Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39855.roa
File:                     AS39855.roa (raw, json)
Hash identifier:          653VVHg9+H05JcpHvsFLKH7I3arSUYxuStSBCIhDmLE=
Subject key identifier:   D7:65:19:96:DF:38:43:05:B0:7B:15:35:2D:85:A2:7F:73:D2:FA:C7
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4FED7E782C354898261F2634AE33BD9B2FBC72AC
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39855.roa
Signing time:             Mon 11 Aug 2025 14:15:49 +0000
ROA not before:           Mon 11 Aug 2025 14:10:49 +0000
ROA not after:            Mon 10 Aug 2026 14:15:49 +0000
asID:                     39855
IP address blocks:        92.113.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 02:34:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:ed:7e:78:2c:35:48:98:26:1f:26:34:ae:33:bd:9b:2f:bc:72:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Aug 11 14:10:49 2025 GMT
            Not After : Aug 10 14:15:49 2026 GMT
        Subject: CN=D7651996DF384305B07B15352D85A27F73D2FAC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:bc:e6:2c:8e:bf:58:15:00:b8:2d:11:50:42:
                    a2:45:ae:d1:a3:f5:d9:92:48:2b:25:00:88:c2:21:
                    1f:ec:08:2d:c4:8c:3c:c6:c3:58:a6:c4:5e:29:0e:
                    03:12:d2:e2:5e:12:72:55:15:ce:cc:cd:f7:02:88:
                    9c:02:93:5e:86:f0:b9:07:ef:53:4b:aa:82:68:39:
                    10:4a:bd:d9:0c:d7:f0:7a:87:f8:86:7d:da:13:4e:
                    ad:35:47:77:73:ed:c8:c7:52:7b:b1:fe:7a:7e:6c:
                    c0:e3:0f:6a:9e:fd:40:c0:67:fb:14:6c:93:1a:64:
                    f5:fd:8d:b6:9f:86:6b:df:d0:2d:8e:4c:6e:2a:14:
                    5a:08:dc:50:d5:c4:dc:07:00:50:98:b2:9a:03:3a:
                    42:d3:00:05:c5:be:7e:43:4d:35:a5:2a:b3:96:13:
                    04:b4:98:91:a9:08:5e:c4:56:46:86:d7:d4:4c:b0:
                    49:55:13:b4:01:46:35:a2:81:b5:b7:47:9b:47:32:
                    19:c1:aa:74:8b:a6:c9:e4:e1:69:05:cf:4b:30:fd:
                    f9:a6:3c:92:6a:56:89:48:71:e8:40:d8:51:3e:bd:
                    bb:5e:9a:de:55:9d:82:e5:65:2c:42:84:36:6e:4f:
                    71:fb:53:46:26:f9:57:e9:83:4b:51:9a:03:69:f5:
                    79:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:65:19:96:DF:38:43:05:B0:7B:15:35:2D:85:A2:7F:73:D2:FA:C7
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39855.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.113.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:99:6b:a8:00:e4:c7:a2:af:25:03:fd:2c:71:2d:a9:9a:8c:
         40:82:26:ab:28:52:ca:0a:db:90:80:1e:b5:bb:91:3a:a2:42:
         2b:90:3d:32:b8:f5:46:38:b0:f9:0e:6b:d8:06:1c:4e:a7:68:
         67:63:54:cc:c3:f4:2b:0b:fc:ef:e3:59:63:1f:35:b7:b6:5e:
         7e:7d:e0:3b:0f:d2:64:4e:45:ac:09:04:09:88:85:6b:0a:55:
         f4:fa:2e:e4:06:7d:ba:60:8e:99:28:e2:32:8c:26:1f:29:37:
         45:0a:f0:2e:63:de:c2:b7:67:be:98:b1:5a:1d:1a:ea:1c:8a:
         46:7e:fb:a8:bb:5c:d1:f0:d3:8b:68:ae:b2:e7:0b:d9:8c:b5:
         29:a3:f9:62:c4:29:58:e1:5e:34:fc:93:ed:ac:71:ce:c9:b1:
         d3:06:f2:1c:97:5b:c3:74:f2:5b:a9:26:85:8b:9d:5d:32:17:
         52:63:48:4f:92:2e:10:d0:96:5f:c1:ca:d1:4c:e6:4a:24:2f:
         ce:14:2c:7c:3a:86:59:82:9e:f6:64:08:d3:7b:4d:f4:69:2c:
         54:19:3b:cc:c2:de:01:22:08:73:08:38:6b:03:53:6b:65:8f:
         13:e9:74:29:cc:77:d3:6a:a1:f2:e5:36:6e:09:1e:b5:cb:c7:
         be:a0:6d:6c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUT+1+eCw1SJgmHyY0rjO9my+8cqwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA4MTExNDEwNDlaFw0yNjA4MTAxNDE1NDlaMDMxMTAvBgNV
BAMTKEQ3NjUxOTk2REYzODQzMDVCMDdCMTUzNTJEODVBMjdGNzNEMkZBQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWvOYsjr9YFQC4LRFQQqJFrtGj
9dmSSCslAIjCIR/sCC3EjDzGw1imxF4pDgMS0uJeEnJVFc7MzfcCiJwCk16G8LkH
71NLqoJoORBKvdkM1/B6h/iGfdoTTq01R3dz7cjHUnux/np+bMDjD2qe/UDAZ/sU
bJMaZPX9jbafhmvf0C2OTG4qFFoI3FDVxNwHAFCYspoDOkLTAAXFvn5DTTWlKrOW
EwS0mJGpCF7EVkaG19RMsElVE7QBRjWigbW3R5tHMhnBqnSLpsnk4WkFz0sw/fmm
PJJqVolIcehA2FE+vbtemt5VnYLlZSxChDZuT3H7U0Ym+Vfpg0tRmgNp9Xn3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU12UZlt84QwWwexU1LYWif3PS+scwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk4NTUucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABccQAw
DQYJKoZIhvcNAQELBQADggEBABSZa6gA5MeiryUD/SxxLamajECCJqsoUsoK25CA
HrW7kTqiQiuQPTK49UY4sPkOa9gGHE6naGdjVMzD9CsL/O/jWWMfNbe2Xn594DsP
0mRORawJBAmIhWsKVfT6LuQGfbpgjpko4jKMJh8pN0UK8C5j3sK3Z76YsVodGuoc
ikZ++6i7XNHw04torrLnC9mMtSmj+WLEKVjhXjT8k+2scc7JsdMG8hyXW8N08lup
JoWLnV0yF1JjSE+SLhDQll/BytFM5kokL84ULHw6hlmCnvZkCNN7TfRpLFQZO8zC
3gEiCHMIOGsDU2tljxPpdCnMd9NqofLlNm4JHrXLx76gbWw=
-----END CERTIFICATE-----