Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          FibeCzUCuafJ+6CjDBSSsUi1Q6xHCEaUsdIUFfuclyk=
Subject key identifier:   A5:05:4C:D2:DB:10:45:07:C7:B0:58:F1:9C:93:17:5D:E8:E8:74:D9
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       0ED334C00AA810DC1F9BEBAF8D1FDA994DEFB904
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa
Signing time:             Fri 29 Aug 2025 18:44:48 +0000
ROA not before:           Fri 29 Aug 2025 18:39:48 +0000
ROA not after:            Fri 28 Aug 2026 18:44:48 +0000
asID:                     398704
IP address blocks:        178.92.16.0/22 maxlen: 24
                          178.92.36.0/22 maxlen: 24
                          178.93.0.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 16 Sep 2025 13:46:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0e:d3:34:c0:0a:a8:10:dc:1f:9b:eb:af:8d:1f:da:99:4d:ef:b9:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 29 18:39:48 2025 GMT
            Not After : Aug 28 18:44:48 2026 GMT
        Subject: CN=A5054CD2DB104507C7B058F19C93175DE8E874D9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:23:99:6c:e7:a7:88:8b:39:43:f3:8b:d0:f5:
                    fe:31:f3:64:ce:db:3a:e3:f9:a3:3f:ef:73:0c:55:
                    b1:6a:3e:bc:d0:fa:e8:11:ea:2a:00:13:e9:8e:bf:
                    cb:33:c6:66:d1:b4:2a:55:32:5e:93:43:8c:0f:93:
                    ea:b8:c2:ff:79:02:58:50:8a:b6:64:58:8d:84:ab:
                    f9:aa:8b:01:dd:cb:a2:a8:05:e0:bb:2c:10:2f:72:
                    20:4d:83:3e:c6:b3:9d:93:93:5b:c7:fd:ba:5a:1f:
                    fd:e8:25:64:2f:d4:0f:4c:8e:31:d8:f9:a1:42:86:
                    db:55:be:c6:4a:8e:b3:d5:e5:ba:9c:11:6e:3a:8d:
                    02:a0:79:21:3e:ab:6e:e9:64:cf:d5:3a:16:07:b8:
                    b0:b4:27:8c:0e:3f:55:db:27:20:09:b4:d0:9f:48:
                    12:33:cd:b5:c9:fa:8b:24:b4:c2:a7:35:fb:ef:9e:
                    e7:e0:d2:04:30:8b:6c:f8:80:eb:0f:99:fc:1f:28:
                    23:d5:ee:4e:ca:27:bf:8c:c5:0e:b8:18:f2:45:57:
                    8d:56:8e:b7:46:c1:32:d3:0d:5d:08:fc:2d:8e:c8:
                    7a:9d:61:c0:2c:08:09:d0:0a:7b:c3:47:1f:61:8f:
                    5f:37:76:90:04:37:e8:88:cb:e7:24:da:c6:eb:62:
                    92:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:05:4C:D2:DB:10:45:07:C7:B0:58:F1:9C:93:17:5D:E8:E8:74:D9
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.16.0/22
                  178.92.36.0/22
                  178.93.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5c:1d:8d:d2:61:46:bd:a8:e2:eb:e7:98:e6:39:5d:19:ee:ef:
         9c:da:c9:c3:78:cd:1b:ac:8a:97:0f:71:83:78:4e:b2:09:eb:
         03:cd:8b:a3:a5:da:3e:c1:8f:a9:0d:70:55:30:48:33:91:a3:
         29:44:a8:c8:f0:43:90:6e:e5:8f:03:fe:b0:34:1e:7a:7d:12:
         58:1e:21:e0:c3:3b:13:bc:2d:94:a5:39:28:71:a1:73:cd:d1:
         a7:59:54:4d:46:bc:41:e7:a2:89:7c:6a:0c:32:49:79:97:b3:
         e2:7a:da:eb:3e:89:09:48:d4:d5:94:bf:22:41:08:5d:fc:33:
         63:e7:03:19:39:38:6c:1b:45:0a:5c:c5:40:15:65:92:14:97:
         ca:eb:ee:4d:76:2f:64:c9:37:40:be:cc:f1:1e:e8:fe:4c:7a:
         77:01:ad:d2:24:f8:be:ad:b9:18:9a:55:33:25:28:f4:70:32:
         75:e1:e0:93:d2:af:cb:13:07:54:47:f6:6f:f0:35:9a:44:d3:
         ac:46:fb:a3:3c:ed:51:ae:0e:d2:05:ac:19:c1:39:a8:16:5b:
         7c:82:74:9b:a4:0a:83:f1:d3:d2:a3:34:aa:c2:94:36:ce:2d:
         7d:98:93:9c:bf:d2:0f:c5:da:d3:bd:dd:eb:db:34:8f:7b:c8:
         76:b2:91:04
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUDtM0wAqoENwfm+uvjR/amU3vuQQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MjkxODM5NDhaFw0yNjA4MjgxODQ0NDhaMDMxMTAvBgNV
BAMTKEE1MDU0Q0QyREIxMDQ1MDdDN0IwNThGMTlDOTMxNzVERThFODc0RDkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZI5ls56eIizlD84vQ9f4x82TO
2zrj+aM/73MMVbFqPrzQ+ugR6ioAE+mOv8szxmbRtCpVMl6TQ4wPk+q4wv95AlhQ
irZkWI2Eq/mqiwHdy6KoBeC7LBAvciBNgz7Gs52Tk1vH/bpaH/3oJWQv1A9MjjHY
+aFChttVvsZKjrPV5bqcEW46jQKgeSE+q27pZM/VOhYHuLC0J4wOP1XbJyAJtNCf
SBIzzbXJ+osktMKnNfvvnufg0gQwi2z4gOsPmfwfKCPV7k7KJ7+MxQ64GPJFV41W
jrdGwTLTDV0I/C2OyHqdYcAsCAnQCnvDRx9hj183dpAEN+iIy+ck2sbrYpLBAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUpQVM0tsQRQfHsFjxnJMXXejodNkwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCslwQ
AwQCslwkAwQCsl0AMA0GCSqGSIb3DQEBCwUAA4IBAQBcHY3SYUa9qOLr55jmOV0Z
7u+c2snDeM0brIqXD3GDeE6yCesDzYujpdo+wY+pDXBVMEgzkaMpRKjI8EOQbuWP
A/6wNB56fRJYHiHgwzsTvC2UpTkocaFzzdGnWVRNRrxB56KJfGoMMkl5l7Pietrr
PokJSNTVlL8iQQhd/DNj5wMZOThsG0UKXMVAFWWSFJfK6+5Ndi9kyTdAvszxHuj+
THp3Aa3SJPi+rbkYmlUzJSj0cDJ14eCT0q/LEwdUR/Zv8DWaRNOsRvujPO1Rrg7S
BawZwTmoFlt8gnSbpAqD8dPSozSqwpQ2zi19mJOcv9IPxdrTvd3r2zSPe8h2spEE
-----END CERTIFICATE-----