Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395470.roa
File:                     AS395470.roa (raw, json)
Hash identifier:          qpRDDc/JYJ5nw/cLBvBb/JJlTTuWCoYtU3aRvd4uuSs=
Subject key identifier:   0A:03:F5:EF:92:70:48:A4:07:1A:C1:9C:D3:CF:7E:2A:47:D7:CE:64
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       58F6F0386C7ABCEDC329675E2829FCA1F2BA557E
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395470.roa
Signing time:             Mon 20 Apr 2026 12:38:02 +0000
ROA not before:           Mon 20 Apr 2026 12:33:02 +0000
ROA not after:            Mon 19 Apr 2027 12:38:02 +0000
asID:                     395470
IP address blocks:        141.11.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 13:21:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:f6:f0:38:6c:7a:bc:ed:c3:29:67:5e:28:29:fc:a1:f2:ba:55:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Apr 20 12:33:02 2026 GMT
            Not After : Apr 19 12:38:02 2027 GMT
        Subject: CN=0A03F5EF927048A4071AC19CD3CF7E2A47D7CE64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e6:e7:8b:00:c8:13:a1:36:69:2b:7b:c1:62:
                    3d:41:aa:51:b8:b3:a6:59:b5:8f:b2:e3:83:8e:3f:
                    09:8d:66:d0:94:78:70:1e:53:84:8a:3e:57:4a:45:
                    21:8e:3c:84:13:89:d6:02:8a:49:0c:1a:ff:47:c0:
                    a9:d0:af:e7:01:fe:b9:82:b3:42:a6:29:ef:7d:f8:
                    ba:f3:f6:f8:52:19:19:3a:66:f3:2a:ed:b1:1c:22:
                    83:24:17:b9:3c:92:33:30:df:63:d8:47:2d:3e:45:
                    a4:3f:ad:11:13:8c:6d:16:6d:b8:79:92:53:e9:7d:
                    a1:96:de:cf:89:0a:09:4d:ce:5f:98:00:06:bd:97:
                    32:71:52:ec:be:7f:26:c3:29:ee:0b:11:da:05:08:
                    a2:d8:c3:df:9b:bc:11:70:bd:74:ec:f3:db:75:06:
                    d7:f8:d3:1e:68:d3:09:4c:4f:e9:55:4b:a9:9c:73:
                    fa:98:a5:f1:76:fa:00:79:26:bd:97:02:43:5e:75:
                    2f:91:3c:ba:48:11:56:d1:62:dc:60:07:c8:84:98:
                    0a:b7:23:97:75:ec:4d:02:fb:12:c5:95:48:80:46:
                    ef:ab:d1:c4:43:91:ff:a4:a2:6f:b8:db:ac:f2:f9:
                    9e:25:41:a5:b2:64:11:4a:1b:31:a0:8e:59:a9:6b:
                    b9:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:03:F5:EF:92:70:48:A4:07:1A:C1:9C:D3:CF:7E:2A:47:D7:CE:64
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS395470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:45:dd:91:dd:75:bd:67:5b:39:d9:74:50:78:b9:95:19:d8:
         f4:73:3d:4d:1d:30:af:d2:de:59:f3:7b:7f:99:a4:bf:38:83:
         a7:d3:3f:28:10:25:f2:8f:87:1c:09:5b:5c:c4:d0:0e:1f:21:
         2a:4d:d2:70:cf:13:27:aa:19:c5:59:b1:a0:05:6f:75:2e:bb:
         9a:65:73:25:a5:7c:16:a8:c1:71:83:28:a7:4d:fb:ad:e5:47:
         4e:1c:78:c5:64:e6:56:d3:2f:3e:13:44:80:87:70:a2:ea:cb:
         3f:dd:3a:80:49:3a:60:75:47:55:49:d7:de:22:ec:23:97:a1:
         8c:27:69:dd:f3:6d:9c:ff:e3:1a:82:0e:fa:8a:7c:d6:74:81:
         ce:3c:ec:9e:15:e8:0d:a2:be:f3:7e:f7:6e:59:fd:34:bd:d6:
         2e:28:92:c3:d1:61:78:d4:5f:20:4a:be:96:02:ea:23:67:6e:
         9f:93:18:ae:9a:2f:ab:55:04:f0:97:a5:44:3d:b3:44:63:34:
         f3:d6:5d:c1:11:c5:b8:6b:2f:d7:b5:0b:45:71:0b:8a:f6:04:
         76:88:f3:92:06:e8:db:33:22:d0:65:f0:d8:dd:66:cb:62:05:
         05:5b:25:26:8c:25:71:ad:47:32:33:f8:61:1a:41:ab:44:f2:
         9f:79:9f:37
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUWPbwOGx6vO3DKWdeKCn8ofK6VX4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNjA0MjAxMjMzMDJaFw0yNzA0MTkxMjM4MDJaMDMxMTAvBgNV
BAMTKDBBMDNGNUVGOTI3MDQ4QTQwNzFBQzE5Q0QzQ0Y3RTJBNDdEN0NFNjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC55ueLAMgToTZpK3vBYj1BqlG4
s6ZZtY+y44OOPwmNZtCUeHAeU4SKPldKRSGOPIQTidYCikkMGv9HwKnQr+cB/rmC
s0KmKe99+Lrz9vhSGRk6ZvMq7bEcIoMkF7k8kjMw32PYRy0+RaQ/rRETjG0Wbbh5
klPpfaGW3s+JCglNzl+YAAa9lzJxUuy+fybDKe4LEdoFCKLYw9+bvBFwvXTs89t1
Btf40x5o0wlMT+lVS6mcc/qYpfF2+gB5Jr2XAkNedS+RPLpIEVbRYtxgB8iEmAq3
I5d17E0C+xLFlUiARu+r0cRDkf+kom+426zy+Z4lQaWyZBFKGzGgjlmpa7m7AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUCgP175JwSKQHGsGc089+KkfXzmQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQsl
MA0GCSqGSIb3DQEBCwUAA4IBAQCcRd2R3XW9Z1s52XRQeLmVGdj0cz1NHTCv0t5Z
83t/maS/OIOn0z8oECXyj4ccCVtcxNAOHyEqTdJwzxMnqhnFWbGgBW91LruaZXMl
pXwWqMFxgyinTfut5UdOHHjFZOZW0y8+E0SAh3Ci6ss/3TqASTpgdUdVSdfeIuwj
l6GMJ2nd822c/+Magg76inzWdIHOPOyeFegNor7zfvduWf00vdYuKJLD0WF41F8g
Sr6WAuojZ26fkxiumi+rVQTwl6VEPbNEYzTz1l3BEcW4ay/XtQtFcQuK9gR2iPOS
BujbMyLQZfDY3WbLYgUFWyUmjCVxrUcyM/hhGkGrRPKfeZ83
-----END CERTIFICATE-----