Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
File:                     AS395470.roa (raw, json)
Hash identifier:          aziO14txV94d6O8TYshSGrZsETVHyJlJ9Uar9j3JQEc=
Subject key identifier:   16:9B:12:32:02:98:55:67:29:53:5B:CA:31:36:37:CD:1A:EA:7C:B7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       25A78240F3E8A94C560BDD6FEF2066BD718B9EBF
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
Signing time:             Wed 27 May 2026 16:53:43 +0000
ROA not before:           Wed 27 May 2026 16:48:43 +0000
ROA not after:            Wed 26 May 2027 16:53:43 +0000
asID:                     395470
IP address blocks:        46.202.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jun 2026 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            25:a7:82:40:f3:e8:a9:4c:56:0b:dd:6f:ef:20:66:bd:71:8b:9e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 27 16:48:43 2026 GMT
            Not After : May 26 16:53:43 2027 GMT
        Subject: CN=169B12320298556729535BCA313637CD1AEA7CB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cd:40:45:cd:52:a7:6f:c6:7d:af:15:d1:e6:
                    cb:62:06:20:c2:7b:bc:5a:b4:70:2f:3d:87:35:5b:
                    bf:13:53:7c:13:16:3e:89:97:0d:f8:0e:92:0d:d6:
                    b6:44:04:ad:dc:a3:92:3a:64:48:95:1e:ca:22:a9:
                    3c:0e:b3:69:64:7f:76:36:ad:70:56:3e:bd:b1:d6:
                    d4:55:e2:02:1f:91:41:42:49:2a:04:d9:63:5c:33:
                    45:41:3f:c4:28:27:bc:68:cf:a1:5f:d0:2d:9e:c9:
                    6c:0c:5f:07:b3:68:22:8f:61:c1:1d:89:fb:57:28:
                    d2:51:89:4b:32:a4:64:b2:a6:17:45:63:67:7b:7f:
                    08:68:2f:6c:5f:2f:05:61:1c:f3:b1:13:89:b9:73:
                    db:61:13:1c:7e:90:ea:4f:0b:e0:70:f1:2d:bd:44:
                    3b:72:d1:52:3d:55:04:1a:d9:5b:83:b6:a2:73:9e:
                    da:0a:0d:84:a8:5e:cc:59:64:c1:c1:f5:3f:e2:bd:
                    21:f3:c3:67:a9:0a:7a:39:d7:53:ba:c6:50:81:1f:
                    fa:b8:50:88:6a:9f:58:3f:23:9c:2e:64:25:c6:66:
                    05:6b:ca:a0:b5:c7:26:29:6f:7a:5c:d1:a4:f9:3e:
                    a9:09:b5:0f:cc:e4:fd:0b:cc:23:3d:e0:fa:ff:0d:
                    1e:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:9B:12:32:02:98:55:67:29:53:5B:CA:31:36:37:CD:1A:EA:7C:B7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:ed:61:67:cf:6f:fc:25:52:0f:72:f9:11:b6:68:d1:ef:f1:
         52:cb:6d:97:84:60:b9:cb:bd:2a:92:a7:f6:07:11:fa:57:d2:
         dc:0d:0c:72:a1:99:17:5e:a8:09:5b:82:a1:3e:6b:fc:46:04:
         1c:af:e3:ec:be:11:e4:97:b1:c6:29:d3:82:7f:17:a8:d2:4c:
         ae:6e:7f:ed:1a:e7:7a:a7:05:89:97:8e:9c:9b:7a:94:ae:53:
         ca:48:42:e2:b4:2c:5a:46:93:6f:d7:80:d8:32:c2:f8:69:03:
         03:1f:53:33:70:c1:1a:77:bc:4a:20:02:bc:91:d5:7f:47:81:
         f9:08:5d:b5:13:7c:53:3f:0d:98:b5:de:f6:d0:17:85:6e:f3:
         af:df:fe:2c:ef:08:1f:3c:54:30:f5:45:15:0d:4c:a2:f1:a4:
         37:7c:df:b7:5f:a2:a5:aa:76:28:8e:16:8f:d3:74:62:b4:e9:
         81:2d:f2:8f:4e:ff:ec:83:19:70:22:83:1c:4c:02:6c:41:87:
         9c:2e:f3:4d:1a:c5:b0:2b:ce:4d:fa:a1:f0:9a:44:78:ce:ee:
         ea:74:03:fa:6b:bc:7f:4e:4a:76:62:bb:f9:11:77:bd:33:a6:
         a5:d9:93:04:1a:3e:fe:bb:b7:8f:09:48:b9:e9:19:c0:fe:95:
         fb:4c:c5:dc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUJaeCQPPoqUxWC91v7yBmvXGLnr8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA1MjcxNjQ4NDNaFw0yNzA1MjYxNjUzNDNaMDMxMTAvBgNV
BAMTKDE2OUIxMjMyMDI5ODU1NjcyOTUzNUJDQTMxMzYzN0NEMUFFQTdDQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGzUBFzVKnb8Z9rxXR5stiBiDC
e7xatHAvPYc1W78TU3wTFj6Jlw34DpIN1rZEBK3co5I6ZEiVHsoiqTwOs2lkf3Y2
rXBWPr2x1tRV4gIfkUFCSSoE2WNcM0VBP8QoJ7xoz6Ff0C2eyWwMXwezaCKPYcEd
iftXKNJRiUsypGSyphdFY2d7fwhoL2xfLwVhHPOxE4m5c9thExx+kOpPC+Bw8S29
RDty0VI9VQQa2VuDtqJzntoKDYSoXsxZZMHB9T/ivSHzw2epCno511O6xlCBH/q4
UIhqn1g/I5wuZCXGZgVryqC1xyYpb3pc0aT5PqkJtQ/M5P0LzCM94Pr/DR75AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFpsSMgKYVWcpU1vKMTY3zRrqfLcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALsoy
MA0GCSqGSIb3DQEBCwUAA4IBAQCJ7WFnz2/8JVIPcvkRtmjR7/FSy22XhGC5y70q
kqf2BxH6V9LcDQxyoZkXXqgJW4KhPmv8RgQcr+PsvhHkl7HGKdOCfxeo0kyubn/t
Gud6pwWJl46cm3qUrlPKSELitCxaRpNv14DYMsL4aQMDH1MzcMEad7xKIAK8kdV/
R4H5CF21E3xTPw2Ytd720BeFbvOv3/4s7wgfPFQw9UUVDUyi8aQ3fN+3X6KlqnYo
jhaP03RitOmBLfKPTv/sgxlwIoMcTAJsQYecLvNNGsWwK85N+qHwmkR4zu7qdAP6
a7x/Tkp2Yrv5EXe9M6al2ZMEGj7+u7ePCUi56RnA/pX7TMXc
-----END CERTIFICATE-----