Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa
File:                     AS54339.roa (raw, json)
Hash identifier:          oKFpoBZDqUbiC8DjMjfeRF3q/hFs0BQGbYm0wggloOE=
Subject key identifier:   C4:C2:35:D7:9E:A4:43:1A:34:96:BA:BB:59:F0:93:90:21:E5:E1:1D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       394967352C5AF964372D0DD3CD18CEA32810B923
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa
Signing time:             Sun 29 Jun 2025 00:00:39 +0000
ROA not before:           Sat 28 Jun 2025 23:55:39 +0000
ROA not after:            Sun 28 Jun 2026 00:00:39 +0000
asID:                     54339
IP address blocks:        143.14.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            39:49:67:35:2c:5a:f9:64:37:2d:0d:d3:cd:18:ce:a3:28:10:b9:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 28 23:55:39 2025 GMT
            Not After : Jun 28 00:00:39 2026 GMT
        Subject: CN=C4C235D79EA4431A3496BABB59F0939021E5E11D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:c9:a1:2b:9d:6f:4f:db:90:e6:80:ec:4b:48:
                    3d:ac:52:c7:d5:66:ee:37:05:52:39:31:6b:e4:d5:
                    0f:c2:99:37:a2:84:70:52:cf:38:89:97:1e:9a:d8:
                    d2:66:80:f2:a7:5a:41:56:6b:e3:21:ea:e3:f7:b4:
                    ca:5d:9f:a4:dc:16:f8:9d:8d:44:c2:c9:9e:7c:f5:
                    c4:54:42:c1:ef:e3:39:ce:b7:25:7e:20:10:2b:80:
                    66:f9:2c:88:43:36:e3:ba:2d:62:60:69:dd:f5:6a:
                    8f:fe:c9:e5:6a:75:35:cc:8c:b2:0e:c1:34:e3:86:
                    09:8b:68:b9:1a:c0:af:10:15:a9:b8:ef:ab:7f:66:
                    a3:d0:f3:63:f9:cf:17:ed:63:63:81:5c:34:e7:da:
                    8c:6c:58:d4:ca:98:bb:2f:d7:de:0d:9d:76:ac:c9:
                    13:b7:20:8c:7d:c2:62:42:8d:7c:de:0d:81:88:b1:
                    9e:fb:b8:bf:ec:a6:d7:05:2d:4b:c6:72:45:3e:a3:
                    32:33:69:c7:ac:8c:29:e9:75:73:58:89:7a:8e:d9:
                    c3:5f:a8:3f:f6:0f:65:5a:2c:e4:d3:96:e4:a3:47:
                    22:e4:8e:d0:2e:02:8b:4c:e6:c5:cc:b7:01:d7:86:
                    4f:bd:18:68:7f:2f:9a:3e:75:06:bf:97:d4:71:d0:
                    0b:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:C2:35:D7:9E:A4:43:1A:34:96:BA:BB:59:F0:93:90:21:E5:E1:1D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:91:49:08:20:f8:a7:a0:e8:8f:00:1d:ae:cd:41:32:06:9b:
         61:78:b6:6e:a5:ab:e1:6b:50:8f:00:b8:0c:41:98:da:14:79:
         1d:b6:05:39:c0:49:14:48:6e:0a:63:fc:90:ed:db:ca:98:5f:
         3a:4b:aa:0a:b1:8e:76:91:5f:cf:d5:68:ec:39:c0:fc:7c:49:
         7d:ee:13:49:48:b0:d4:c7:bf:59:5e:1d:a8:b7:63:59:68:4a:
         a2:3e:9d:06:9e:89:56:64:80:5c:32:61:7c:8c:20:15:5c:80:
         d9:5f:67:58:6e:69:4f:db:48:34:2e:f2:9b:d0:5b:92:51:a3:
         90:5c:13:5a:6b:54:e3:e7:c5:a4:ed:71:43:ca:98:1b:67:c6:
         97:cb:a2:30:ad:04:a7:d3:56:73:76:a6:29:44:98:e9:3d:e7:
         48:e5:3f:30:9e:3d:c6:f6:bf:82:ec:b0:67:4e:53:c5:3d:bb:
         c8:1e:00:20:34:fb:61:3d:70:49:c7:4e:25:f8:f1:ef:19:3c:
         15:bb:17:a9:2a:e2:cd:a8:50:dd:41:e4:f0:9c:a2:2b:eb:2f:
         4d:e1:ed:88:d3:74:54:4d:65:6f:18:96:ba:07:25:94:04:c4:
         44:cf:9a:a0:32:34:e0:2c:77:10:1b:34:b0:4f:dd:69:fd:fe:
         48:0c:ec:f8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUOUlnNSxa+WQ3LQ3TzRjOoygQuSMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MjgyMzU1MzlaFw0yNjA2MjgwMDAwMzlaMDMxMTAvBgNV
BAMTKEM0QzIzNUQ3OUVBNDQzMUEzNDk2QkFCQjU5RjA5MzkwMjFFNUUxMUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDzyaErnW9P25DmgOxLSD2sUsfV
Zu43BVI5MWvk1Q/CmTeihHBSzziJlx6a2NJmgPKnWkFWa+Mh6uP3tMpdn6TcFvid
jUTCyZ589cRUQsHv4znOtyV+IBArgGb5LIhDNuO6LWJgad31ao/+yeVqdTXMjLIO
wTTjhgmLaLkawK8QFam476t/ZqPQ82P5zxftY2OBXDTn2oxsWNTKmLsv194NnXas
yRO3IIx9wmJCjXzeDYGIsZ77uL/sptcFLUvGckU+ozIzacesjCnpdXNYiXqO2cNf
qD/2D2VaLOTTluSjRyLkjtAuAotM5sXMtwHXhk+9GGh/L5o+dQa/l9Rx0AvbAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUxMI1156kQxo0lrq7WfCTkCHl4R0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTQzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDn0w
DQYJKoZIhvcNAQELBQADggEBAF+RSQgg+Keg6I8AHa7NQTIGm2F4tm6lq+FrUI8A
uAxBmNoUeR22BTnASRRIbgpj/JDt28qYXzpLqgqxjnaRX8/VaOw5wPx8SX3uE0lI
sNTHv1leHai3Y1loSqI+nQaeiVZkgFwyYXyMIBVcgNlfZ1huaU/bSDQu8pvQW5JR
o5BcE1prVOPnxaTtcUPKmBtnxpfLojCtBKfTVnN2pilEmOk950jlPzCePcb2v4Ls
sGdOU8U9u8geACA0+2E9cEnHTiX48e8ZPBW7F6kq4s2oUN1B5PCcoivrL03h7YjT
dFRNZW8YlroHJZQExETPmqAyNOAsdxAbNLBP3Wn9/kgM7Pg=
-----END CERTIFICATE-----