Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          5qyLSnFvWgj1+rSoE8NQu6bdmuxPEOEqGNgDY9PlWeM=
Subject key identifier:   9F:22:6C:5E:16:20:38:29:BD:C2:8F:8B:CD:41:FC:E2:21:49:93:6E
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       227587F5094B834E9CF8C7415676EC9B52C4BCC0
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
Signing time:             Tue 06 May 2025 09:30:14 +0000
ROA not before:           Tue 06 May 2025 09:25:14 +0000
ROA not after:            Tue 05 May 2026 09:30:14 +0000
asID:                     393942
IP address blocks:        89.19.50.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            22:75:87:f5:09:4b:83:4e:9c:f8:c7:41:56:76:ec:9b:52:c4:bc:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  6 09:25:14 2025 GMT
            Not After : May  5 09:30:14 2026 GMT
        Subject: CN=9F226C5E16203829BDC28F8BCD41FCE22149936E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:aa:38:d4:70:35:23:41:88:49:3e:ad:a0:29:
                    66:15:4a:e5:58:5f:7b:9e:38:9b:f7:ec:d3:09:84:
                    44:5c:e3:a8:c3:d6:d8:59:dd:b4:7d:51:39:2e:52:
                    94:50:10:5d:17:9a:f2:d6:a4:7d:36:80:9e:33:6d:
                    30:99:44:02:f8:5f:b5:cf:0a:07:3d:82:c0:21:2b:
                    ce:46:86:d1:2e:8c:5d:9a:c3:da:44:92:b3:54:33:
                    06:a4:0b:dd:69:5a:b3:4c:1f:62:7b:90:6c:e9:2b:
                    ee:6f:85:1a:78:ec:1e:25:78:33:df:ab:cc:31:4d:
                    44:dc:8a:48:73:22:a6:fa:f3:8b:70:ad:86:b5:c8:
                    ce:b5:d9:c6:58:89:f2:30:b7:2a:a6:98:16:0a:40:
                    36:ea:92:20:9f:e3:71:f7:08:63:2a:6f:de:b4:e7:
                    75:b9:68:37:c4:d4:c2:7f:ae:d8:ae:37:75:50:32:
                    2e:01:60:e4:d8:dd:28:5f:4f:58:e4:2a:d0:ec:31:
                    74:09:51:24:c8:c6:3d:18:9d:50:64:05:cf:b8:1a:
                    cc:b7:84:1c:86:27:e3:64:69:64:b7:58:60:22:db:
                    63:d6:8d:c4:51:5d:5e:02:7d:fd:22:24:9e:64:10:
                    e8:18:b7:cd:4d:8f:da:b4:6e:89:b1:cc:f4:c8:88:
                    d3:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:22:6C:5E:16:20:38:29:BD:C2:8F:8B:CD:41:FC:E2:21:49:93:6E
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:9a:91:65:5d:2d:43:29:8b:7a:50:4b:df:07:68:5e:b9:01:
         e1:3f:44:d0:6b:8b:b8:60:19:c6:08:0b:77:8f:1e:ea:ed:a6:
         5f:f3:7a:9f:54:ef:bb:34:4a:58:46:63:cc:9c:1a:ac:f5:44:
         b3:77:2f:71:55:e8:6a:cd:26:93:8b:af:7e:d2:1d:df:d2:f0:
         68:b6:92:27:36:8a:04:b4:d5:59:ca:5e:a7:0a:6e:70:96:9d:
         87:64:a7:f5:9e:40:46:b1:b9:33:70:53:98:86:c8:ca:b5:47:
         54:cb:6c:e7:cd:7a:f6:aa:2e:23:2e:f0:5f:b3:50:15:18:23:
         f9:fe:38:27:0a:f0:c6:f1:ee:a2:96:5e:73:91:67:90:63:9c:
         1c:e1:14:29:40:f1:0a:19:e7:3b:d3:58:fe:ef:fd:71:67:6d:
         44:3f:38:f7:0c:cb:da:5b:e5:35:00:f6:2c:83:4f:fa:20:2a:
         59:ce:47:8f:d3:37:38:ae:32:ce:95:5c:77:e9:18:20:7e:e4:
         73:cc:90:c0:ff:0c:3d:2d:5e:f3:dc:3e:21:61:6a:c3:1c:30:
         d4:98:20:6a:f6:34:27:7a:cb:41:16:e1:db:05:c7:12:d3:9b:
         c9:f3:1e:02:e7:2f:dc:77:38:0d:2b:d8:3c:12:f9:83:03:29:
         88:47:e0:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUInWH9QlLg06c+MdBVnbsm1LEvMAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MDYwOTI1MTRaFw0yNjA1MDUwOTMwMTRaMDMxMTAvBgNV
BAMTKDlGMjI2QzVFMTYyMDM4MjlCREMyOEY4QkNENDFGQ0UyMjE0OTkzNkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClqjjUcDUjQYhJPq2gKWYVSuVY
X3ueOJv37NMJhERc46jD1thZ3bR9UTkuUpRQEF0XmvLWpH02gJ4zbTCZRAL4X7XP
Cgc9gsAhK85GhtEujF2aw9pEkrNUMwakC91pWrNMH2J7kGzpK+5vhRp47B4leDPf
q8wxTUTcikhzIqb684twrYa1yM612cZYifIwtyqmmBYKQDbqkiCf43H3CGMqb960
53W5aDfE1MJ/rtiuN3VQMi4BYOTY3ShfT1jkKtDsMXQJUSTIxj0YnVBkBc+4Gsy3
hByGJ+NkaWS3WGAi22PWjcRRXV4Cff0iJJ5kEOgYt81Nj9q0bomxzPTIiNNrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnyJsXhYgOCm9wo+LzUH84iFJk24wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWRMy
MA0GCSqGSIb3DQEBCwUAA4IBAQCCmpFlXS1DKYt6UEvfB2heuQHhP0TQa4u4YBnG
CAt3jx7q7aZf83qfVO+7NEpYRmPMnBqs9USzdy9xVehqzSaTi69+0h3f0vBotpIn
NooEtNVZyl6nCm5wlp2HZKf1nkBGsbkzcFOYhsjKtUdUy2znzXr2qi4jLvBfs1AV
GCP5/jgnCvDG8e6ill5zkWeQY5wc4RQpQPEKGec701j+7/1xZ21EPzj3DMvaW+U1
APYsg0/6ICpZzkeP0zc4rjLOlVx36RggfuRzzJDA/ww9LV7z3D4hYWrDHDDUmCBq
9jQnestBFuHbBccS05vJ8x4C5y/cdzgNK9g8EvmDAymIR+Bw
-----END CERTIFICATE-----