Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398395.roa
File:                     AS398395.roa (raw, json)
Hash identifier:          EA2d0sxkbXrl7oyhDU1ddrB1UoL5eylHoNcgbki2ZyI=
Subject key identifier:   F9:4E:41:C5:E2:0B:89:78:8D:74:B8:D8:E8:96:5F:67:BA:C0:D2:F0
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       209C4ADEAAFE94A02313C1DE78603CB3EF67AF95
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398395.roa
Signing time:             Thu 30 Jan 2025 11:39:46 +0000
ROA not before:           Thu 30 Jan 2025 11:34:46 +0000
ROA not after:            Thu 29 Jan 2026 11:39:46 +0000
asID:                     398395
IP address blocks:        95.135.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:05:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            20:9c:4a:de:aa:fe:94:a0:23:13:c1:de:78:60:3c:b3:ef:67:af:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jan 30 11:34:46 2025 GMT
            Not After : Jan 29 11:39:46 2026 GMT
        Subject: CN=F94E41C5E20B89788D74B8D8E8965F67BAC0D2F0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:89:1c:73:63:56:f8:a9:17:6e:a1:c6:5a:f0:
                    ef:fd:28:87:7e:30:d8:8a:4c:65:27:d7:a5:4f:50:
                    1f:fd:98:c4:51:2c:71:83:a2:da:34:9a:a2:07:d1:
                    ce:32:bc:02:e5:55:f0:cd:6d:a5:8f:74:72:e9:db:
                    a7:86:45:67:0f:dd:b6:8d:1f:99:fd:26:e6:52:ef:
                    c4:97:4c:67:e4:e5:fd:b2:b5:86:71:eb:75:5e:49:
                    a8:3e:67:f2:aa:29:06:0d:a0:af:43:6e:47:e6:a5:
                    78:a3:c5:56:e9:12:00:ab:46:28:3a:e6:0d:3b:ed:
                    82:83:ef:aa:98:b1:2d:79:da:4c:f0:a3:27:2c:c6:
                    e5:4a:d8:e8:af:74:09:aa:ba:88:c1:7f:79:a1:56:
                    17:89:3c:76:88:a0:df:d1:28:00:bf:63:95:58:fb:
                    eb:f7:7c:30:5f:ba:95:2e:78:aa:28:8b:04:1b:f8:
                    ce:b6:0d:56:72:3f:2d:ee:98:3d:d2:b9:a7:3d:00:
                    7c:f5:8d:fc:6e:8b:98:bd:bd:f1:b5:6c:bb:74:3e:
                    1d:0c:8b:0b:15:44:a4:3d:08:53:6d:90:47:5e:cd:
                    07:a5:ab:8a:e2:ff:fd:29:fd:4e:96:55:5c:43:20:
                    0b:e7:a3:84:ff:a7:78:3d:23:b4:df:3f:83:79:f8:
                    48:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:4E:41:C5:E2:0B:89:78:8D:74:B8:D8:E8:96:5F:67:BA:C0:D2:F0
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398395.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.135.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:1d:82:77:52:38:43:5d:c6:8d:e5:be:52:95:38:9c:d4:75:
         02:2f:d3:c9:36:cc:92:e8:98:a3:dc:37:78:0b:de:ee:d5:d6:
         e7:62:54:83:78:06:5e:0c:32:66:27:95:85:4d:f6:37:bb:45:
         76:5f:96:90:98:15:d6:5f:7b:ec:48:2d:9b:a4:d8:fc:3d:56:
         13:97:f8:ac:08:b2:fe:f0:28:2e:d1:57:5f:e1:94:10:0f:a5:
         d4:52:d2:5b:c3:34:20:52:42:92:81:13:70:87:58:79:a0:a5:
         41:0d:72:1c:c0:ba:0a:1d:7d:8f:c7:18:e4:49:07:16:c1:a5:
         34:20:9b:29:4f:67:29:10:cf:bb:c4:3f:0c:68:01:18:50:76:
         5c:73:e8:b3:0f:9d:4f:45:79:06:72:a1:dd:0c:4e:7a:dd:b4:
         33:40:c0:44:28:6a:55:7b:3d:01:9d:d8:4a:62:e5:24:f0:94:
         7f:58:0c:4e:2f:80:ee:34:c0:52:a2:ce:46:02:ba:8a:70:38:
         2f:63:37:06:13:48:65:f5:6a:41:13:47:39:b2:03:f2:a5:47:
         25:14:a9:39:dc:7a:8b:f6:0f:50:6f:4e:7f:db:c8:44:29:0b:
         28:16:2e:1b:45:1c:58:c7:46:e2:99:2e:72:d5:50:78:ee:dd:
         9b:e5:29:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIJxK3qr+lKAjE8HeeGA8s+9nr5UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTAxMzAxMTM0NDZaFw0yNjAxMjkxMTM5NDZaMDMxMTAvBgNV
BAMTKEY5NEU0MUM1RTIwQjg5Nzg4RDc0QjhEOEU4OTY1RjY3QkFDMEQyRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCPiRxzY1b4qRduocZa8O/9KId+
MNiKTGUn16VPUB/9mMRRLHGDoto0mqIH0c4yvALlVfDNbaWPdHLp26eGRWcP3baN
H5n9JuZS78SXTGfk5f2ytYZx63VeSag+Z/KqKQYNoK9DbkfmpXijxVbpEgCrRig6
5g077YKD76qYsS152kzwoycsxuVK2OivdAmquojBf3mhVheJPHaIoN/RKAC/Y5VY
++v3fDBfupUueKooiwQb+M62DVZyPy3umD3Suac9AHz1jfxui5i9vfG1bLt0Ph0M
iwsVRKQ9CFNtkEdezQelq4ri//0p/U6WVVxDIAvno4T/p3g9I7TfP4N5+Ej/AgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU+U5BxeILiXiNdLjY6JZfZ7rA0vAwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk4Mzk1LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAX4eH
MA0GCSqGSIb3DQEBCwUAA4IBAQCKHYJ3UjhDXcaN5b5SlTic1HUCL9PJNsyS6Jij
3Dd4C97u1dbnYlSDeAZeDDJmJ5WFTfY3u0V2X5aQmBXWX3vsSC2bpNj8PVYTl/is
CLL+8Cgu0Vdf4ZQQD6XUUtJbwzQgUkKSgRNwh1h5oKVBDXIcwLoKHX2PxxjkSQcW
waU0IJspT2cpEM+7xD8MaAEYUHZcc+izD51PRXkGcqHdDE563bQzQMBEKGpVez0B
ndhKYuUk8JR/WAxOL4DuNMBSos5GArqKcDgvYzcGE0hl9WpBE0c5sgPypUclFKk5
3HqL9g9Qb05/28hEKQsoFi4bRRxYx0bimS5y1VB47t2b5Skb
-----END CERTIFICATE-----