Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39690.roa
File:                     AS39690.roa (raw, json)
Hash identifier:          UFoukZG8u5MQnC9lvDwsqm0sp1pP9SWfRiB7Rf6hSaI=
Subject key identifier:   3A:8B:61:E6:A7:89:1F:15:20:98:12:39:ED:32:CE:12:A5:D7:D7:F7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3BB19C609579E552BC48331369330C956A59119C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39690.roa
Signing time:             Mon 08 Jun 2026 12:18:59 +0000
ROA not before:           Mon 08 Jun 2026 12:13:59 +0000
ROA not after:            Mon 07 Jun 2027 12:18:59 +0000
asID:                     39690
IP address blocks:        143.14.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Jun 2026 18:11:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3b:b1:9c:60:95:79:e5:52:bc:48:33:13:69:33:0c:95:6a:59:11:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  8 12:13:59 2026 GMT
            Not After : Jun  7 12:18:59 2027 GMT
        Subject: CN=3A8B61E6A7891F1520981239ED32CE12A5D7D7F7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:61:fa:b0:55:5c:79:b5:fb:db:1c:27:e3:ef:
                    ee:64:ea:1b:af:6d:d9:6f:85:54:f8:b4:c4:21:8e:
                    24:bf:db:fe:9a:e8:7c:e2:9e:3e:d5:86:3d:0f:f4:
                    10:26:74:5c:ca:9e:60:d2:ea:e5:60:53:5c:ca:19:
                    33:3a:dc:7c:af:8e:27:f1:c4:d7:cf:6d:de:d5:bf:
                    ff:6f:36:93:fe:27:39:1d:ed:b8:17:77:01:20:99:
                    58:82:89:3b:fe:02:e1:30:84:17:22:a5:13:72:8c:
                    11:fd:2b:80:94:c1:da:9c:a0:cf:5a:80:c6:b0:84:
                    86:7b:5b:8b:33:ee:f6:74:88:b9:ca:41:1c:ff:af:
                    c4:b6:b2:14:09:06:6a:13:6a:7d:1b:35:28:af:36:
                    c3:5e:06:d0:ec:c8:12:c0:aa:59:48:2f:cf:b0:23:
                    f4:32:0c:9a:88:13:44:b7:88:2f:07:e8:e1:9a:a1:
                    ec:c9:fb:8d:9f:cd:f5:ab:e7:e4:43:1a:d2:a8:02:
                    d8:26:00:d7:9a:c8:5f:46:0f:20:d3:a0:c2:b3:3f:
                    08:12:da:7e:cb:dd:7f:77:28:58:02:2c:a7:a1:fe:
                    f3:67:e3:d3:61:0f:f6:d6:e3:f7:3d:62:eb:b4:09:
                    5c:cd:fe:5f:d2:fb:0a:46:db:31:6c:79:b6:f3:2f:
                    c9:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8B:61:E6:A7:89:1F:15:20:98:12:39:ED:32:CE:12:A5:D7:D7:F7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS39690.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:45:88:b9:a4:9f:eb:ff:7c:c5:58:9c:bd:bf:60:1a:69:fc:
         67:31:1f:a5:f2:46:0e:51:ed:8e:8f:6c:96:f3:61:23:ff:a2:
         e2:d2:8c:f7:6b:8a:af:60:c6:39:49:61:c5:41:f0:ac:88:08:
         af:ac:2f:72:2b:aa:05:67:d3:37:36:25:65:e2:6e:f7:a1:62:
         23:0b:a8:bb:68:23:de:63:45:10:f9:c9:9e:b6:c8:a3:44:8f:
         48:d4:a8:29:be:d6:19:df:da:c8:64:3b:6d:dd:0b:24:72:59:
         0e:ac:c5:92:ba:37:b4:67:b4:b9:f4:ba:c2:27:9e:30:2c:6a:
         47:f0:af:cd:9d:41:23:3c:dd:42:20:a5:1a:75:a5:48:ce:4b:
         d5:72:8e:2e:53:d1:55:40:6c:44:a9:63:a5:c3:1e:29:5f:60:
         ef:c5:12:58:5a:a7:52:d3:e7:c0:d9:51:e0:f5:0c:1f:f0:ba:
         dc:a2:5d:4b:8d:cb:9b:0c:df:e8:07:94:e7:b8:a4:84:2b:9a:
         87:d3:6e:a3:c6:f1:d6:9e:53:bb:5c:f4:42:8a:7c:a0:25:da:
         fe:3b:3d:8a:f1:e5:bf:24:5b:ca:13:a1:95:9d:17:cd:bc:27:
         10:1b:2b:2a:6d:a6:c0:1d:ca:90:48:31:fa:e3:85:f0:12:c7:
         02:f6:3a:af
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUO7GcYJV55VK8SDMTaTMMlWpZEZwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDgxMjEzNTlaFw0yNzA2MDcxMjE4NTlaMDMxMTAvBgNV
BAMTKDNBOEI2MUU2QTc4OTFGMTUyMDk4MTIzOUVEMzJDRTEyQTVEN0Q3RjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YfqwVVx5tfvbHCfj7+5k6huv
bdlvhVT4tMQhjiS/2/6a6Hzinj7Vhj0P9BAmdFzKnmDS6uVgU1zKGTM63Hyvjifx
xNfPbd7Vv/9vNpP+Jzkd7bgXdwEgmViCiTv+AuEwhBcipRNyjBH9K4CUwdqcoM9a
gMawhIZ7W4sz7vZ0iLnKQRz/r8S2shQJBmoTan0bNSivNsNeBtDsyBLAqllIL8+w
I/QyDJqIE0S3iC8H6OGaoezJ+42fzfWr5+RDGtKoAtgmANeayF9GDyDToMKzPwgS
2n7L3X93KFgCLKeh/vNn49NhD/bW4/c9Yuu0CVzN/l/S+wpG2zFsebbzL8ldAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOoth5qeJHxUgmBI57TLOEqXX1/cwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk2OTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDlsw
DQYJKoZIhvcNAQELBQADggEBAGNFiLmkn+v/fMVYnL2/YBpp/GcxH6XyRg5R7Y6P
bJbzYSP/ouLSjPdriq9gxjlJYcVB8KyICK+sL3IrqgVn0zc2JWXibvehYiMLqLto
I95jRRD5yZ62yKNEj0jUqCm+1hnf2shkO23dCyRyWQ6sxZK6N7RntLn0usInnjAs
akfwr82dQSM83UIgpRp1pUjOS9Vyji5T0VVAbESpY6XDHilfYO/FElhap1LT58DZ
UeD1DB/wutyiXUuNy5sM3+gHlOe4pIQrmofTbqPG8daeU7tc9EKKfKAl2v47PYrx
5b8kW8oToZWdF828JxAbKyptpsAdypBIMfrjhfASxwL2Oq8=
-----END CERTIFICATE-----