Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa
File:                     AS398704.roa (raw, json)
Hash identifier:          949jfvghRuw0n+6pPv9+TO3qqmcaaJ8ihL42Zv5dNOo=
Subject key identifier:   9E:97:7E:64:D7:6B:EC:B1:2B:DB:E7:26:1E:DD:04:35:D8:4A:C5:EC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       53710418CB11D89E3DEF1100141AE5B5F5459A96
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa
Signing time:             Fri 06 Jun 2025 00:00:24 +0000
ROA not before:           Thu 05 Jun 2025 23:55:24 +0000
ROA not after:            Fri 05 Jun 2026 00:00:24 +0000
asID:                     398704
IP address blocks:        155.117.56.0/22 maxlen: 24
                          155.117.128.0/22 maxlen: 24
                          162.141.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            53:71:04:18:cb:11:d8:9e:3d:ef:11:00:14:1a:e5:b5:f5:45:9a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  5 23:55:24 2025 GMT
            Not After : Jun  5 00:00:24 2026 GMT
        Subject: CN=9E977E64D76BECB12BDBE7261EDD0435D84AC5EC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:11:4d:0d:f4:1c:fa:3b:b6:ba:7b:eb:41:
                    b1:c7:42:2c:a3:2b:dc:0c:87:cf:13:d7:95:e9:66:
                    6a:42:46:47:cd:78:40:15:6f:14:f4:f3:2c:54:73:
                    83:4e:85:b6:99:7a:38:ed:4f:e1:86:61:80:6b:26:
                    90:7d:5a:53:0a:18:5e:a2:b2:d4:fe:06:e9:9c:03:
                    d8:f1:84:7c:34:aa:31:14:c7:55:6a:49:c3:77:3d:
                    e7:05:eb:30:cf:b7:36:35:21:b2:a1:64:25:b8:aa:
                    44:79:7e:ce:1c:3d:35:34:42:49:78:e1:f5:1a:bd:
                    69:61:85:ec:03:d1:8c:96:a4:93:33:f1:9a:ac:2b:
                    08:da:a5:ad:26:65:c7:1e:2d:79:c1:ac:05:86:94:
                    99:08:59:dc:25:3c:5e:7c:56:0f:24:65:5d:10:d8:
                    f2:16:cb:0c:8c:57:77:3e:7a:9d:c7:9b:35:b6:1c:
                    6a:b1:3b:3a:85:59:42:15:d2:55:b8:a5:0e:07:2e:
                    9e:8f:12:55:ed:b6:6b:4c:f1:a7:5c:a3:87:4f:63:
                    a3:35:46:11:a8:1b:a7:10:f0:bf:ab:e2:8a:a7:50:
                    72:14:83:06:3c:78:1a:0b:70:4d:b7:91:5f:d4:11:
                    13:64:3f:4d:6a:3c:ea:8a:90:d6:ef:5c:f6:a6:39:
                    25:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:97:7E:64:D7:6B:EC:B1:2B:DB:E7:26:1E:DD:04:35:D8:4A:C5:EC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS398704.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.56.0/22
                  155.117.128.0/22
                  162.141.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:94:cb:2a:c3:81:db:6e:b9:f9:80:4b:3d:24:b5:4c:7f:7a:
         8e:a5:05:8b:05:0e:ee:b8:00:80:19:9e:5e:cc:6c:ec:79:e6:
         32:a3:67:55:35:f2:a0:1f:52:0b:a1:59:22:2a:67:73:e2:28:
         9a:94:48:8b:71:00:59:1f:90:98:35:a4:86:dd:8b:2f:06:4d:
         51:b0:97:3c:1b:f7:cd:bc:09:50:7b:69:3e:40:39:60:29:05:
         2d:b0:f6:27:9a:d0:51:a2:d0:4d:7a:96:5c:03:0e:b5:fc:3c:
         20:58:fe:89:44:5b:a6:33:7c:4a:8f:0b:36:e1:62:77:65:c5:
         fc:1b:4e:38:2e:07:00:eb:ce:37:4a:68:a9:6d:c4:28:92:79:
         ba:6d:3f:f7:1d:3b:e0:f3:9f:c9:bd:b1:fb:48:e9:ce:5d:0b:
         ee:74:b9:28:eb:61:cd:98:44:29:20:24:55:5a:fa:64:d1:1c:
         70:6f:6b:44:1c:fd:eb:66:59:c5:8a:f6:5e:ed:50:8e:2b:bb:
         82:fc:14:14:82:5a:44:e7:87:46:6e:11:1b:fc:d0:fe:47:b7:
         22:74:eb:d4:07:ce:db:70:86:26:cf:b0:68:59:8d:4a:42:d0:
         71:37:9d:13:7d:c2:3c:74:39:80:3b:3b:d7:0b:50:28:f1:49:
         00:42:14:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUU3EEGMsR2J497xEAFBrltfVFmpYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MDUyMzU1MjRaFw0yNjA2MDUwMDAwMjRaMDMxMTAvBgNV
BAMTKDlFOTc3RTY0RDc2QkVDQjEyQkRCRTcyNjFFREQwNDM1RDg0QUM1RUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2DxFNDfQc+ju2unvrQbHHQiyj
K9wMh88T15XpZmpCRkfNeEAVbxT08yxUc4NOhbaZejjtT+GGYYBrJpB9WlMKGF6i
stT+BumcA9jxhHw0qjEUx1VqScN3PecF6zDPtzY1IbKhZCW4qkR5fs4cPTU0Qkl4
4fUavWlhhewD0YyWpJMz8ZqsKwjapa0mZcceLXnBrAWGlJkIWdwlPF58Vg8kZV0Q
2PIWywyMV3c+ep3HmzW2HGqxOzqFWUIV0lW4pQ4HLp6PElXttmtM8adco4dPY6M1
RhGoG6cQ8L+r4oqnUHIUgwY8eBoLcE23kV/UERNkP01qPOqKkNbvXPamOSXdAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUnpd+ZNdr7LEr2+cmHt0ENdhKxewwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk4NzA0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCm3U4
AwQCm3WAAwQAoo14MA0GCSqGSIb3DQEBCwUAA4IBAQBplMsqw4Hbbrn5gEs9JLVM
f3qOpQWLBQ7uuACAGZ5ezGzseeYyo2dVNfKgH1ILoVkiKmdz4iialEiLcQBZH5CY
NaSG3YsvBk1RsJc8G/fNvAlQe2k+QDlgKQUtsPYnmtBRotBNepZcAw61/DwgWP6J
RFumM3xKjws24WJ3ZcX8G044LgcA6843SmipbcQoknm6bT/3HTvg85/JvbH7SOnO
XQvudLko62HNmEQpICRVWvpk0Rxwb2tEHP3rZlnFivZe7VCOK7uC/BQUglpE54dG
bhEb/ND+R7cidOvUB87bcIYmz7BoWY1KQtBxN50TfcI8dDmAOzvXC1Ao8UkAQhRU
-----END CERTIFICATE-----