Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          nNlzYx2c+lgVy/bt/iBsdFvfYRDNF+48MKrvVb7wc+A=
Subject key identifier:   4E:F0:FF:F1:F3:38:11:B5:34:C2:F6:CD:A4:8F:4C:E2:8D:62:9D:65
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7610212E191A59E63EBC5BD4784D6947AE42E690
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa
Signing time:             Thu 19 Jun 2025 00:00:36 +0000
ROA not before:           Wed 18 Jun 2025 23:55:36 +0000
ROA not after:            Thu 18 Jun 2026 00:00:36 +0000
asID:                     398704
IP address blocks:        162.141.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:10:21:2e:19:1a:59:e6:3e:bc:5b:d4:78:4d:69:47:ae:42:e6:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 18 23:55:36 2025 GMT
            Not After : Jun 18 00:00:36 2026 GMT
        Subject: CN=4EF0FFF1F33811B534C2F6CDA48F4CE28D629D65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:81:ad:f4:1c:58:d6:97:00:86:e1:cd:41:1e:
                    ab:d8:ca:65:17:88:d0:d8:e4:e3:84:95:c8:a5:38:
                    7e:e8:f6:12:ca:a3:3b:8a:53:7c:d6:76:36:b1:e1:
                    65:54:ec:29:7b:6d:13:5b:2c:5e:b0:19:b8:ff:6e:
                    0f:13:37:74:87:72:73:c2:7d:6a:3c:f8:a5:4c:f1:
                    ad:4e:85:e2:e0:38:a6:58:e0:8a:95:ce:30:6f:db:
                    b8:e3:aa:1e:c2:1e:99:9b:4a:26:b5:8c:06:0e:c0:
                    9e:fc:7f:2c:fd:fa:d6:19:57:95:a8:55:9b:63:68:
                    63:5c:5e:ea:bb:7d:f8:4d:92:10:79:9f:0d:c3:6d:
                    c4:e6:82:a6:d9:4e:b0:91:29:ec:af:dc:b7:d1:7c:
                    31:cc:cc:10:93:bb:de:0a:20:50:a8:4c:64:22:34:
                    85:69:60:f3:3d:07:f9:8e:11:d2:36:4f:47:9b:15:
                    ef:ce:ec:a4:e2:24:21:05:d1:02:18:80:e5:51:35:
                    ba:37:4c:4e:7f:56:79:c6:f1:94:5c:9e:0f:e7:cf:
                    88:8f:02:5b:ee:cf:2e:e5:8c:ae:0b:b3:fc:d6:3a:
                    39:c7:8c:2a:57:b0:c1:f8:60:77:58:15:d1:7e:c8:
                    30:7a:33:e4:c5:85:7b:99:d7:73:e8:a4:d2:d4:20:
                    dd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:F0:FF:F1:F3:38:11:B5:34:C2:F6:CD:A4:8F:4C:E2:8D:62:9D:65
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:74:df:e0:04:7f:0c:16:15:bd:72:88:c5:cc:e0:fe:06:8e:
         97:99:a8:e5:45:90:9a:94:9e:fe:4c:f3:2b:80:5a:35:40:6c:
         b2:ee:52:e1:0f:a4:4d:88:65:e2:29:21:58:5a:9d:e3:84:8a:
         28:ea:cd:fd:0f:b4:a0:1b:47:aa:b4:95:29:b9:79:56:88:3b:
         ce:7d:a8:0c:f8:ec:f4:cd:7c:2b:b7:b4:01:f0:bc:6b:00:40:
         8f:79:e3:50:a1:f5:dc:f2:fb:2f:73:66:03:67:2f:dd:0c:53:
         fb:ff:84:c1:12:27:6d:08:fe:1f:77:f4:f8:b5:95:42:60:34:
         dc:3f:1c:90:62:ff:9b:29:33:85:c2:8c:82:ff:85:48:1f:00:
         7e:bc:96:38:b2:fe:d1:07:6d:3d:c1:9a:bd:eb:98:9e:27:1b:
         78:4e:26:55:1d:4a:33:a8:73:17:e9:47:68:86:4e:12:ff:79:
         42:cf:2b:6b:f0:0b:56:62:6d:18:e1:8e:d8:a7:fb:08:9d:a6:
         ec:8b:a2:53:62:76:87:43:8d:e7:b4:27:a8:eb:c7:8d:ce:94:
         34:75:88:37:7b:97:a3:57:8b:3c:87:a1:9c:0b:08:f3:f0:a5:
         0d:32:92:ad:a1:64:8e:40:84:2d:27:1d:68:89:af:28:fe:b5:
         cf:4b:05:5e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdhAhLhkaWeY+vFvUeE1pR65C5pAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTgyMzU1MzZaFw0yNjA2MTgwMDAwMzZaMDMxMTAvBgNV
BAMTKDRFRjBGRkYxRjMzODExQjUzNEMyRjZDREE0OEY0Q0UyOEQ2MjlENjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqga30HFjWlwCG4c1BHqvYymUX
iNDY5OOElcilOH7o9hLKozuKU3zWdjax4WVU7Cl7bRNbLF6wGbj/bg8TN3SHcnPC
fWo8+KVM8a1OheLgOKZY4IqVzjBv27jjqh7CHpmbSia1jAYOwJ78fyz9+tYZV5Wo
VZtjaGNcXuq7ffhNkhB5nw3DbcTmgqbZTrCRKeyv3LfRfDHMzBCTu94KIFCoTGQi
NIVpYPM9B/mOEdI2T0ebFe/O7KTiJCEF0QIYgOVRNbo3TE5/VnnG8ZRcng/nz4iP
Alvuzy7ljK4Ls/zWOjnHjCpXsMH4YHdYFdF+yDB6M+TFhXuZ13PopNLUIN3zAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUTvD/8fM4EbU0wvbNpI9M4o1inWUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo14
MA0GCSqGSIb3DQEBCwUAA4IBAQA2dN/gBH8MFhW9cojFzOD+Bo6XmajlRZCalJ7+
TPMrgFo1QGyy7lLhD6RNiGXiKSFYWp3jhIoo6s39D7SgG0eqtJUpuXlWiDvOfagM
+Oz0zXwrt7QB8LxrAECPeeNQofXc8vsvc2YDZy/dDFP7/4TBEidtCP4fd/T4tZVC
YDTcPxyQYv+bKTOFwoyC/4VIHwB+vJY4sv7RB209wZq965ieJxt4TiZVHUozqHMX
6Udohk4S/3lCzytr8AtWYm0Y4Y7Yp/sInabsi6JTYnaHQ43ntCeo68eNzpQ0dYg3
e5ejV4s8h6GcCwjz8KUNMpKtoWSOQIQtJx1oia8o/rXPSwVe
-----END CERTIFICATE-----