Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/3139392e34372e3134342e302f32322d3232203d3e20333936393933.roa
File:                     3139392e34372e3134342e302f32322d3232203d3e20333936393933.roa (raw, json)
Hash identifier:          bZNL/FqM/pVrEGMXnMD3abOxMOGt2XC320QeqZ+CgFU=
Subject key identifier:   BD:44:24:C3:6B:A1:B4:4A:ED:8E:CD:84:86:B5:49:2C:6A:D2:87:98
Certificate issuer:       /CN=7c4424b0ef940ae283a399bf40b888b424ed0322e0ce02dad6
Certificate serial:       09DE4DC47E43BC943B410288CF8524A0A4687C0F
Authority key identifier: BB:26:2D:2D:06:A5:BB:F4:FF:22:26:5C:7B:4F:55:1F:F0:37:43:3D
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549/7c4424b0ef940ae283a399bf40b888b424ed0322e0ce02dad6.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/3139392e34372e3134342e302f32322d3232203d3e20333936393933.roa
Signing time:             Thu 03 Jul 2025 20:32:13 +0000
ROA not before:           Thu 03 Jul 2025 20:27:13 +0000
ROA not after:            Thu 02 Jul 2026 20:32:13 +0000
asID:                     396993
IP address blocks:        199.47.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/BB262D2D06A5BBF4FF22265C7B4F551FF037433D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/BB262D2D06A5BBF4FF22265C7B4F551FF037433D.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549/7c4424b0ef940ae283a399bf40b888b424ed0322e0ce02dad6.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549/5138de2d-512a-4692-8c53-d2d9a6ceb549.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549/5138de2d-512a-4692-8c53-d2d9a6ceb549.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:43:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            09:de:4d:c4:7e:43:bc:94:3b:41:02:88:cf:85:24:a0:a4:68:7c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c4424b0ef940ae283a399bf40b888b424ed0322e0ce02dad6
        Validity
            Not Before: Jul  3 20:27:13 2025 GMT
            Not After : Jul  2 20:32:13 2026 GMT
        Subject: CN=BD4424C36BA1B44AED8ECD8486B5492C6AD28798
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7a:b8:91:52:62:eb:5d:40:ec:99:7f:b2:53:
                    51:44:49:4f:91:52:ae:1a:5e:a1:b5:87:11:60:02:
                    d8:82:44:84:9f:c0:19:4e:c1:1b:29:14:0b:58:f9:
                    40:e6:7f:09:72:49:06:37:47:86:0f:3a:81:58:da:
                    32:c7:28:44:23:fc:d0:d1:a2:09:f3:ef:ca:2b:0c:
                    a4:02:9a:54:da:7a:55:af:f4:ae:e8:1c:68:e7:5e:
                    f0:9d:e7:e1:36:db:ee:58:8f:6c:dc:53:93:09:f2:
                    66:bf:38:00:a3:f7:53:fb:3c:12:1c:73:93:27:43:
                    f9:07:2a:57:30:d2:90:60:3f:ee:66:59:6c:94:7d:
                    b1:f7:16:2b:9b:e2:d0:31:01:07:70:83:d1:9a:f9:
                    0e:4b:0d:63:2e:68:ba:6e:ee:30:1b:1c:b8:b3:70:
                    7a:69:a8:13:fe:ad:45:5d:c4:b9:b8:56:d6:59:a9:
                    c5:3a:15:1b:2e:36:42:5b:87:b5:d1:8b:de:48:d7:
                    58:c7:84:85:3d:93:34:49:cb:6f:01:c1:c1:92:9a:
                    dd:9d:ef:e5:7d:5f:b6:65:30:05:3a:40:cb:f4:82:
                    73:67:39:3f:16:f8:a3:e1:50:4f:a4:23:57:2b:50:
                    02:53:85:08:a8:96:e3:8d:e6:82:97:a3:4a:a0:2a:
                    fa:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:44:24:C3:6B:A1:B4:4A:ED:8E:CD:84:86:B5:49:2C:6A:D2:87:98
            X509v3 Authority Key Identifier:
