Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          6SDn7obIfVRGxwRr6kf2bntzEzK8A0jhDXa8p167YZM=
Subject key identifier:   CC:75:D0:8B:2E:A2:F4:67:BE:75:AE:B6:BF:2B:51:27:18:BB:B4:E2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       68BE37958BA2C797B7D89DCD2AB376BA4D31CD70
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
Signing time:             Fri 06 Jun 2025 01:56:19 +0000
ROA not before:           Fri 06 Jun 2025 01:51:19 +0000
ROA not after:            Fri 05 Jun 2026 01:56:19 +0000
asID:                     395374
IP address blocks:        143.14.129.0/24 maxlen: 24
                          143.14.255.0/24 maxlen: 24
                          162.141.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 02:13:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            68:be:37:95:8b:a2:c7:97:b7:d8:9d:cd:2a:b3:76:ba:4d:31:cd:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  6 01:51:19 2025 GMT
            Not After : Jun  5 01:56:19 2026 GMT
        Subject: CN=CC75D08B2EA2F467BE75AEB6BF2B512718BBB4E2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:f5:bb:f4:68:76:f8:fc:1b:6d:81:bf:82:16:
                    6d:9b:5c:9c:e5:13:05:6d:ab:c4:13:36:6d:9c:b0:
                    b0:47:78:89:ed:45:79:f4:0f:6d:d4:9b:c8:94:a4:
                    a6:eb:f3:1b:b2:64:4f:db:97:dd:e2:54:bc:2e:96:
                    6f:1a:17:13:77:0b:78:62:37:18:ce:ff:81:4c:4b:
                    38:24:fa:0b:d6:23:28:19:a6:dd:76:2f:2f:c6:45:
                    2c:be:58:c8:d6:cb:33:07:a3:a4:22:c9:a0:cd:61:
                    7e:01:bc:3b:70:32:96:ee:bb:8f:a4:38:75:14:c1:
                    6d:81:40:f2:14:c2:68:da:bc:4b:ec:b1:f9:36:59:
                    fa:f0:d6:d4:95:dd:b1:f2:d9:45:34:33:e8:7d:55:
                    88:d7:23:59:7f:7c:79:c2:c0:db:96:b9:3b:ee:26:
                    7a:a5:42:6b:0b:1d:95:81:75:13:4f:9b:d8:79:ce:
                    5c:1a:59:0c:ca:d3:59:11:5d:bd:9e:f1:63:1c:2a:
                    f6:59:a0:ef:52:ca:ee:ff:28:68:58:c8:be:5c:4e:
                    63:4d:a6:f9:2b:5d:9f:24:08:ce:26:0a:43:3e:2a:
                    14:d1:28:9b:c8:2e:22:30:3f:e6:98:09:6e:a6:91:
                    6d:42:10:f2:83:4c:17:b6:22:d5:2f:a3:7f:d6:bb:
                    a7:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:75:D0:8B:2E:A2:F4:67:BE:75:AE:B6:BF:2B:51:27:18:BB:B4:E2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.129.0/24
                  143.14.255.0/24
                  162.141.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c7:28:89:78:88:e2:47:b2:e9:76:3e:3c:e8:fb:91:ac:5d:
         de:05:7e:05:0e:8f:a4:03:d4:7a:15:4a:73:72:c3:1d:78:6a:
         48:3a:65:57:2e:af:ab:45:87:8e:d6:94:22:9a:10:6e:38:49:
         12:4a:3e:49:ee:4c:ce:b3:7d:97:1f:15:73:56:67:a0:98:5d:
         b3:d0:00:3f:ad:e5:9e:b8:b9:79:18:64:28:8c:40:62:02:12:
         56:37:43:7d:1b:41:fb:bd:e0:ef:89:f9:7f:fa:79:79:b7:07:
         24:b2:d8:8e:91:e4:c9:f9:4f:49:ea:9f:58:8b:b4:eb:87:4d:
         a1:b6:ef:31:79:c4:82:55:cf:4c:13:03:27:55:53:9b:d6:de:
         aa:2a:1f:af:36:99:d5:49:6c:01:2f:57:8b:b5:cf:c4:c7:07:
         9b:df:d2:02:a1:29:7f:4a:e0:79:fe:19:6f:8a:3a:78:0d:bc:
         52:2f:35:77:df:6d:30:b7:8e:70:b3:f2:21:dc:db:0c:a9:dc:
         33:d4:45:ff:ca:ab:07:86:da:69:f3:32:c7:7b:11:1a:24:d4:
         a9:37:d9:bf:b5:de:ae:eb:8a:df:12:9d:fa:02:47:c1:6c:f5:
         39:fb:a4:74:ba:8d:55:08:a7:4e:4d:9e:3a:30:92:5d:24:ef:
         b1:d4:53:cc
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUaL43lYuix5e32J3NKrN2uk0xzXAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDYwMTUxMTlaFw0yNjA2MDUwMTU2MTlaMDMxMTAvBgNV
BAMTKENDNzVEMDhCMkVBMkY0NjdCRTc1QUVCNkJGMkI1MTI3MThCQkI0RTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc9bv0aHb4/Bttgb+CFm2bXJzl
EwVtq8QTNm2csLBHeIntRXn0D23Um8iUpKbr8xuyZE/bl93iVLwulm8aFxN3C3hi
NxjO/4FMSzgk+gvWIygZpt12Ly/GRSy+WMjWyzMHo6QiyaDNYX4BvDtwMpbuu4+k
OHUUwW2BQPIUwmjavEvssfk2Wfrw1tSV3bHy2UU0M+h9VYjXI1l/fHnCwNuWuTvu
JnqlQmsLHZWBdRNPm9h5zlwaWQzK01kRXb2e8WMcKvZZoO9Syu7/KGhYyL5cTmNN
pvkrXZ8kCM4mCkM+KhTRKJvILiIwP+aYCW6mkW1CEPKDTBe2ItUvo3/Wu6fLAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUzHXQiy6i9Ge+da62vytRJxi7tOIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjw6B
AwQAjw7/AwQAoo13MA0GCSqGSIb3DQEBCwUAA4IBAQBBxyiJeIjiR7Lpdj486PuR
rF3eBX4FDo+kA9R6FUpzcsMdeGpIOmVXLq+rRYeO1pQimhBuOEkSSj5J7kzOs32X
HxVzVmegmF2z0AA/reWeuLl5GGQojEBiAhJWN0N9G0H7veDvifl/+nl5twckstiO
keTJ+U9J6p9Yi7Trh02htu8xecSCVc9MEwMnVVOb1t6qKh+vNpnVSWwBL1eLtc/E
xweb39ICoSl/SuB5/hlvijp4DbxSLzV3320wt45ws/Ih3NsMqdwz1EX/yqsHhtpp
8zLHexEaJNSpN9m/td6u64rfEp36AkfBbPU5+6R0uo1VCKdOTZ46MJJdJO+x1FPM
-----END CERTIFICATE-----