Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396073.roa
File:                     AS396073.roa (raw, json)
Hash identifier:          gGJ+gNaumecTY/W5XrcAxASktZQAbwWc35DpxoyQ460=
Subject key identifier:   F4:CA:F2:22:67:F7:AF:D8:96:23:09:93:A7:DC:13:ED:BB:B2:E1:73
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1D991AC5F07621020BFA994D49ED1FBE706D80C7
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396073.roa
Signing time:             Mon 23 Jun 2025 13:31:28 +0000
ROA not before:           Mon 23 Jun 2025 13:26:28 +0000
ROA not after:            Mon 22 Jun 2026 13:31:28 +0000
asID:                     396073
IP address blocks:        155.117.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1d:99:1a:c5:f0:76:21:02:0b:fa:99:4d:49:ed:1f:be:70:6d:80:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 23 13:26:28 2025 GMT
            Not After : Jun 22 13:31:28 2026 GMT
        Subject: CN=F4CAF22267F7AFD896230993A7DC13EDBBB2E173
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fd:f2:a5:2c:84:94:97:d7:e2:72:93:b0:e3:
                    cc:0d:fe:19:73:29:5d:fd:54:dd:d1:58:31:ce:b6:
                    fa:1d:08:7a:4e:fe:1e:56:11:17:23:e9:e5:1d:67:
                    9f:10:da:f0:07:25:c4:b1:1d:72:6d:a8:7d:00:63:
                    90:40:41:7f:4c:97:48:75:77:e2:d7:73:3b:33:8a:
                    81:b3:64:39:8c:8b:f6:a4:63:4f:15:f6:4f:e8:14:
                    86:fc:de:52:7f:ff:c5:8d:e7:80:c0:d4:6a:66:0a:
                    61:d9:c4:25:9f:08:9e:d8:fc:b7:ab:14:02:11:65:
                    bd:38:4d:c6:7f:2c:94:68:95:2a:01:cb:32:c8:31:
                    d8:f3:15:5a:dc:d2:f1:11:7c:73:71:42:df:cc:a2:
                    b8:de:e1:b3:95:97:0c:36:40:11:b1:c2:31:d5:fd:
                    8d:78:a5:73:da:2a:a6:4d:49:31:18:19:e4:0e:29:
                    2f:ac:9b:b1:8a:b8:d0:49:b2:37:2d:3b:fd:97:88:
                    07:2e:14:e7:3b:5e:5b:6e:8a:40:2b:a2:7e:9c:12:
                    b6:b3:9e:80:4c:cf:77:84:59:a4:5d:37:18:a1:6e:
                    82:7e:00:97:89:f7:2c:ff:a1:aa:84:c5:df:12:0c:
                    c6:06:0e:75:91:f0:15:49:ea:e2:94:75:dd:08:27:
                    08:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:CA:F2:22:67:F7:AF:D8:96:23:09:93:A7:DC:13:ED:BB:B2:E1:73
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:9f:d5:9f:a6:cb:e8:f4:3d:97:35:bf:d8:04:05:ef:85:e4:
         0e:34:bf:69:76:fb:d4:63:e9:88:92:7d:8e:17:8a:3a:38:38:
         94:1d:16:3e:0c:06:2f:7d:63:37:4b:9a:ec:fb:81:85:c8:6f:
         b0:42:ff:b1:21:06:54:fd:8a:c2:5c:b1:03:10:8e:c1:a4:59:
         47:03:b6:c0:d1:df:bc:c1:5b:1d:56:f6:0f:05:f2:5c:de:3d:
         78:05:e8:35:7e:a9:dd:05:98:2f:f4:fe:0c:7f:ce:fc:10:47:
         4e:49:56:c8:ec:28:5c:98:74:05:8a:6a:e4:8c:e9:2e:fb:e4:
         f0:ab:d7:57:3f:84:b3:d9:d8:f5:de:0e:1c:f6:9b:ba:b9:e5:
         5e:38:80:bc:13:dc:0e:97:35:e8:8f:89:d5:8a:c3:41:71:50:
         52:55:4c:1a:94:f5:ee:25:6e:bb:e4:3a:f0:83:31:ad:98:a1:
         d8:6d:28:21:b1:51:6a:45:7c:dd:97:ec:80:91:d3:da:c7:7d:
         e6:1c:6d:59:c4:8f:36:2d:9f:d0:ed:55:df:60:f7:ea:65:16:
         fb:11:ec:98:7e:16:05:f4:c3:46:7e:05:74:48:ec:02:9f:43:
         79:09:cc:65:1d:71:11:ef:6f:f6:4e:b5:9e:24:32:a3:bd:ba:
         3e:d8:f1:54
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUHZkaxfB2IQIL+plNSe0fvnBtgMcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjMxMzI2MjhaFw0yNjA2MjIxMzMxMjhaMDMxMTAvBgNV
BAMTKEY0Q0FGMjIyNjdGN0FGRDg5NjIzMDk5M0E3REMxM0VEQkJCMkUxNzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa/fKlLISUl9ficpOw48wN/hlz
KV39VN3RWDHOtvodCHpO/h5WERcj6eUdZ58Q2vAHJcSxHXJtqH0AY5BAQX9Ml0h1
d+LXczszioGzZDmMi/akY08V9k/oFIb83lJ//8WN54DA1GpmCmHZxCWfCJ7Y/Ler
FAIRZb04TcZ/LJRolSoByzLIMdjzFVrc0vERfHNxQt/Morje4bOVlww2QBGxwjHV
/Y14pXPaKqZNSTEYGeQOKS+sm7GKuNBJsjctO/2XiAcuFOc7XltuikAron6cEraz
noBMz3eEWaRdNxihboJ+AJeJ9yz/oaqExd8SDMYGDnWR8BVJ6uKUdd0IJwgVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU9MryImf3r9iWIwmTp9wT7buy4XMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk2MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAm3Vk
MA0GCSqGSIb3DQEBCwUAA4IBAQBxn9Wfpsvo9D2XNb/YBAXvheQONL9pdvvUY+mI
kn2OF4o6ODiUHRY+DAYvfWM3S5rs+4GFyG+wQv+xIQZU/YrCXLEDEI7BpFlHA7bA
0d+8wVsdVvYPBfJc3j14Beg1fqndBZgv9P4Mf878EEdOSVbI7ChcmHQFimrkjOku
++Twq9dXP4Sz2dj13g4c9pu6ueVeOIC8E9wOlzXoj4nVisNBcVBSVUwalPXuJW67
5DrwgzGtmKHYbSghsVFqRXzdl+yAkdPax33mHG1ZxI82LZ/Q7VXfYPfqZRb7EeyY
fhYF9MNGfgV0SOwCn0N5CcxlHXER72/2TrWeJDKjvbo+2PFU
-----END CERTIFICATE-----