                keyid:BB:26:2D:2D:06:A5:BB:F4:FF:22:26:5C:7B:4F:55:1F:F0:37:43:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/BB262D2D06A5BBF4FF22265C7B4F551FF037433D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5b7fb122-dfdf-4c0c-b90d-3bc7a5feb82b/5138de2d-512a-4692-8c53-d2d9a6ceb549/7c4424b0ef940ae283a399bf40b888b424ed0322e0ce02dad6.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/66bd92f1-415b-4765-8a16-dbfc4593c1a8/6/3139392e34372e3134342e302f32322d3232203d3e20333936393933.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.47.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:25:37:34:b5:e1:b8:99:89:22:3b:50:09:04:2b:60:c1:7b:
         d9:a3:f3:f5:f9:30:87:44:89:4b:ab:c8:73:a4:40:b5:e1:5c:
         d3:8b:58:f3:fd:a5:c6:c1:75:af:d7:c0:c7:25:2d:68:3f:e6:
         45:1b:aa:ee:6f:be:a6:1b:98:4c:2c:d4:77:1a:f8:5b:83:ff:
         14:79:b0:82:b4:b7:77:3e:4d:4f:c6:c4:db:45:3a:0e:56:82:
         57:98:db:e3:4d:9d:0f:81:85:7e:76:8e:56:11:4f:f5:72:38:
         fb:93:d9:05:a3:ce:72:66:2c:c2:cb:6e:78:b4:d0:cb:5b:ec:
         cc:88:22:a0:a6:5d:fb:b6:83:f3:4c:4b:65:c0:83:80:4e:6b:
         0c:80:0d:07:4e:47:02:0a:a5:95:71:74:a9:5c:41:fe:d0:bc:
         f4:f0:3b:a8:0a:ea:da:a7:d1:1a:e3:77:22:1e:1d:71:65:66:
         b7:b0:78:04:25:97:cc:ec:1e:ce:92:ea:ae:a2:14:41:6f:d5:
         41:90:9b:3d:a5:21:b2:de:25:1c:58:40:0d:48:6e:93:0c:e7:
         93:93:9e:a3:20:54:61:d6:ee:71:5a:12:2d:fe:cb:74:cf:df:
         c6:5e:03:41:f1:e6:a7:98:2b:f7:2d:c3:10:27:3d:42:ae:ba:
         77:9b:18:03
-----BEGIN CERTIFICATE-----
MIIFzzCCBLegAwIBAgIUCd5NxH5DvJQ7QQKIz4UkoKRofA8wDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyN2M0NDI0YjBlZjk0MGFlMjgzYTM5OWJmNDBiODg4YjQy
NGVkMDMyMmUwY2UwMmRhZDYwHhcNMjUwNzAzMjAyNzEzWhcNMjYwNzAyMjAzMjEz
WjAzMTEwLwYDVQQDEyhCRDQ0MjRDMzZCQTFCNDRBRUQ4RUNEODQ4NkI1NDkyQzZB
RDI4Nzk4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXq4kVJi611A
7Jl/slNRRElPkVKuGl6htYcRYALYgkSEn8AZTsEbKRQLWPlA5n8JckkGN0eGDzqB
WNoyxyhEI/zQ0aIJ8+/KKwykAppU2npVr/Su6Bxo517wnefhNtvuWI9s3FOTCfJm
vzgAo/dT+zwSHHOTJ0P5BypXMNKQYD/uZllslH2x9xYrm+LQMQEHcIPRmvkOSw1j
Lmi6bu4wGxy4s3B6aagT/q1FXcS5uFbWWanFOhUbLjZCW4e10YveSNdYx4SFPZM0
SctvAcHBkprdne/lfV+2ZTAFOkDL9IJzZzk/Fvij4VBPpCNXK1ACU4UIqJbjjeaC
l6NKoCr6VwIDAQABo4ICzzCCAsswHQYDVR0OBBYEFL1EJMNrobRK7Y7NhIa1SSxq
0oeYMB8GA1UdIwQYMBaAFLsmLS0Gpbv0/yImXHtPVR/wN0M9MA4GA1UdDwEB/wQE
AwIHgDCBlQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3JzeW5jLnBhYXMu
cnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2
LWRiZmM0NTkzYzFhOC82L0JCMjYyRDJEMDZBNUJCRjRGRjIyMjY1QzdCNEY1NTFG
RjAzNzQzM0QuY3JsMIHzBggrBgEFBQcBAQSB5jCB4zCB4AYIKwYBBQUHMAKGgdNy
c3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9hcmluLXJwa2ktdGEvNWU0
YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2QzLzViN2ZiMTIyLWRmZGYt
NGMwYy1iOTBkLTNiYzdhNWZlYjgyYi81MTM4ZGUyZC01MTJhLTQ2OTItOGM1My1k
MmQ5YTZjZWI1NDkvN2M0NDI0YjBlZjk0MGFlMjgzYTM5OWJmNDBiODg4YjQyNGVk
MDMyMmUwY2UwMmRhZDYuY2VyMIGvBggrBgEFBQcBCwSBojCBnzCBnAYIKwYBBQUH
MAuGgY9yc3luYzovL3JzeW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
LzY2YmQ5MmYxLTQxNWItNDc2NS04YTE2LWRiZmM0NTkzYzFhOC82LzMxMzkzOTJl
MzQzNzJlMzEzNDM0MmUzMDJmMzIzMjJkMzIzMjIwM2QzZTIwMzMzOTM2MzkzOTMz
LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAw
DjAMBAIAATAGAwQCxy+QMA0GCSqGSIb3DQEBCwUAA4IBAQA0JTc0teG4mYkiO1AJ
BCtgwXvZo/P1+TCHRIlLq8hzpEC14VzTi1jz/aXGwXWv18DHJS1oP+ZFG6rub76m
G5hMLNR3Gvhbg/8UebCCtLd3Pk1PxsTbRToOVoJXmNvjTZ0PgYV+do5WEU/1cjj7
k9kFo85yZizCy254tNDLW+zMiCKgpl37toPzTEtlwIOATmsMgA0HTkcCCqWVcXSp
XEH+0Lz08DuoCurap9Ea43ciHh1xZWa3sHgEJZfM7B7OkuquohRBb9VBkJs9pSGy
3iUcWEANSG6TDOeTk56jIFRh1u5xWhIt/st0z9/GXgNB8eanmCv3LcMQJz1Crrp3
mxgD
-----END CERTIFICATE-----