86:15:
         09:0b:e7:ea:6f:e5:b8:12:fb:cf:30:fb:a8:96:c1:5f:d0:82:
         a8:6d:e0:9f:a0:22:a6:4b:71:9a:a4:07:b2:b6:80:f3:2e:3b:
         95:7a:3f:34:33:83:ea:9b:ed:d1:6e:49:f0:63:54:75:5a:46:
         5a:9b:9e:09:42:b1:f1:81:b3:84:f5:01:84:87:06:96:51:cb:
         ea:f6:49:df:85:98:d9:3d:c6:fb:e6:15:f0:3d:1c:34:86:37:
         47:cb:8b:24:c8:2c:ca:c2:17:6a:f1:47:02:38:03:33:27:49:
         aa:af:b4:e2:a0:5a:42:30:5a:fa:63:a3:93:d7:45:71:9a:8c:
         0e:57:e5:87:43:35:23:e0:c1:43:3a:ca:b3:25:b8:70:90:68:
         ae:ef:d8:59:8a:f1:7d:06:02:23:e7:44:60:b5:18:5e:6c:47:
         bc:2a:59:81:ea:0d:54:e9:d5:86:cc:67:5b:71:89:5b:09:4a:
         ec:71:84:7d:83:f7:01:9b:07:9f:9a:06:71:c0:e1:38:27:79:
         65:53:0d:6a:ad:33:5e:22:0f:c7:89:15:96:63:64:16:1e:e5:
         f3:3f:3b:27
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUKad5AenF1iawIbH0YYNvF49HnWAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA2MDExMjIxMDhaFw0yNzA1MzExMjI2MDhaMDMxMTAvBgNV
BAMTKDNDNEExMkY2QTdBREEzNzg3RDA4MkVGMzQxRUJGNzJGMTQ1RDQxN0YwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhNCauXaxdEs+6rZjSprFUcCI4
w4BE8z7fnUD+eEIZdJIgV/294gH8xS2mTLLVvebPwm0PtVC2gD/BQmEnKidG+Wqe
vo0ccF9De2vx9ULFxNwh7dltBCufNRjt5STE3668B8rKIxYBnK8Z0iz2lFS7/2ud
S+zSEg314nsRwwhAH+W4HD57XCRJGfZBlXRB4Vx/3slsOsEQbGYV4jhMyUCCZYx/
wuHmUjtEyxuPfs3ATaKcC4RqvsL30070TCxt5ZX5rp4564ibrViidbf6ORXrH2j9
lbIthtkxd2TrqrUcKieOQKRErtSbNwQ/zCCRTL/kEb0UzS6TB9oVbxmWZH39AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUPEoS9qeto3h9CC7zQev3LxRdQX8wHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVEsL
AwQAslNBMA0GCSqGSIb3DQEBCwUAA4IBAQBTggLVSXMJ2N2S1LBI0WnJaXtjjJ3j
OYzA/52GP59vImNYhhUJC+fqb+W4EvvPMPuolsFf0IKobeCfoCKmS3GapAeytoDz
LjuVej80M4Pqm+3RbknwY1R1WkZam54JQrHxgbOE9QGEhwaWUcvq9knfhZjZPcb7
5hXwPRw0hjdHy4skyCzKwhdq8UcCOAMzJ0mqr7TioFpCMFr6Y6OT10VxmowOV+WH
QzUj4MFDOsqzJbhwkGiu79hZivF9BgIj50RgtRhebEe8KlmB6g1U6dWGzGdbcYlb
CUrscYR9g/cBmwefmgZxwOE4J3llUw1qrTNeIg/HiRWWY2QWHuXzPzsn
-----END CERTIFICATE-----