Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396982.roa
File:                     AS396982.roa (raw, json)
Hash identifier:          oIx4oFoXiA4j8NkE8j/HTQ9YPnHoDFvIl9MN1WNJX+A=
Subject key identifier:   62:D1:1C:C8:EE:5F:57:15:F3:58:83:E8:46:D3:AE:E7:FE:B0:7F:BF
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       75E84D50895A97ECD0D3F03B40D1E667F8EC6D89
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396982.roa
Signing time:             Tue 21 Apr 2026 14:07:37 +0000
ROA not before:           Tue 21 Apr 2026 14:02:37 +0000
ROA not after:            Tue 20 Apr 2027 14:07:37 +0000
asID:                     396982
IP address blocks:        95.135.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 20:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:e8:4d:50:89:5a:97:ec:d0:d3:f0:3b:40:d1:e6:67:f8:ec:6d:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Apr 21 14:02:37 2026 GMT
            Not After : Apr 20 14:07:37 2027 GMT
        Subject: CN=62D11CC8EE5F5715F35883E846D3AEE7FEB07FBF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:16:6d:6f:52:0e:aa:10:49:51:7b:b7:25:c9:
                    e7:93:40:81:82:22:ee:8d:43:b5:cd:24:24:d0:01:
                    4c:84:9d:ec:a0:ed:b4:20:b0:09:55:4e:88:7e:6f:
                    df:3c:74:8c:00:d5:0d:32:1f:6b:a4:9e:ae:71:65:
                    26:c9:e6:c9:0b:1d:f6:e1:6e:7e:12:d5:db:a3:60:
                    89:3c:87:84:fc:39:45:79:c4:ad:24:98:31:1b:b4:
                    fb:6d:58:8f:4c:bb:71:c8:8e:3d:ab:37:9d:33:5a:
                    d6:be:06:1a:70:ff:80:f7:22:3a:68:c2:75:c6:75:
                    f6:69:91:a2:f6:c1:ca:20:38:c6:2c:fb:0e:2a:8d:
                    15:27:e0:63:b4:36:91:3a:fc:c4:fa:80:49:c4:9d:
                    91:82:61:03:ec:8e:b8:55:47:c1:d9:67:87:63:e4:
                    ab:2b:11:ac:dd:77:df:01:ea:5f:ae:5a:d6:8f:73:
                    54:17:2b:b1:96:5b:39:cf:e3:6a:f2:0a:49:25:02:
                    eb:fd:9e:ee:d6:86:55:6b:ae:f5:a4:a0:4e:5d:ca:
                    4c:ae:71:4c:4d:4f:a2:3f:5d:69:7a:68:9a:77:7d:
                    da:e7:97:f7:fb:1c:a7:38:bd:d6:fa:1b:66:85:65:
                    03:d5:52:69:ea:e7:92:07:0c:49:f4:c9:cc:b1:64:
                    7d:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:D1:1C:C8:EE:5F:57:15:F3:58:83:E8:46:D3:AE:E7:FE:B0:7F:BF
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS396982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d1:bc:ab:63:b6:c4:9d:0f:ea:5b:63:e5:54:4f:44:9d:8a:
         ee:04:30:81:e6:a9:8e:a4:54:df:07:d8:d5:fd:1b:5b:5b:67:
         1f:8a:4f:3f:a5:37:3b:82:36:6d:c5:ee:0b:04:fc:99:1f:8b:
         25:7d:a5:eb:80:0e:a1:fd:88:92:5f:fe:d9:0f:7f:c1:33:73:
         79:84:06:96:8f:e4:de:e1:c9:9b:49:2d:9e:56:af:5b:cf:aa:
         37:0b:e8:08:04:24:61:ff:eb:ea:cb:d8:0e:a0:ac:d1:33:cc:
         6c:5d:9b:f1:a9:f1:1d:2c:12:9f:e8:81:33:6e:6c:e6:71:54:
         62:ae:38:a2:f6:c7:61:74:de:a4:ac:7b:3f:f2:4c:ff:38:ae:
         01:a5:4b:e6:bd:a6:44:18:3a:47:94:3a:e2:e6:1b:d4:6a:b2:
         4a:bf:94:ac:6d:ed:89:f3:8e:20:1f:78:6a:d1:6c:44:7d:09:
         2c:71:21:5b:4f:15:fe:8f:c5:a0:ce:44:0c:12:79:f3:88:ca:
         79:90:cf:7e:03:4f:95:91:ce:71:36:6a:56:a6:1d:73:22:35:
         89:bd:34:7a:b6:64:d3:1e:db:3a:ee:2d:c0:4e:dc:1e:60:55:
         b5:3f:d3:57:0c:7e:dd:1e:51:88:dc:79:98:50:5a:0a:41:4a:
         60:b6:5d:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdehNUIlal+zQ0/A7QNHmZ/jsbYkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjA0MjExNDAyMzdaFw0yNzA0MjAxNDA3MzdaMDMxMTAvBgNV
BAMTKDYyRDExQ0M4RUU1RjU3MTVGMzU4ODNFODQ2RDNBRUU3RkVCMDdGQkYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOFm1vUg6qEElRe7clyeeTQIGC
Iu6NQ7XNJCTQAUyEneyg7bQgsAlVToh+b988dIwA1Q0yH2uknq5xZSbJ5skLHfbh
bn4S1dujYIk8h4T8OUV5xK0kmDEbtPttWI9Mu3HIjj2rN50zWta+Bhpw/4D3Ijpo
wnXGdfZpkaL2wcogOMYs+w4qjRUn4GO0NpE6/MT6gEnEnZGCYQPsjrhVR8HZZ4dj
5KsrEazdd98B6l+uWtaPc1QXK7GWWznP42ryCkklAuv9nu7WhlVrrvWkoE5dykyu
cUxNT6I/XWl6aJp3fdrnl/f7HKc4vdb6G2aFZQPVUmnq55IHDEn0ycyxZH3RAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUYtEcyO5fVxXzWIPoRtOu5/6wf78wHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk2OTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4cf
MA0GCSqGSIb3DQEBCwUAA4IBAQAl0byrY7bEnQ/qW2PlVE9EnYruBDCB5qmOpFTf
B9jV/RtbW2cfik8/pTc7gjZtxe4LBPyZH4slfaXrgA6h/YiSX/7ZD3/BM3N5hAaW
j+Te4cmbSS2eVq9bz6o3C+gIBCRh/+vqy9gOoKzRM8xsXZvxqfEdLBKf6IEzbmzm
cVRirjii9sdhdN6krHs/8kz/OK4BpUvmvaZEGDpHlDri5hvUarJKv5Ssbe2J844g
H3hq0WxEfQkscSFbTxX+j8WgzkQMEnnziMp5kM9+A0+Vkc5xNmpWph1zIjWJvTR6
tmTTHts67i3ATtweYFW1P9NXDH7dHlGI3HmYUFoKQUpgtl1U
-----END CERTIFICATE-----