Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          wTD8hw8dQv66bYy22jMdHsEtPx6Es4ZwYSmP1WRAwAU=
Subject key identifier:   A9:23:CF:92:28:C2:5D:05:36:B2:EE:BB:88:DE:A9:01:97:97:B1:78
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       16E37CA1CB19C676A6381E0F39052BF56B5AF67F
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395374.roa
Signing time:             Wed 24 Jun 2026 08:30:17 +0000
ROA not before:           Wed 24 Jun 2026 08:25:17 +0000
ROA not after:            Wed 23 Jun 2027 08:30:17 +0000
asID:                     395374
IP address blocks:        95.134.28.0/24 maxlen: 24
                          95.134.76.0/24 maxlen: 24
                          95.134.117.0/24 maxlen: 24
                          95.134.121.0/24 maxlen: 24
                          95.134.152.0/24 maxlen: 24
                          95.135.153.0/24 maxlen: 24
                          178.93.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Jul 2026 23:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            16:e3:7c:a1:cb:19:c6:76:a6:38:1e:0f:39:05:2b:f5:6b:5a:f6:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 24 08:25:17 2026 GMT
            Not After : Jun 23 08:30:17 2027 GMT
        Subject: CN=A923CF9228C25D0536B2EEBB88DEA9019797B178
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:7c:86:50:84:04:79:a5:96:d3:d0:fe:90:02:
                    e9:88:2d:fd:81:d9:67:85:ec:7a:b3:00:fb:af:49:
                    d8:42:b9:bd:f0:47:54:00:3a:96:c5:8c:a3:20:31:
                    51:4e:8e:18:c6:6d:a6:3e:8c:32:55:d5:aa:e8:22:
                    c3:5e:b7:c2:ac:58:88:1e:a9:43:a7:c7:0d:eb:a9:
                    27:ed:bd:ba:95:31:0c:a5:77:95:72:22:2d:53:48:
                    65:31:b1:9d:a7:40:90:fb:c1:e7:c5:67:4e:9d:64:
                    3c:ef:bc:4e:c7:d7:aa:9a:e1:f0:cc:77:20:69:37:
                    d8:8a:25:72:66:b9:e1:53:f6:f1:cb:53:2c:27:5a:
                    f2:f0:0d:3a:7e:63:47:7f:71:2c:a0:35:bd:df:09:
                    04:87:dd:89:58:27:62:5a:d4:22:f7:3e:13:70:35:
                    13:b9:27:0e:ed:38:83:9c:cd:bc:8d:63:49:4e:3d:
                    92:55:89:28:be:d2:6d:d4:23:c9:52:1d:15:aa:90:
                    7b:99:61:ba:21:42:20:8f:20:41:e1:4e:07:7a:d3:
                    30:6c:3a:e1:26:3c:cd:4e:a3:03:9b:d3:4a:ac:71:
                    28:4e:07:dd:da:5b:52:a0:8d:39:a3:03:4f:f1:07:
                    c4:14:20:da:e8:28:7d:eb:06:70:65:3a:83:61:1f:
                    5e:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:23:CF:92:28:C2:5D:05:36:B2:EE:BB:88:DE:A9:01:97:97:B1:78
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.134.28.0/24
                  95.134.76.0/24
                  95.134.117.0/24
                  95.134.121.0/24
                  95.134.152.0/24
                  95.135.153.0/24
                  178.93.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f4:4c:b2:23:c7:1a:da:33:93:90:84:68:15:e4:ca:8d:6a:
         3c:6f:c7:da:98:51:bb:91:ec:f0:aa:5c:13:e3:70:85:a5:85:
         ef:9e:52:67:06:3f:1d:4a:23:eb:d7:b2:2f:0f:ea:6f:50:1b:
         9d:0c:f9:09:01:31:8d:a4:51:b5:c7:0d:2f:b1:d3:cc:9f:ea:
         eb:2f:ab:72:a1:65:4c:df:8e:f1:0a:69:44:90:f7:1b:4e:fb:
         32:b8:e2:20:44:91:e6:0e:66:74:e0:e6:9f:99:d4:f5:67:26:
         47:93:29:d8:fa:19:8c:13:05:fe:15:8a:d5:e9:8f:0b:2a:6b:
         6b:62:a2:38:03:30:cf:37:82:f7:bf:43:4d:70:b7:25:58:2b:
         09:c1:5b:23:d8:11:8f:58:9b:3e:63:0c:ab:6a:b9:aa:cf:22:
         48:d1:51:f0:3d:99:d1:05:44:59:a2:d1:f0:9c:9e:ec:e2:bb:
         b6:79:23:16:70:51:6a:b0:e8:7a:14:a2:2c:a8:c3:cb:5f:fb:
         e5:3a:77:9d:65:7b:2d:b2:b0:50:43:5d:b5:e4:22:39:e5:d7:
         b3:07:a4:e3:5a:47:7b:95:82:81:53:df:99:9b:bd:07:95:11:
         52:6f:f1:17:b0:89:d2:b3:11:c1:94:ec:40:bb:a2:2d:b5:e1:
         5d:4a:21:3b
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgIUFuN8ocsZxnamOB4POQUr9Wta9n8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA2MjQwODI1MTdaFw0yNzA2MjMwODMwMTdaMDMxMTAvBgNV
BAMTKEE5MjNDRjkyMjhDMjVEMDUzNkIyRUVCQjg4REVBOTAxOTc5N0IxNzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMfIZQhAR5pZbT0P6QAumILf2B
2WeF7HqzAPuvSdhCub3wR1QAOpbFjKMgMVFOjhjGbaY+jDJV1aroIsNet8KsWIge
qUOnxw3rqSftvbqVMQyld5VyIi1TSGUxsZ2nQJD7wefFZ06dZDzvvE7H16qa4fDM
dyBpN9iKJXJmueFT9vHLUywnWvLwDTp+Y0d/cSygNb3fCQSH3YlYJ2Ja1CL3PhNw
NRO5Jw7tOIOczbyNY0lOPZJViSi+0m3UI8lSHRWqkHuZYbohQiCPIEHhTgd60zBs
OuEmPM1OowOb00qscShOB93aW1KgjTmjA0/xB8QUINroKH3rBnBlOoNhH16/AgMB
AAGjggIuMIICKjAdBgNVHQ4EFgQUqSPPkijCXQU2su67iN6pAZeXsXgwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAX4Yc
AwQAX4ZMAwQAX4Z1AwQAX4Z5AwQAX4aYAwQAX4eZAwQAsl2AMA0GCSqGSIb3DQEB
CwUAA4IBAQBh9EyyI8ca2jOTkIRoFeTKjWo8b8famFG7kezwqlwT43CFpYXvnlJn
Bj8dSiPr17IvD+pvUBudDPkJATGNpFG1xw0vsdPMn+rrL6tyoWVM347xCmlEkPcb
TvsyuOIgRJHmDmZ04OafmdT1ZyZHkynY+hmMEwX+FYrV6Y8LKmtrYqI4AzDPN4L3
v0NNcLclWCsJwVsj2BGPWJs+YwyrarmqzyJI0VHwPZnRBURZotHwnJ7s4ru2eSMW
cFFqsOh6FKIsqMPLX/vlOnedZXstsrBQQ1215CI55dezB6TjWkd7lYKBU9+Zm70H
lRFSb/EXsInSsxHBlOxAu6ItteFdSiE7
-----END CERTIFICATE-----
Generated at Fri Jul 17 06:50:01 2026 by rpki-client