Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39521.roa
File:                     AS39521.roa (raw, json)
Hash identifier:          dsgbtXPMKqoaMQI9Jie5Vbb3gYFs/rKCY8FWEi0C8R0=
Subject key identifier:   89:E9:35:09:7E:29:9C:8A:7E:07:B1:59:EB:1B:9D:99:BD:F7:C3:6B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       31C562880F05E65FF4C71ECDE7F536A4B835C776
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39521.roa
Signing time:             Tue 16 Apr 2024 08:10:05 +0000
ROA not before:           Tue 16 Apr 2024 08:05:05 +0000
ROA not after:            Tue 15 Apr 2025 08:10:05 +0000
asID:                     39521
IP address blocks:        140.150.184.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            31:c5:62:88:0f:05:e6:5f:f4:c7:1e:cd:e7:f5:36:a4:b8:35:c7:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 16 08:05:05 2024 GMT
            Not After : Apr 15 08:10:05 2025 GMT
        Subject: CN=89E935097E299C8A7E07B159EB1B9D99BDF7C36B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:2a:62:f2:ca:d3:11:42:23:d4:f9:29:89:6c:
                    39:95:6b:8c:2c:71:85:ae:2b:6d:94:49:2d:62:31:
                    3d:35:02:3a:dc:d1:f3:d7:8f:8f:1c:5d:ae:60:19:
                    19:f9:17:f3:01:1f:f6:d5:aa:7f:28:d9:eb:e1:a7:
                    05:a8:a7:91:76:36:f1:f1:ac:d9:bf:05:7c:0e:fd:
                    ac:e4:0d:42:89:e6:ae:d3:1f:9e:68:39:df:bc:18:
                    bc:49:ff:88:74:ca:99:f2:85:0a:c8:56:5f:fa:9e:
                    fe:b0:42:40:bb:c2:9c:7a:27:8d:28:85:9e:99:f2:
                    ef:2f:13:d3:ef:93:bb:17:0a:c1:7c:e0:76:c5:2d:
                    3b:5d:f9:47:17:89:5f:78:86:67:7b:8e:0f:3c:77:
                    6b:55:f7:f6:86:88:1f:6d:97:e3:85:51:60:71:ba:
                    78:0d:b6:c1:e4:e6:32:ce:65:5b:af:1b:e9:e5:6f:
                    7c:0a:0b:de:10:25:e6:8a:a5:74:a0:9f:8b:28:3d:
                    0d:8e:51:7b:40:3f:70:d7:71:0e:b0:4c:ed:57:04:
                    97:c4:87:ca:2a:d3:e5:45:0b:5e:2a:bf:e2:e8:a1:
                    c5:eb:37:0e:72:77:17:0f:89:60:09:82:73:f5:af:
                    57:9d:10:3a:3f:36:a8:69:0e:b9:bc:2b:31:a4:14:
                    b6:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E9:35:09:7E:29:9C:8A:7E:07:B1:59:EB:1B:9D:99:BD:F7:C3:6B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39521.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         19:38:78:19:3d:b1:ed:99:cd:88:57:dc:78:c4:4b:2a:19:a5:
         f8:dd:6d:ac:d4:be:e3:6e:6c:6c:7c:f3:13:7e:34:cf:00:72:
         6f:6d:73:fc:8c:a2:d9:8f:c0:3f:cf:a7:fe:68:13:b4:4d:4e:
         7b:60:52:28:88:28:f7:04:e5:68:f4:c0:10:1a:5d:36:1b:44:
         90:57:77:f5:fe:39:2a:2b:bd:d4:6e:b2:da:c9:64:f5:58:94:
         2c:32:83:76:65:6c:77:34:6b:60:d5:c2:d4:08:18:ca:56:da:
         9c:b6:bf:c5:16:5a:d2:8d:26:fc:f4:a1:0b:5c:45:d5:f3:09:
         e7:9c:82:30:43:b0:ad:5b:99:a0:df:d6:aa:1c:04:19:26:e3:
         01:26:58:16:6c:84:11:4d:09:2b:9f:d0:be:1a:9b:90:26:13:
         24:13:f2:01:fc:86:e4:51:0b:af:4e:cb:50:65:d3:94:73:8e:
         04:d4:16:6c:08:47:d4:13:91:ef:0b:52:d9:7d:12:80:42:29:
         6a:ef:1a:50:55:1d:c5:82:8a:22:9e:c6:18:1a:21:18:c5:49:
         3c:fb:1a:43:15:4e:ea:ca:73:67:04:3b:91:6e:b4:1d:e3:c8:
         82:d7:cb:42:01:e7:0b:1d:cc:51:06:f3:bc:59:73:f7:4a:f6:
         18:a9:5c:b4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMcViiA8F5l/0xx7N5/U2pLg1x3YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MTYwODA1MDVaFw0yNTA0MTUwODEwMDVaMDMxMTAvBgNV
BAMTKDg5RTkzNTA5N0UyOTlDOEE3RTA3QjE1OUVCMUI5RDk5QkRGN0MzNkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIKmLyytMRQiPU+SmJbDmVa4ws
cYWuK22USS1iMT01Ajrc0fPXj48cXa5gGRn5F/MBH/bVqn8o2evhpwWop5F2NvHx
rNm/BXwO/azkDUKJ5q7TH55oOd+8GLxJ/4h0ypnyhQrIVl/6nv6wQkC7wpx6J40o
hZ6Z8u8vE9Pvk7sXCsF84HbFLTtd+UcXiV94hmd7jg88d2tV9/aGiB9tl+OFUWBx
ungNtsHk5jLOZVuvG+nlb3wKC94QJeaKpXSgn4soPQ2OUXtAP3DXcQ6wTO1XBJfE
h8oq0+VFC14qv+LoocXrNw5ydxcPiWAJgnP1r1edEDo/NqhpDrm8KzGkFLZdAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUiek1CX4pnIp+B7FZ6xudmb33w2swHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAOMlrgw
DQYJKoZIhvcNAQELBQADggEBABk4eBk9se2ZzYhX3HjESyoZpfjdbazUvuNubGx8
8xN+NM8Acm9tc/yMotmPwD/Pp/5oE7RNTntgUiiIKPcE5Wj0wBAaXTYbRJBXd/X+
OSorvdRustrJZPVYlCwyg3ZlbHc0a2DVwtQIGMpW2py2v8UWWtKNJvz0oQtcRdXz
CeecgjBDsK1bmaDf1qocBBkm4wEmWBZshBFNCSuf0L4am5AmEyQT8gH8huRRC69O
y1Bl05RzjgTUFmwIR9QTke8LUtl9EoBCKWrvGlBVHcWCiiKexhgaIRjFSTz7GkMV
TurKc2cEO5FutB3jyILXy0IB5wsdzFEG87xZc/dK9hipXLQ=
-----END CERTIFICATE-----