Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402252.roa
File:                     AS402252.roa (raw, json)
Hash identifier:          15RS23TTYmHrefYmBIiIun0xXOVIABaWO/gtn/+5GTU=
Subject key identifier:   16:92:CB:1D:AA:98:4B:09:6E:DB:5B:92:E7:11:4A:9A:1E:54:01:C2
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       09C1713A3F2E236C5ACC8E1146DC284AA8831F49
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402252.roa
Signing time:             Thu 12 Mar 2026 09:16:15 +0000
ROA not before:           Thu 12 Mar 2026 09:11:15 +0000
ROA not after:            Thu 11 Mar 2027 09:16:15 +0000
asID:                     402252
IP address blocks:        178.93.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:c1:71:3a:3f:2e:23:6c:5a:cc:8e:11:46:dc:28:4a:a8:83:1f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Mar 12 09:11:15 2026 GMT
            Not After : Mar 11 09:16:15 2027 GMT
        Subject: CN=1692CB1DAA984B096EDB5B92E7114A9A1E5401C2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0d:13:c6:34:b6:1a:ba:6f:e7:82:3b:65:63:
                    80:bf:80:ec:56:a8:3a:a7:5f:76:9e:08:4b:f3:65:
                    62:d4:4e:f4:4f:11:df:7b:e8:86:fb:fe:64:9d:65:
                    cc:af:aa:a7:25:f9:17:88:9f:c7:fa:98:da:43:f3:
                    38:82:6e:a7:5b:b9:52:6d:97:22:09:67:1c:61:77:
                    27:df:cd:0e:71:69:02:29:59:93:9d:99:c0:31:ca:
                    58:c0:32:59:3d:27:5d:e4:52:6e:4f:e0:e9:e0:81:
                    ce:ca:d3:5e:cd:6b:19:58:48:6c:5f:e0:0d:f1:7d:
                    a7:35:69:2b:81:de:4f:39:d8:87:1e:fd:df:a0:26:
                    2d:b5:87:e5:36:87:08:c2:da:d7:80:e2:25:af:4b:
                    b5:04:03:b7:2e:b9:c3:7a:e7:da:80:af:42:75:c4:
                    d7:86:ef:21:c9:f0:f8:0e:a6:e9:81:78:86:29:8d:
                    bb:af:b5:f8:9d:40:c6:b6:8e:48:83:26:71:0b:84:
                    82:22:3e:6c:26:05:73:c9:d0:f3:cf:ea:66:7e:b8:
                    d5:e6:93:b5:c5:ce:0d:d1:04:2f:ab:4b:6c:7d:57:
                    05:ab:44:65:f3:95:9e:d4:f7:59:0d:c1:2e:5a:c6:
                    0d:02:82:f0:62:ee:4b:b1:ed:62:e4:73:b2:89:5a:
                    fa:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:92:CB:1D:AA:98:4B:09:6E:DB:5B:92:E7:11:4A:9A:1E:54:01:C2
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS402252.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.93.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:b1:d8:7e:3c:92:99:9d:c8:3e:cc:82:ac:56:b5:b2:27:cb:
         79:46:37:4a:71:e3:9a:9b:da:ac:37:f3:94:55:f9:bf:7d:9b:
         62:70:09:97:9e:05:8c:ac:c6:f6:78:d9:76:8d:dd:92:a9:2c:
         ad:51:00:0c:37:9c:64:16:ba:fe:04:e4:60:c0:0b:66:4e:47:
         53:05:c3:75:cd:d0:de:f5:dd:31:a9:c4:c1:d0:d4:8e:de:1b:
         41:a0:5f:ca:13:fe:0d:0c:90:db:1c:49:9a:73:b1:fa:78:56:
         38:f8:d9:1a:97:f8:2f:57:6b:8e:1c:0b:f1:21:fa:30:01:3c:
         1d:7e:95:20:e6:ad:ab:99:fa:4c:53:63:3b:51:58:42:7d:f1:
         5a:b1:7d:30:c5:27:13:81:58:6f:ea:31:3b:58:28:3e:9f:19:
         7e:40:5d:bb:d3:ae:2e:32:99:20:5a:fa:a8:82:33:df:46:6e:
         67:4c:18:6d:56:d3:85:30:9e:be:e7:ce:c3:04:44:58:28:50:
         07:f5:4e:de:d2:a9:6e:83:70:07:ac:c9:80:e2:78:8b:54:e7:
         f4:b2:d2:b8:9e:41:67:78:12:db:03:3a:c1:7b:8d:1e:f3:92:
         21:b9:25:99:63:d9:55:a6:b3:2d:ef:b2:b6:1f:57:1e:9d:d1:
         ef:eb:57:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUCcFxOj8uI2xazI4RRtwoSqiDH0kwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNjAzMTIwOTExMTVaFw0yNzAzMTEwOTE2MTVaMDMxMTAvBgNV
BAMTKDE2OTJDQjFEQUE5ODRCMDk2RURCNUI5MkU3MTE0QTlBMUU1NDAxQzIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6DRPGNLYaum/ngjtlY4C/gOxW
qDqnX3aeCEvzZWLUTvRPEd976Ib7/mSdZcyvqqcl+ReIn8f6mNpD8ziCbqdbuVJt
lyIJZxxhdyffzQ5xaQIpWZOdmcAxyljAMlk9J13kUm5P4Onggc7K017NaxlYSGxf
4A3xfac1aSuB3k852Ice/d+gJi21h+U2hwjC2teA4iWvS7UEA7cuucN659qAr0J1
xNeG7yHJ8PgOpumBeIYpjbuvtfidQMa2jkiDJnELhIIiPmwmBXPJ0PPP6mZ+uNXm
k7XFzg3RBC+rS2x9VwWrRGXzlZ7U91kNwS5axg0CgvBi7kux7WLkc7KJWvqzAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUFpLLHaqYSwlu21uS5xFKmh5UAcIwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTNDAyMjUyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsl1b
MA0GCSqGSIb3DQEBCwUAA4IBAQA3sdh+PJKZncg+zIKsVrWyJ8t5RjdKceOam9qs
N/OUVfm/fZticAmXngWMrMb2eNl2jd2SqSytUQAMN5xkFrr+BORgwAtmTkdTBcN1
zdDe9d0xqcTB0NSO3htBoF/KE/4NDJDbHEmac7H6eFY4+Nkal/gvV2uOHAvxIfow
ATwdfpUg5q2rmfpMU2M7UVhCffFasX0wxScTgVhv6jE7WCg+nxl+QF27064uMpkg
WvqogjPfRm5nTBhtVtOFMJ6+587DBERYKFAH9U7e0qlug3AHrMmA4niLVOf0stK4
nkFneBLbAzrBe40e85IhuSWZY9lVprMt77K2H1cendHv61d7
-----END CERTIFICATE-----