Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa
File:                     AS394760.roa (raw, json)
Hash identifier:          NzsQlivPmKLZDqwy/2uEv2Q42j+CQVcXVXYGoDuEmLM=
Subject key identifier:   E8:41:CF:FF:D8:13:10:A4:F1:47:BF:3E:C7:4D:86:8E:92:6A:9C:5F
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       76438E8D5DD69E1E244212C7CB3A8B4A76D8B8F5
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa
Signing time:             Mon 08 Jul 2024 22:16:44 +0000
ROA not before:           Mon 08 Jul 2024 22:11:44 +0000
ROA not after:            Mon 07 Jul 2025 22:16:44 +0000
asID:                     394760
IP address blocks:        191.96.39.0/24 maxlen: 24
                          191.96.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:43:8e:8d:5d:d6:9e:1e:24:42:12:c7:cb:3a:8b:4a:76:d8:b8:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul  8 22:11:44 2024 GMT
            Not After : Jul  7 22:16:44 2025 GMT
        Subject: CN=E841CFFFD81310A4F147BF3EC74D868E926A9C5F
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b5:ba:e2:84:fd:ff:b2:91:32:49:b6:d9:fd:
                    73:5e:57:4c:bd:63:64:06:b8:c5:4e:72:b0:df:44:
                    cb:05:1d:eb:9b:27:0f:90:03:4c:fb:2f:31:f3:22:
                    ff:15:5a:64:a1:d0:7b:e0:1a:c0:54:5c:01:f0:6c:
                    f8:28:62:69:d3:56:d8:79:d2:98:3e:2c:2f:65:b4:
                    3a:c2:47:96:1c:cc:56:53:98:2b:d6:de:0f:97:c0:
                    b3:49:6b:cb:14:1e:89:ab:07:cc:5d:b9:2b:3c:21:
                    dd:01:c2:c2:35:af:0e:b4:29:c4:ca:76:7a:1f:c4:
                    5b:05:43:f9:b0:c8:0a:51:9a:93:7d:77:d7:29:70:
                    b3:85:37:77:d6:93:66:73:b0:64:34:9e:23:14:98:
                    3e:2f:d7:c4:62:de:b9:1e:78:63:79:6d:ee:7d:b0:
                    ba:d5:57:ef:b8:1c:11:1e:2f:09:30:3c:b1:1a:27:
                    02:84:76:35:a3:92:ea:4a:ad:e8:c5:3c:06:b1:97:
                    09:7a:d5:fb:b9:f6:b2:1f:f5:98:76:5a:20:a3:30:
                    87:05:72:da:fa:b7:be:d5:9e:ee:5b:15:e1:91:72:
                    ca:cb:03:49:ae:35:5f:b4:01:b9:f7:78:df:9c:25:
                    db:68:af:ac:a9:ec:b0:71:12:59:f4:c2:64:b7:27:
                    b9:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:41:CF:FF:D8:13:10:A4:F1:47:BF:3E:C7:4D:86:8E:92:6A:9C:5F
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.39.0/24
                  191.96.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:a2:bf:8f:4c:f0:a7:55:04:c5:fd:63:0e:0b:54:a6:05:f3:
         5e:88:f3:2c:04:82:72:ce:6c:2a:d9:fa:3f:ec:f2:af:62:52:
         81:c9:48:5e:75:cd:52:ce:da:ee:85:d7:10:c7:7b:e4:c4:a8:
         40:18:ad:74:89:02:fc:75:29:db:93:97:72:93:fc:16:d5:6e:
         c4:0c:13:f2:f0:82:8a:4b:b0:fd:26:b5:3c:59:94:be:6b:d6:
         32:e2:58:0e:4e:1d:17:ac:cf:93:65:00:78:46:c8:d1:d9:69:
         9f:76:f5:36:0d:d4:0d:f9:bb:21:e5:7d:2a:32:75:69:27:f6:
         ae:f7:34:99:f9:c9:a9:4e:e1:ef:3c:28:7c:21:b6:7f:93:a7:
         c0:cb:a3:9b:cb:0e:79:3a:c7:02:c5:15:c8:18:2b:d8:a4:f9:
         f4:38:c4:79:d6:8b:c8:f7:51:1b:83:d5:f2:d4:36:1e:48:c9:
         b6:94:d5:56:2b:07:59:99:0b:e5:ef:6f:8e:d7:6a:de:44:2c:
         49:f6:eb:3c:61:f3:ec:8f:28:66:37:20:c1:05:fb:e7:54:23:
         b1:30:ab:f6:c5:c4:da:91:1b:96:4e:70:7f:6f:82:b9:42:08:
         d5:6b:32:1f:da:92:6e:e0:b0:f6:72:ae:b3:a5:83:a9:d2:ab:
         26:d3:b9:91
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdkOOjV3Wnh4kQhLHyzqLSnbYuPUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA3MDgyMjExNDRaFw0yNTA3MDcyMjE2NDRaMDMxMTAvBgNV
BAMTKEU4NDFDRkZGRDgxMzEwQTRGMTQ3QkYzRUM3NEQ4NjhFOTI2QTlDNUYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCitbrihP3/spEySbbZ/XNeV0y9
Y2QGuMVOcrDfRMsFHeubJw+QA0z7LzHzIv8VWmSh0HvgGsBUXAHwbPgoYmnTVth5
0pg+LC9ltDrCR5YczFZTmCvW3g+XwLNJa8sUHomrB8xduSs8Id0BwsI1rw60KcTK
dnofxFsFQ/mwyApRmpN9d9cpcLOFN3fWk2ZzsGQ0niMUmD4v18Ri3rkeeGN5be59
sLrVV++4HBEeLwkwPLEaJwKEdjWjkupKrejFPAaxlwl61fu59rIf9Zh2WiCjMIcF
ctr6t77Vnu5bFeGRcsrLA0muNV+0Abn3eN+cJdtor6yp7LBxEln0wmS3J7l3AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQU6EHP/9gTEKTxR78+x02GjpJqnF8wHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk0NzYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2An
AwQAv2BMMA0GCSqGSIb3DQEBCwUAA4IBAQCior+PTPCnVQTF/WMOC1SmBfNeiPMs
BIJyzmwq2fo/7PKvYlKByUhedc1SztruhdcQx3vkxKhAGK10iQL8dSnbk5dyk/wW
1W7EDBPy8IKKS7D9JrU8WZS+a9Yy4lgOTh0XrM+TZQB4RsjR2WmfdvU2DdQN+bsh
5X0qMnVpJ/au9zSZ+cmpTuHvPCh8IbZ/k6fAy6Obyw55OscCxRXIGCvYpPn0OMR5
1ovI91Ebg9Xy1DYeSMm2lNVWKwdZmQvl72+O12reRCxJ9us8YfPsjyhmNyDBBfvn
VCOxMKv2xcTakRuWTnB/b4K5QgjVazIf2pJu4LD2cq6zpYOp0qsm07mR
-----END CERTIFICATE-----