Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS394177.roa
File:                     AS394177.roa (raw, json)
Hash identifier:          LMUhrfGJJzSvf/JkYBpZSTdwce4Vf8RMYb17YVZGv0A=
Subject key identifier:   25:7F:52:71:1C:E4:74:58:6E:C3:AA:E4:00:8F:FF:5A:9C:59:43:8E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5D45C371187FF80558B3CB43E5B965445CAFCED2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS394177.roa
Signing time:             Wed 06 Aug 2025 17:32:16 +0000
ROA not before:           Wed 06 Aug 2025 17:27:16 +0000
ROA not after:            Wed 05 Aug 2026 17:32:16 +0000
asID:                     394177
IP address blocks:        155.117.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:50:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:45:c3:71:18:7f:f8:05:58:b3:cb:43:e5:b9:65:44:5c:af:ce:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  6 17:27:16 2025 GMT
            Not After : Aug  5 17:32:16 2026 GMT
        Subject: CN=257F52711CE474586EC3AAE4008FFF5A9C59438E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:77:04:61:c8:cf:7d:28:97:ef:89:ef:0d:4d:
                    6f:5c:5f:0f:cd:db:28:0f:be:15:1e:78:10:3b:a9:
                    d3:fb:85:bd:6f:0c:3e:13:99:5b:5d:d8:40:b9:ab:
                    d8:c6:4c:45:63:bc:08:41:e7:f6:5e:87:84:cb:44:
                    0c:04:fc:74:7e:8e:30:47:44:0b:12:14:28:4c:7c:
                    6d:8e:14:66:02:8e:6a:0a:4c:1d:43:9d:9e:bd:06:
                    36:f5:b5:b8:30:b0:50:25:3f:7d:80:e0:ee:92:85:
                    c6:1d:a1:87:5f:4e:f4:dc:6a:d1:2b:be:1f:47:0b:
                    30:a0:4c:9e:58:5e:4d:a9:8c:81:fa:d9:c5:2c:c8:
                    21:f1:a2:e1:10:0a:e3:6e:cb:96:81:15:0d:76:74:
                    3f:58:49:ea:85:ce:98:e4:28:93:6f:9f:09:c7:9b:
                    2c:dd:ea:b7:93:bc:56:60:69:20:17:66:17:70:bc:
                    b2:f9:ed:2c:4d:be:c2:4e:17:a5:46:36:6c:ee:22:
                    62:26:88:9c:f6:b9:1b:9b:13:e7:52:fb:cd:80:11:
                    8d:87:8e:8d:86:c0:2d:a5:ee:86:ca:51:4a:9e:3e:
                    fb:b1:4b:74:f8:a8:53:1d:99:7e:99:32:b1:d6:99:
                    70:37:bb:ba:bd:b5:20:f6:0a:08:ad:f9:3c:94:cc:
                    dd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:7F:52:71:1C:E4:74:58:6E:C3:AA:E4:00:8F:FF:5A:9C:59:43:8E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS394177.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:10:ff:9d:54:c8:b6:71:e5:0d:80:b9:4f:7e:e2:d6:d1:15:
         b6:58:74:37:f4:c8:df:31:4e:7b:aa:a0:3f:35:bd:f1:28:c9:
         ea:da:81:00:62:06:64:97:64:28:8b:d6:31:f1:90:32:43:92:
         c4:5e:9c:d9:98:a9:ce:02:7c:61:87:32:e3:99:cb:99:53:47:
         e9:32:09:b0:b0:73:85:b7:28:77:8a:05:1d:e2:16:aa:d9:2b:
         fe:18:b4:99:a8:c9:70:ab:8b:3f:54:8d:4b:d0:95:ff:b6:53:
         34:ef:a9:8e:d3:f3:1c:98:4c:0b:28:de:ad:7d:5a:84:1a:8d:
         d8:48:f0:6a:1e:cf:d2:74:ec:38:f4:0b:b3:74:9e:56:e1:1d:
         7a:e3:0a:73:7d:54:0c:fc:f3:5c:52:2b:45:44:87:d1:dc:a8:
         83:34:30:76:31:db:e6:a7:33:03:99:e7:27:13:19:c2:e6:72:
         b2:28:9c:7a:d6:c1:a0:03:75:5a:b5:67:87:c6:83:2d:a7:86:
         a8:b5:61:66:20:d9:e8:32:c9:48:f5:d0:9b:ca:27:58:3e:28:
         e9:13:9c:7e:3a:49:7f:8e:7e:53:6c:da:40:94:d3:d4:b0:68:
         b9:49:54:3d:1b:10:15:12:e4:7b:7f:29:21:b6:e5:68:84:8c:
         ea:c2:d8:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXUXDcRh/+AVYs8tD5bllRFyvztIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDYxNzI3MTZaFw0yNjA4MDUxNzMyMTZaMDMxMTAvBgNV
BAMTKDI1N0Y1MjcxMUNFNDc0NTg2RUMzQUFFNDAwOEZGRjVBOUM1OTQzOEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDBdwRhyM99KJfvie8NTW9cXw/N
2ygPvhUeeBA7qdP7hb1vDD4TmVtd2EC5q9jGTEVjvAhB5/Zeh4TLRAwE/HR+jjBH
RAsSFChMfG2OFGYCjmoKTB1DnZ69Bjb1tbgwsFAlP32A4O6ShcYdoYdfTvTcatEr
vh9HCzCgTJ5YXk2pjIH62cUsyCHxouEQCuNuy5aBFQ12dD9YSeqFzpjkKJNvnwnH
myzd6reTvFZgaSAXZhdwvLL57SxNvsJOF6VGNmzuImImiJz2uRubE+dS+82AEY2H
jo2GwC2l7obKUUqePvuxS3T4qFMdmX6ZMrHWmXA3u7q9tSD2Cgit+TyUzN3ZAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUJX9ScRzkdFhuw6rkAI//WpxZQ44wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk0MTc3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3UU
MA0GCSqGSIb3DQEBCwUAA4IBAQAUEP+dVMi2ceUNgLlPfuLW0RW2WHQ39MjfMU57
qqA/Nb3xKMnq2oEAYgZkl2Qoi9Yx8ZAyQ5LEXpzZmKnOAnxhhzLjmcuZU0fpMgmw
sHOFtyh3igUd4haq2Sv+GLSZqMlwq4s/VI1L0JX/tlM076mO0/McmEwLKN6tfVqE
Go3YSPBqHs/SdOw49AuzdJ5W4R164wpzfVQM/PNcUitFRIfR3KiDNDB2MdvmpzMD
mecnExnC5nKyKJx61sGgA3VatWeHxoMtp4aotWFmINnoMslI9dCbyidYPijpE5x+
Okl/jn5TbNpAlNPUsGi5SVQ9GxAVEuR7fykhtuVohIzqwtg5
-----END CERTIFICATE-----