Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60439.roa
File:                     AS60439.roa (raw, json)
Hash identifier:          rUi+RwYnkmgqbw8YbHWb8Y/cywJZSTSilrgCOtTqekY=
Subject key identifier:   DA:2A:88:D5:F1:25:FC:C9:D9:3A:E2:1E:FF:A2:71:E0:D7:74:6D:FE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       74C25E5E94724CA5EE761A4615F90E032694007A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60439.roa
Signing time:             Fri 05 Sep 2025 15:48:49 +0000
ROA not before:           Fri 05 Sep 2025 15:43:49 +0000
ROA not after:            Fri 04 Sep 2026 15:48:49 +0000
asID:                     60439
IP address blocks:        167.148.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Sep 2025 10:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:c2:5e:5e:94:72:4c:a5:ee:76:1a:46:15:f9:0e:03:26:94:00:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep  5 15:43:49 2025 GMT
            Not After : Sep  4 15:48:49 2026 GMT
        Subject: CN=DA2A88D5F125FCC9D93AE21EFFA271E0D7746DFE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:9c:32:f1:0c:2a:24:ad:36:5e:4a:df:3f:ca:
                    99:2b:b5:4d:23:50:f9:e1:ef:b9:2f:a4:15:e6:28:
                    e8:90:e6:0c:19:bd:67:37:2b:b8:94:71:11:c8:83:
                    56:9f:27:54:07:12:84:ed:e9:31:d5:30:16:51:d2:
                    a9:24:39:9f:b7:7d:d4:23:7c:ae:24:a4:fc:a2:1a:
                    d9:65:d0:0e:30:98:85:4f:8d:33:1d:7a:64:c7:52:
                    ee:28:12:85:19:e0:ad:29:fe:30:b6:5c:20:68:31:
                    fa:b0:e0:e0:b7:0c:22:7f:90:5b:fd:27:12:94:a7:
                    2b:1e:aa:ab:1e:2a:1f:df:d5:2f:92:92:00:ce:49:
                    1d:b9:a3:bc:f4:81:49:27:c4:d9:9c:1f:8b:b3:92:
                    63:d2:4f:42:c7:48:7e:65:a9:a2:6c:c0:cb:2d:ab:
                    38:4b:59:68:5d:bf:15:ae:32:b6:25:41:62:32:47:
                    50:92:a0:da:82:6b:a4:cb:40:df:72:9f:05:7e:cf:
                    e3:ce:24:15:33:67:2d:24:6e:e4:94:96:5a:39:83:
                    a2:19:af:dc:f3:f1:25:4c:44:6a:13:76:5b:96:ca:
                    f9:16:1b:a4:2a:92:37:14:a9:cb:b1:81:a2:d1:e6:
                    e9:e9:65:dc:e2:b8:bf:e0:ff:14:5a:d0:11:76:78:
                    f1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:2A:88:D5:F1:25:FC:C9:D9:3A:E2:1E:FF:A2:71:E0:D7:74:6D:FE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60439.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  167.148.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:7c:60:03:81:fd:08:39:84:0b:2a:95:d8:82:33:78:bb:11:
         ac:9e:b9:ff:c2:10:51:93:4a:7f:d6:ce:68:f2:ab:89:42:97:
         99:4f:98:c9:28:27:6c:63:a1:d5:81:6e:75:c1:6a:98:c7:a2:
         5f:07:33:e9:89:5c:8f:4e:22:6b:73:0a:e5:93:8d:a2:35:a3:
         82:dc:c1:a3:60:4b:cc:65:25:ec:ad:d8:2c:f2:80:f9:14:f7:
         9a:2b:44:bf:93:3a:fe:49:86:57:bc:61:d8:bd:37:01:c3:31:
         5e:ba:9a:39:73:bc:1e:f8:78:15:4e:05:11:93:a1:8c:c4:d8:
         b9:d3:1d:f5:0a:4e:fe:5c:e4:fd:9d:52:9d:eb:37:a4:2f:25:
         ff:13:cc:ff:63:7a:ba:1e:22:a3:a9:8a:f7:4b:11:27:12:47:
         28:7a:ff:80:74:c4:5d:68:b5:b9:f1:e2:47:f8:7b:b2:d3:12:
         c6:e5:4f:3a:39:6f:ea:8e:22:9a:ef:9c:ec:a2:91:f4:2b:02:
         d2:24:52:f8:b5:d6:db:da:a6:1b:f0:a4:a6:fc:2e:d7:c0:7d:
         6f:62:fe:be:f4:4d:0f:d2:2a:d6:22:fa:a0:12:9d:38:d4:39:
         b3:42:9a:23:45:f5:c9:b4:0f:9f:5d:16:a7:81:3d:55:ba:64:
         c4:79:97:d8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdMJeXpRyTKXudhpGFfkOAyaUAHowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MDUxNTQzNDlaFw0yNjA5MDQxNTQ4NDlaMDMxMTAvBgNV
BAMTKERBMkE4OEQ1RjEyNUZDQzlEOTNBRTIxRUZGQTI3MUUwRDc3NDZERkUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKnDLxDCokrTZeSt8/ypkrtU0j
UPnh77kvpBXmKOiQ5gwZvWc3K7iUcRHIg1afJ1QHEoTt6THVMBZR0qkkOZ+3fdQj
fK4kpPyiGtll0A4wmIVPjTMdemTHUu4oEoUZ4K0p/jC2XCBoMfqw4OC3DCJ/kFv9
JxKUpyseqqseKh/f1S+SkgDOSR25o7z0gUknxNmcH4uzkmPST0LHSH5lqaJswMst
qzhLWWhdvxWuMrYlQWIyR1CSoNqCa6TLQN9ynwV+z+POJBUzZy0kbuSUllo5g6IZ
r9zz8SVMRGoTdluWyvkWG6QqkjcUqcuxgaLR5unpZdziuL/g/xRa0BF2ePFnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU2iqI1fEl/MnZOuIe/6Jx4Nd0bf4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjA0Mzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACnlMMw
DQYJKoZIhvcNAQELBQADggEBAH18YAOB/Qg5hAsqldiCM3i7Eayeuf/CEFGTSn/W
zmjyq4lCl5lPmMkoJ2xjodWBbnXBapjHol8HM+mJXI9OImtzCuWTjaI1o4LcwaNg
S8xlJeyt2CzygPkU95orRL+TOv5Jhle8Ydi9NwHDMV66mjlzvB74eBVOBRGToYzE
2LnTHfUKTv5c5P2dUp3rN6QvJf8TzP9jeroeIqOpivdLEScSRyh6/4B0xF1otbnx
4kf4e7LTEsblTzo5b+qOIprvnOyikfQrAtIkUvi11tvaphvwpKb8LtfAfW9i/r70
TQ/SKtYi+qASnTjUObNCmiNF9cm0D59dFqeBPVW6ZMR5l9g=
-----END CERTIFICATE-----