Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6939.roa
File:                     AS6939.roa (raw, json)
Hash identifier:          YAGzFXrha/bQu4pPIaWCqYtj2+SG4N3ye3/LnS5G8bc=
Subject key identifier:   DA:D1:AA:A9:FF:BF:CD:CB:99:06:D3:56:3C:29:47:D1:87:17:C9:9E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3F459CB3611AD530A94AD030960F3C9FA8935932
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6939.roa
Signing time:             Mon 20 Oct 2025 07:45:51 +0000
ROA not before:           Mon 20 Oct 2025 07:40:51 +0000
ROA not after:            Mon 19 Oct 2026 07:45:51 +0000
asID:                     6939
IP address blocks:        143.14.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 18:49:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:45:9c:b3:61:1a:d5:30:a9:4a:d0:30:96:0f:3c:9f:a8:93:59:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 20 07:40:51 2025 GMT
            Not After : Oct 19 07:45:51 2026 GMT
        Subject: CN=DAD1AAA9FFBFCDCB9906D3563C2947D18717C99E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:7a:b1:77:0c:a8:96:f2:e1:01:20:d1:76:3c:
                    de:c2:d1:2d:3d:10:e4:25:f0:07:fb:1e:75:fa:b9:
                    b0:b9:99:46:a0:1a:f9:f0:74:79:a6:b0:c8:ea:fa:
                    d2:70:86:ee:f0:e6:82:b2:d4:aa:31:21:7c:21:28:
                    b7:38:b8:a4:19:2c:8f:77:e3:3f:8e:f9:29:0f:4f:
                    ce:2f:84:08:61:4c:85:ac:f7:c0:c4:58:6e:fb:a8:
                    a7:86:02:7d:b8:13:e8:7f:c0:fa:b6:dc:91:fb:f8:
                    1c:e9:6c:a5:f5:78:f3:06:35:1f:a1:7d:64:92:55:
                    71:f1:9a:05:23:c0:cc:fb:f7:33:9a:22:da:fb:47:
                    d7:16:61:c9:be:6b:06:bb:2f:6d:41:15:a7:e6:53:
                    65:54:bb:b5:33:0c:0d:67:23:f9:87:ae:01:d2:24:
                    fb:fe:92:9e:70:e0:37:96:0a:5c:5b:a9:3f:f2:a1:
                    9f:f6:89:e5:dc:6a:8a:76:ac:2a:8a:a7:74:c3:2a:
                    3c:5b:b5:c0:e5:5e:fc:34:c4:37:44:9c:9a:ab:f7:
                    06:5c:60:24:10:e0:4b:80:b0:8c:5d:78:ba:1e:e2:
                    ef:f8:be:a2:75:82:cd:5c:e6:ca:a4:ca:5c:73:01:
                    bb:86:c5:b7:e5:72:3d:84:b2:69:66:2f:58:fa:6c:
                    cf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D1:AA:A9:FF:BF:CD:CB:99:06:D3:56:3C:29:47:D1:87:17:C9:9E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6939.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:a4:a0:7e:ee:e2:e1:e1:5c:a6:45:28:8a:93:0b:c2:4d:01:
         7e:bf:36:0e:6a:01:5d:36:e7:a8:20:21:ae:b5:b8:a8:84:e7:
         ad:cc:6f:eb:54:2d:c1:4d:c3:da:ca:1d:0b:9b:24:c6:30:8a:
         4f:93:07:21:ca:ab:cc:53:7e:6a:8d:98:5b:87:6b:22:9a:c1:
         5a:37:ee:bb:a3:c9:cc:fd:f4:35:33:e9:c5:7e:0f:02:66:f0:
         da:f6:e0:f6:b8:b5:0d:9d:b1:6c:f6:86:5c:82:45:08:c6:4d:
         f8:57:ba:80:5b:a2:0e:ea:b2:8a:65:14:5e:06:48:43:67:a7:
         ad:1e:e8:ab:71:da:ae:ce:01:9c:20:cf:b6:39:17:fc:2a:f1:
         f1:73:f4:9b:cc:d6:93:05:6e:16:00:9b:0e:77:6a:92:24:ea:
         c3:ce:29:ef:ea:b9:ac:c6:21:f3:aa:92:e6:e3:c5:18:4c:17:
         46:31:df:54:fe:ee:04:4c:d8:07:00:8d:6e:7a:cb:b4:69:dc:
         cd:65:3d:3d:59:e5:c1:b9:72:84:e3:e0:41:b7:09:4a:7e:5e:
         82:32:69:09:bb:e2:f6:58:73:6f:6e:d2:a9:45:a5:2a:18:d2:
         b0:85:33:11:8d:fc:f0:a6:d5:19:d6:03:71:30:34:fa:86:bb:
         70:dd:6a:2b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUP0Wcs2Ea1TCpStAwlg88n6iTWTIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMjAwNzQwNTFaFw0yNjEwMTkwNzQ1NTFaMDMxMTAvBgNV
BAMTKERBRDFBQUE5RkZCRkNEQ0I5OTA2RDM1NjNDMjk0N0QxODcxN0M5OUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCderF3DKiW8uEBINF2PN7C0S09
EOQl8Af7HnX6ubC5mUagGvnwdHmmsMjq+tJwhu7w5oKy1KoxIXwhKLc4uKQZLI93
4z+O+SkPT84vhAhhTIWs98DEWG77qKeGAn24E+h/wPq23JH7+BzpbKX1ePMGNR+h
fWSSVXHxmgUjwMz79zOaItr7R9cWYcm+awa7L21BFafmU2VUu7UzDA1nI/mHrgHS
JPv+kp5w4DeWClxbqT/yoZ/2ieXcaop2rCqKp3TDKjxbtcDlXvw0xDdEnJqr9wZc
YCQQ4EuAsIxdeLoe4u/4vqJ1gs1c5sqkylxzAbuGxbflcj2EsmlmL1j6bM8/AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQU2tGqqf+/zcuZBtNWPClH0YcXyZ4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjkzOS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAI8OrTAN
BgkqhkiG9w0BAQsFAAOCAQEAPqSgfu7i4eFcpkUoipMLwk0Bfr82DmoBXTbnqCAh
rrW4qITnrcxv61QtwU3D2sodC5skxjCKT5MHIcqrzFN+ao2YW4drIprBWjfuu6PJ
zP30NTPpxX4PAmbw2vbg9ri1DZ2xbPaGXIJFCMZN+Fe6gFuiDuqyimUUXgZIQ2en
rR7oq3Hars4BnCDPtjkX/Crx8XP0m8zWkwVuFgCbDndqkiTqw84p7+q5rMYh86qS
5uPFGEwXRjHfVP7uBEzYBwCNbnrLtGnczWU9PVnlwblyhOPgQbcJSn5egjJpCbvi
9lhzb27SqUWlKhjSsIUzEY388KbVGdYDcTA0+oa7cN1qKw==
-----END CERTIFICATE-----