Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
File:                     AS395374.roa (raw, json)
Hash identifier:          7TunPevFoMs4G3awrBna8t2HilNOZDITIMyxYj2TATk=
Subject key identifier:   BA:64:65:66:CD:18:7E:3F:C1:3C:5F:4D:EB:EC:56:07:2B:22:EE:A0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5C2A6E302D99DCB2160B30424FD09F0078F8E3E5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa
Signing time:             Tue 06 May 2025 11:32:38 +0000
ROA not before:           Tue 06 May 2025 11:27:38 +0000
ROA not after:            Tue 05 May 2026 11:32:38 +0000
asID:                     395374
IP address blocks:        143.14.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5c:2a:6e:30:2d:99:dc:b2:16:0b:30:42:4f:d0:9f:00:78:f8:e3:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 11:27:38 2025 GMT
            Not After : May  5 11:32:38 2026 GMT
        Subject: CN=BA646566CD187E3FC13C5F4DEBEC56072B22EEA0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:6d:65:3d:cd:62:c7:10:65:e5:35:e1:4e:da:
                    14:d5:2b:28:92:33:db:8b:78:14:95:5e:51:fa:01:
                    1d:6d:9f:b8:2a:8d:aa:e3:c3:82:e9:7f:c7:d1:c8:
                    7f:9a:b4:99:32:66:81:77:f8:32:57:59:a7:43:a7:
                    d6:48:b9:6e:21:cc:a3:39:c1:a4:bb:ab:0d:ec:71:
                    7a:12:94:ff:c6:c5:fb:82:8a:37:63:6a:04:da:ce:
                    4e:1f:3c:bf:4a:9b:4d:7e:c7:e3:99:79:12:fc:9a:
                    2d:9e:7a:13:c8:7b:3d:d6:bb:bd:b7:bf:11:07:2d:
                    eb:96:6d:fa:2f:ef:36:73:9d:0d:ac:62:61:f7:fd:
                    7d:af:ab:04:f4:58:26:4d:7f:e5:84:61:ce:94:d4:
                    8d:81:43:d5:dd:cb:58:33:8e:92:ef:e0:46:97:c9:
                    22:8b:6e:1a:b7:fd:77:6a:b2:07:e9:45:f7:29:94:
                    94:43:95:7b:af:63:21:cf:0c:a4:ac:f2:86:f0:2b:
                    9b:62:e4:b0:00:07:6a:1a:4f:53:8d:45:2d:b4:0f:
                    6c:e2:6d:61:67:72:c0:e4:ba:38:a5:83:78:66:98:
                    96:1a:73:d3:fc:41:25:7f:95:fe:83:38:7d:83:fb:
                    d3:bd:87:25:53:94:59:45:ee:76:5a:91:05:10:96:
                    3e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:64:65:66:CD:18:7E:3F:C1:3C:5F:4D:EB:EC:56:07:2B:22:EE:A0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS395374.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:b4:d8:df:37:1f:98:cf:8c:07:8f:cd:95:93:28:d0:b8:e2:
         51:ca:20:cc:21:f0:1f:59:1e:09:8b:51:66:52:bf:ba:73:30:
         a2:d4:ca:58:54:b2:cf:12:f6:a9:be:35:93:ab:42:36:d1:37:
         ab:bb:cc:f7:04:91:96:e7:81:0e:5a:0b:71:ab:08:1f:22:9a:
         8f:1c:3c:97:2d:b0:05:c0:04:98:ba:10:26:b6:6e:22:a7:b9:
         04:f8:01:1d:cd:01:3f:25:e3:00:88:c5:aa:e7:09:20:18:77:
         e2:fb:cc:35:7b:b3:7b:72:24:d7:55:01:da:8b:c2:4f:cb:10:
         75:fd:50:24:03:30:ec:e8:b3:48:19:39:84:fb:c2:3c:16:37:
         c6:9b:ef:d5:a2:d2:98:91:8e:57:77:ec:ce:06:fa:e0:c3:e7:
         d2:b7:4a:39:f7:ed:39:b1:e1:8f:52:86:5c:9a:08:37:78:0f:
         4e:5a:b2:90:ef:9e:c8:63:18:eb:6a:c5:5e:92:8d:1c:62:04:
         b6:9d:f0:62:9d:76:da:6d:07:a3:48:f4:e8:fc:17:41:28:2b:
         e5:8c:85:34:b7:37:87:a4:c1:c5:52:78:53:ca:97:74:bc:e9:
         2a:e7:55:36:d2:b9:be:48:f8:31:b9:69:72:37:ca:68:82:c2:
         76:a4:a4:c6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUXCpuMC2Z3LIWCzBCT9CfAHj44+UwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDYxMTI3MzhaFw0yNjA1MDUxMTMyMzhaMDMxMTAvBgNV
BAMTKEJBNjQ2NTY2Q0QxODdFM0ZDMTNDNUY0REVCRUM1NjA3MkIyMkVFQTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7bWU9zWLHEGXlNeFO2hTVKyiS
M9uLeBSVXlH6AR1tn7gqjarjw4Lpf8fRyH+atJkyZoF3+DJXWadDp9ZIuW4hzKM5
waS7qw3scXoSlP/GxfuCijdjagTazk4fPL9Km01+x+OZeRL8mi2eehPIez3Wu723
vxEHLeuWbfov7zZznQ2sYmH3/X2vqwT0WCZNf+WEYc6U1I2BQ9Xdy1gzjpLv4EaX
ySKLbhq3/XdqsgfpRfcplJRDlXuvYyHPDKSs8obwK5ti5LAAB2oaT1ONRS20D2zi
bWFncsDkujilg3hmmJYac9P8QSV/lf6DOH2D+9O9hyVTlFlF7nZakQUQlj4xAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUumRlZs0Yfj/BPF9N6+xWBysi7qAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk1Mzc0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjw6B
MA0GCSqGSIb3DQEBCwUAA4IBAQBptNjfNx+Yz4wHj82VkyjQuOJRyiDMIfAfWR4J
i1FmUr+6czCi1MpYVLLPEvapvjWTq0I20Teru8z3BJGW54EOWgtxqwgfIpqPHDyX
LbAFwASYuhAmtm4ip7kE+AEdzQE/JeMAiMWq5wkgGHfi+8w1e7N7ciTXVQHai8JP
yxB1/VAkAzDs6LNIGTmE+8I8FjfGm+/VotKYkY5Xd+zOBvrgw+fSt0o59+05seGP
UoZcmgg3eA9OWrKQ757IYxjrasVeko0cYgS2nfBinXbabQejSPTo/BdBKCvljIU0
tzeHpMHFUnhTypd0vOkq51U20rm+SPgxuWlyN8pogsJ2pKTG
-----END CERTIFICATE-----