Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399073.roa
File:                     AS399073.roa (raw, json)
Hash identifier:          JwG45EvQSemBwgtZY4mfnPlsR902uV6kuI3oTvFoD0A=
Subject key identifier:   9D:3E:A7:56:8F:C0:8C:A5:F2:AB:0D:45:1D:3E:63:7F:6D:47:43:33
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7EDEE4E6BAE080A529EFDAFE314A39C744818BD3
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399073.roa
Signing time:             Wed 13 Aug 2025 09:26:21 +0000
ROA not before:           Wed 13 Aug 2025 09:21:21 +0000
ROA not after:            Wed 12 Aug 2026 09:26:21 +0000
asID:                     399073
IP address blocks:        141.11.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Aug 2025 19:47:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7e:de:e4:e6:ba:e0:80:a5:29:ef:da:fe:31:4a:39:c7:44:81:8b:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Aug 13 09:21:21 2025 GMT
            Not After : Aug 12 09:26:21 2026 GMT
        Subject: CN=9D3EA7568FC08CA5F2AB0D451D3E637F6D474333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9d:e1:c9:ac:ed:03:da:90:cf:64:0e:3a:7c:
                    58:5b:e1:ec:5f:3b:28:e9:aa:05:24:68:53:1e:84:
                    4c:4c:74:38:aa:6f:52:f5:97:d3:22:5a:e8:5b:29:
                    f8:3b:83:86:09:ff:60:c3:ca:bf:b2:4f:b5:2e:7d:
                    3a:0a:ac:a2:d4:e2:59:d3:50:cb:53:f1:6c:6e:a2:
                    d1:29:96:9d:7f:dd:70:fc:1b:62:3e:e6:94:63:24:
                    cc:64:48:87:54:ab:54:ee:b1:29:f3:d6:29:91:db:
                    45:dd:d5:51:6d:6b:14:c5:e6:38:00:4b:49:a5:ff:
                    09:f9:ba:0d:de:dc:6a:04:69:d1:be:f9:e1:3b:d3:
                    56:43:e3:4b:8e:cb:65:90:5c:68:92:d0:30:d5:ac:
                    c0:72:9d:6e:71:df:de:6f:69:2e:ea:0c:13:6d:3f:
                    22:7c:50:ab:56:0b:e2:d1:02:ec:b3:ed:43:96:d8:
                    99:4f:ac:4c:9f:a9:71:d6:ae:93:ed:8e:45:8f:e6:
                    0b:a5:ed:d1:7d:52:1c:f6:e0:0a:3b:ac:0c:42:d9:
                    83:30:c8:c8:9e:bc:d6:dc:e9:5b:6d:70:b4:4c:b1:
                    d9:b9:a6:de:44:85:cd:0d:4e:26:3a:c7:1d:4b:f7:
                    0f:91:b2:b3:d6:b6:e6:08:a5:64:02:8b:ec:9d:4f:
                    d4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:3E:A7:56:8F:C0:8C:A5:F2:AB:0D:45:1D:3E:63:7F:6D:47:43:33
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS399073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:5e:21:5f:e9:b1:b4:c4:2a:41:8d:89:34:18:4c:0c:12:eb:
         c3:be:3d:89:ab:b5:30:1a:ad:3a:f2:6b:d1:cf:8b:ed:2d:86:
         f9:f6:97:63:07:85:40:db:76:88:b9:fa:e1:c1:48:cc:3d:c4:
         fc:e2:eb:f4:91:f1:7f:7c:3e:47:67:4d:9f:22:66:b1:73:ff:
         a0:83:58:4e:17:28:9d:2b:a6:bb:6a:51:5a:47:27:8d:e9:c2:
         19:67:c4:76:90:96:43:0a:44:f2:f2:7f:35:93:88:98:43:59:
         76:c0:9a:d1:cf:c4:45:bc:2a:6f:38:0d:8a:06:0e:45:8b:5c:
         b1:65:3c:bb:3d:15:4b:17:97:73:56:14:be:61:6c:cb:fc:56:
         b8:9c:97:1d:2b:14:9e:b8:95:60:f6:65:79:0d:03:98:71:16:
         a3:b6:2d:00:cf:bd:69:6d:f1:a8:c5:5c:44:16:14:54:67:44:
         be:04:c2:92:8a:1a:4e:02:3f:43:0f:e3:70:b4:02:5b:e8:44:
         1a:d0:82:04:99:bc:34:d0:60:39:d4:6b:a6:c7:eb:93:0a:2f:
         3d:14:df:37:b1:2e:35:7c:6c:e3:de:f6:97:35:fb:f8:2d:44:
         5d:87:6f:a5:57:54:f6:e1:60:02:29:b6:16:cb:d5:f7:fb:36:
         8b:c1:b1:bd
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUft7k5rrggKUp79r+MUo5x0SBi9MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA4MTMwOTIxMjFaFw0yNjA4MTIwOTI2MjFaMDMxMTAvBgNV
BAMTKDlEM0VBNzU2OEZDMDhDQTVGMkFCMEQ0NTFEM0U2MzdGNkQ0NzQzMzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4neHJrO0D2pDPZA46fFhb4exf
OyjpqgUkaFMehExMdDiqb1L1l9MiWuhbKfg7g4YJ/2DDyr+yT7UufToKrKLU4lnT
UMtT8WxuotEplp1/3XD8G2I+5pRjJMxkSIdUq1TusSnz1imR20Xd1VFtaxTF5jgA
S0ml/wn5ug3e3GoEadG++eE701ZD40uOy2WQXGiS0DDVrMBynW5x395vaS7qDBNt
PyJ8UKtWC+LRAuyz7UOW2JlPrEyfqXHWrpPtjkWP5gul7dF9Uhz24Ao7rAxC2YMw
yMievNbc6VttcLRMsdm5pt5Ehc0NTiY6xx1L9w+RsrPWtuYIpWQCi+ydT9QXAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUnT6nVo/AjKXyqw1FHT5jf21HQzMwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk5MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjQut
MA0GCSqGSIb3DQEBCwUAA4IBAQB4XiFf6bG0xCpBjYk0GEwMEuvDvj2Jq7UwGq06
8mvRz4vtLYb59pdjB4VA23aIufrhwUjMPcT84uv0kfF/fD5HZ02fImaxc/+gg1hO
FyidK6a7alFaRyeN6cIZZ8R2kJZDCkTy8n81k4iYQ1l2wJrRz8RFvCpvOA2KBg5F
i1yxZTy7PRVLF5dzVhS+YWzL/Fa4nJcdKxSeuJVg9mV5DQOYcRajti0Az71pbfGo
xVxEFhRUZ0S+BMKSihpOAj9DD+NwtAJb6EQa0IIEmbw00GA51Gumx+uTCi89FN83
sS41fGzj3vaXNfv4LURdh2+lV1T24WACKbYWy9X3+zaLwbG9
-----END CERTIFICATE-----