Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
File:                     AS395470.roa (raw, json)
Hash identifier:          gay/Hpk0LFuOkXTl2BHP/c2f5mVRchOK5N/62vx2/RQ=
Subject key identifier:   D5:9D:E4:02:C1:1D:F0:97:F8:31:F4:AB:5B:DA:2E:FD:B6:3B:23:EB
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       35A0B0C41FF263204B7A851313C8432A58C6CAF6
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa
Signing time:             Fri 17 Apr 2026 04:53:59 +0000
ROA not before:           Fri 17 Apr 2026 04:48:59 +0000
ROA not after:            Fri 16 Apr 2027 04:53:59 +0000
asID:                     395470
IP address blocks:        178.94.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:a0:b0:c4:1f:f2:63:20:4b:7a:85:13:13:c8:43:2a:58:c6:ca:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 17 04:48:59 2026 GMT
            Not After : Apr 16 04:53:59 2027 GMT
        Subject: CN=D59DE402C11DF097F831F4AB5BDA2EFDB63B23EB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a7:bb:da:eb:8e:bf:c2:99:3f:af:25:48:c5:
                    a3:17:b2:3b:ea:32:74:5e:c9:1a:ff:a2:36:eb:3c:
                    98:f9:56:fa:90:8a:0a:28:96:5a:b1:39:b7:7b:57:
                    0f:82:01:43:09:a5:33:95:85:84:54:31:81:c4:0c:
                    ce:37:7e:c5:ea:51:74:88:db:41:7b:64:1b:b5:18:
                    5a:87:47:09:e0:ac:fb:6b:22:3e:93:4f:22:cb:38:
                    be:30:65:1a:59:22:a2:74:d8:10:e3:0d:a4:47:c8:
                    44:b5:0b:eb:6e:07:f0:94:2f:9a:b2:0f:79:2e:c8:
                    8a:4a:2b:85:d1:64:b0:0e:f7:b3:eb:bf:65:3d:97:
                    bd:8e:19:bf:1e:54:6e:44:74:70:04:2a:7a:d1:bb:
                    ae:3b:cb:f7:30:5d:4e:9b:35:9b:85:f8:30:bf:b3:
                    00:71:26:d0:ef:fe:c0:5a:e6:da:f1:aa:39:b6:aa:
                    1c:47:ec:da:37:4a:40:99:8e:04:68:e4:1a:86:21:
                    3c:64:bc:a1:77:a3:69:95:18:50:5a:2a:d0:6f:37:
                    cf:57:75:a4:e3:a1:59:45:41:4c:64:ef:9d:19:a6:
                    9a:20:fa:43:84:f6:28:0d:20:fd:bc:9b:c9:28:5f:
                    c2:6c:08:05:e8:88:fe:e0:da:84:50:18:5a:08:83:
                    bf:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:9D:E4:02:C1:1D:F0:97:F8:31:F4:AB:5B:DA:2E:FD:B6:3B:23:EB
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS395470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.94.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:19:68:c1:68:3f:e3:35:86:45:2a:e3:5b:bc:86:1f:3c:f1:
         31:dc:36:d4:4f:87:db:82:ba:e0:dc:9a:c8:0e:c4:d3:fc:94:
         f1:b8:6a:da:e1:09:a1:74:76:79:47:0b:63:da:91:54:65:1d:
         b5:71:8d:d8:fb:cf:84:a7:d6:36:f5:c3:f0:26:a9:73:d4:27:
         c1:2e:fc:2e:12:fb:f3:4b:32:8c:32:d3:8e:31:e0:d1:e0:5a:
         64:c7:22:8c:a5:ec:a5:20:02:98:77:29:15:fd:bc:5a:b9:9f:
         42:84:df:82:4f:36:a4:69:4a:2c:15:20:4e:ff:3b:dd:50:79:
         d7:25:ba:43:77:6e:0d:90:84:8c:8c:00:11:7d:da:8b:58:01:
         aa:ed:f5:6a:02:d0:d6:ce:3c:b6:3c:6a:c7:3e:c2:c5:d0:e3:
         4f:fa:eb:48:8e:20:3c:18:da:fe:c7:db:96:0c:50:e1:f0:af:
         d2:e0:f9:1b:56:31:57:ba:fc:57:3d:6b:59:0c:3a:6e:3b:b4:
         c0:1d:e0:f2:9b:fe:e5:d8:0c:c5:69:35:ba:48:87:f9:51:ae:
         79:99:bd:50:d5:7c:71:be:41:e7:b5:c8:ff:5b:1b:fa:d6:2f:
         16:3b:65:95:8a:83:a5:82:71:76:bb:ae:59:90:56:73:42:a0:
         94:4b:4a:7e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNaCwxB/yYyBLeoUTE8hDKljGyvYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MTcwNDQ4NTlaFw0yNzA0MTYwNDUzNTlaMDMxMTAvBgNV
BAMTKEQ1OURFNDAyQzExREYwOTdGODMxRjRBQjVCREEyRUZEQjYzQjIzRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCyp7va646/wpk/ryVIxaMXsjvq
MnReyRr/ojbrPJj5VvqQigoollqxObd7Vw+CAUMJpTOVhYRUMYHEDM43fsXqUXSI
20F7ZBu1GFqHRwngrPtrIj6TTyLLOL4wZRpZIqJ02BDjDaRHyES1C+tuB/CUL5qy
D3kuyIpKK4XRZLAO97Prv2U9l72OGb8eVG5EdHAEKnrRu647y/cwXU6bNZuF+DC/
swBxJtDv/sBa5trxqjm2qhxH7No3SkCZjgRo5BqGITxkvKF3o2mVGFBaKtBvN89X
daTjoVlFQUxk750Zppog+kOE9igNIP28m8koX8JsCAXoiP7g2oRQGFoIg7/PAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU1Z3kAsEd8Jf4MfSrW9ou/bY7I+swHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk1NDcwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl6w
MA0GCSqGSIb3DQEBCwUAA4IBAQBQGWjBaD/jNYZFKuNbvIYfPPEx3DbUT4fbgrrg
3JrIDsTT/JTxuGra4QmhdHZ5Rwtj2pFUZR21cY3Y+8+Ep9Y29cPwJqlz1CfBLvwu
EvvzSzKMMtOOMeDR4FpkxyKMpeylIAKYdykV/bxauZ9ChN+CTzakaUosFSBO/zvd
UHnXJbpDd24NkISMjAARfdqLWAGq7fVqAtDWzjy2PGrHPsLF0ONP+utIjiA8GNr+
x9uWDFDh8K/S4PkbVjFXuvxXPWtZDDpuO7TAHeDym/7l2AzFaTW6SIf5Ua55mb1Q
1XxxvkHntcj/Wxv61i8WO2WVioOlgnF2u65ZkFZzQqCUS0p+
-----END CERTIFICATE-----