Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          jf39qNMwQ5q3KuhkNcj/xGfSAe/kycUyESRFTg5tAks=
Subject key identifier:   75:07:2A:56:69:5F:9C:2E:1B:5A:FF:B1:0C:6F:ED:AB:AC:1D:77:5A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       756C5AD241D0C4C109D5C06B46D80FDA80A2C218
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
Signing time:             Thu 22 May 2025 08:52:28 +0000
ROA not before:           Thu 22 May 2025 08:47:28 +0000
ROA not after:            Thu 21 May 2026 08:52:28 +0000
asID:                     393942
IP address blocks:        89.19.50.0/24 maxlen: 24
                          191.101.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Jun 2025 23:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:6c:5a:d2:41:d0:c4:c1:09:d5:c0:6b:46:d8:0f:da:80:a2:c2:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May 22 08:47:28 2025 GMT
            Not After : May 21 08:52:28 2026 GMT
        Subject: CN=75072A56695F9C2E1B5AFFB10C6FEDABAC1D775A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:5e:13:e3:1a:12:6e:e0:72:88:8f:93:60:15:
                    97:68:00:47:ca:c6:cb:de:ed:0d:8c:46:9f:71:08:
                    88:28:98:0b:ca:f9:1b:5c:b3:39:c0:f8:9e:11:e2:
                    94:32:5b:7d:21:10:db:8d:1a:58:87:f9:1a:8c:75:
                    eb:a0:a1:95:df:1b:29:e6:db:45:49:cf:63:34:aa:
                    a1:51:bf:89:c9:8e:8b:84:ce:17:96:50:40:e8:0d:
                    28:cc:04:47:a8:a4:24:51:7b:3a:a0:73:d5:e6:1b:
                    bf:36:af:ed:50:56:94:d8:8f:4e:e8:1d:3d:42:42:
                    17:3a:09:69:db:19:25:df:55:31:3e:53:cc:7e:55:
                    62:8f:6a:46:2f:40:83:09:0b:d3:69:3d:fb:fe:73:
                    be:04:73:66:79:87:d3:69:f2:d5:26:22:ac:cf:d1:
                    39:b0:c5:6b:2d:f9:ee:10:05:18:bd:e3:0f:37:b6:
                    f0:95:03:dd:5d:4f:ec:fd:7e:cd:d4:62:7a:48:f4:
                    b4:b8:4b:f0:82:84:df:a9:d2:a7:fd:fd:6f:4f:30:
                    16:0e:3d:49:a8:d1:9e:f5:b1:d3:24:ce:f0:3e:49:
                    c3:0d:2b:2d:e0:88:cf:9f:ee:31:0a:38:b2:c4:b2:
                    9d:ed:a7:99:53:90:2e:88:ca:97:53:87:6b:d5:fd:
                    f7:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:07:2A:56:69:5F:9C:2E:1B:5A:FF:B1:0C:6F:ED:AB:AC:1D:77:5A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.19.50.0/24
                  191.101.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:79:d4:23:68:dc:83:ec:d1:a0:b6:a2:b0:09:3d:0d:de:f3:
         93:93:7e:ea:c2:a4:3a:ec:47:fd:c9:65:99:2a:89:0f:2a:40:
         23:24:dc:32:9c:5b:90:53:e0:36:cf:8c:08:f6:82:3e:fb:d8:
         5c:ca:6b:d4:0a:53:c6:e1:d0:20:f2:32:06:2b:6d:05:9a:d0:
         db:e4:8f:9b:28:63:ea:a8:1d:4a:50:f0:52:0d:8e:20:cf:d3:
         80:3e:09:60:3e:b3:28:35:51:30:65:9e:85:85:fa:97:87:c8:
         1c:d4:32:bb:3c:ba:37:4b:81:a3:32:60:98:ed:30:46:57:66:
         11:fc:bc:cf:9d:68:62:04:8b:68:cf:4f:fe:67:08:bb:c0:d0:
         d9:f7:76:5e:c6:7d:a6:b2:8d:80:d3:c0:68:91:5d:7e:bb:6d:
         0a:a8:a5:63:d4:5c:36:8a:80:04:fe:0e:c3:91:d8:58:57:e8:
         ac:83:57:f3:ec:ae:af:98:38:a0:b4:3a:80:5d:cb:24:aa:ca:
         6a:4f:8a:1b:b3:10:84:f5:82:c4:db:f3:9f:d5:41:95:12:c1:
         2c:3b:2f:1b:4a:0b:51:71:40:be:7d:b3:9e:f2:10:01:f2:97:
         61:6b:48:68:e5:aa:85:d7:ca:7a:19:f2:85:0e:c4:bf:66:23:
         c8:23:7b:d8
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUdWxa0kHQxMEJ1cBrRtgP2oCiwhgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA1MjIwODQ3MjhaFw0yNjA1MjEwODUyMjhaMDMxMTAvBgNV
BAMTKDc1MDcyQTU2Njk1RjlDMkUxQjVBRkZCMTBDNkZFREFCQUMxRDc3NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzXhPjGhJu4HKIj5NgFZdoAEfK
xsve7Q2MRp9xCIgomAvK+RtcsznA+J4R4pQyW30hENuNGliH+RqMdeugoZXfGynm
20VJz2M0qqFRv4nJjouEzheWUEDoDSjMBEeopCRRezqgc9XmG782r+1QVpTYj07o
HT1CQhc6CWnbGSXfVTE+U8x+VWKPakYvQIMJC9NpPfv+c74Ec2Z5h9Np8tUmIqzP
0TmwxWst+e4QBRi94w83tvCVA91dT+z9fs3UYnpI9LS4S/CChN+p0qf9/W9PMBYO
PUmo0Z71sdMkzvA+ScMNKy3giM+f7jEKOLLEsp3tp5lTkC6IypdTh2vV/fdjAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUdQcqVmlfnC4bWv+xDG/tq6wdd1owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWRMy
AwQAv2W9MA0GCSqGSIb3DQEBCwUAA4IBAQALedQjaNyD7NGgtqKwCT0N3vOTk37q
wqQ67Ef9yWWZKokPKkAjJNwynFuQU+A2z4wI9oI++9hcymvUClPG4dAg8jIGK20F
mtDb5I+bKGPqqB1KUPBSDY4gz9OAPglgPrMoNVEwZZ6FhfqXh8gc1DK7PLo3S4Gj
MmCY7TBGV2YR/LzPnWhiBItoz0/+Zwi7wNDZ93Zexn2mso2A08BokV1+u20KqKVj
1Fw2ioAE/g7DkdhYV+isg1fz7K6vmDigtDqAXcskqspqT4obsxCE9YLE2/Of1UGV
EsEsOy8bSgtRcUC+fbOe8hAB8pdha0ho5aqF18p6GfKFDsS/ZiPII3vY
-----END CERTIFICATE-----