Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa
File:                     AS395839.roa (raw, json)
Hash identifier:          4vGXbepWjw8Dtn8miWMzrM8D1ih+Mio/E+BY+34r/Zw=
Subject key identifier:   73:E5:8D:FB:30:E7:0D:17:78:71:2B:2A:45:19:1B:C9:CE:93:FE:03
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       72B310814F802782C658F19214FBB176958A66B1
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa
Signing time:             Mon 06 May 2024 00:00:16 +0000
ROA not before:           Sun 05 May 2024 23:55:16 +0000
ROA not after:            Mon 05 May 2025 00:00:16 +0000
asID:                     395839
IP address blocks:        191.96.148.0/24 maxlen: 24
                          191.96.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:b3:10:81:4f:80:27:82:c6:58:f1:92:14:fb:b1:76:95:8a:66:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: May  5 23:55:16 2024 GMT
            Not After : May  5 00:00:16 2025 GMT
        Subject: CN=73E58DFB30E70D1778712B2A45191BC9CE93FE03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:0e:c4:8a:a4:94:5b:2d:7b:d0:5c:33:69:51:
                    62:76:a6:58:50:fe:7d:90:75:0b:3d:69:f5:37:0e:
                    2e:af:94:d3:ef:6b:79:68:f3:06:12:26:8b:3f:a3:
                    88:42:86:92:91:02:7a:bb:d9:2e:91:e5:46:6b:1e:
                    33:96:8d:ab:9d:18:42:bf:48:05:39:36:73:c2:f4:
                    20:e0:17:2e:55:90:d5:21:bf:9d:16:cc:06:dc:e7:
                    01:26:83:a2:f3:84:36:fb:56:dc:e8:db:72:e3:e0:
                    13:3f:d7:cd:7b:16:38:3b:33:52:dd:ea:4d:a9:0c:
                    05:e7:eb:18:32:39:23:57:fa:1a:0c:ca:4c:af:f0:
                    ac:a3:97:2a:21:4c:90:72:9a:a8:bd:7c:0a:72:b3:
                    ee:35:a5:71:1b:ca:db:c2:b1:04:e5:12:50:cc:a0:
                    3f:15:64:09:13:d8:68:be:8b:c8:27:8e:3e:bf:c7:
                    7c:28:29:1e:14:30:53:2d:11:68:c6:b8:12:b2:76:
                    d3:07:ef:98:e5:14:53:8a:06:8a:f8:50:34:fb:46:
                    cf:ac:b3:a5:61:17:af:93:b6:d0:2e:4e:c9:7e:a2:
                    48:b5:3b:c2:a5:27:11:d3:ba:c2:a0:a6:56:b0:60:
                    67:f5:71:c5:ee:1c:be:30:f1:12:8b:dd:67:97:11:
                    21:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:E5:8D:FB:30:E7:0D:17:78:71:2B:2A:45:19:1B:C9:CE:93:FE:03
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS395839.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.148.0/24
                  191.96.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:2c:ba:59:c2:ab:d1:58:b6:f8:22:aa:80:17:23:48:63:10:
         d2:14:ee:ab:81:8b:0a:05:fa:90:c4:cd:17:06:04:ba:bd:8b:
         22:6e:54:4d:0c:09:9a:0f:d6:0c:39:bf:db:e5:e7:f8:32:5e:
         52:3a:ee:e3:6b:ca:46:3f:e8:a8:87:32:36:8c:aa:42:66:de:
         e5:05:9d:a2:ce:23:8e:28:a5:72:3e:29:e4:09:17:23:32:cb:
         1f:26:64:1d:eb:a3:1d:9f:11:1c:16:02:ff:0d:30:06:f9:ab:
         1b:5e:c7:38:02:a5:58:85:8a:58:84:92:c7:c5:92:56:eb:5d:
         a1:38:9c:e0:5c:d1:a4:1a:62:15:23:c6:f8:7e:76:65:63:0a:
         d3:d8:6e:aa:8c:55:72:8c:f2:9b:ee:30:d0:3a:b6:b4:3a:46:
         7f:20:52:7a:78:92:32:17:81:40:7e:87:e0:f8:c9:36:53:2f:
         58:3a:5c:f8:73:d6:ea:ce:63:29:15:b5:0e:19:71:db:4a:b7:
         d5:e3:71:7f:e6:6a:15:8d:0a:2f:c6:d4:91:27:10:bc:98:4d:
         05:c2:e3:ab:f2:fe:69:20:33:06:b7:7b:fc:e0:f4:c7:4c:bb:
         b7:bc:3e:e1:aa:29:0d:cf:c6:bd:d1:aa:75:4e:bd:07:4a:65:
         ba:2d:29:ff
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUcrMQgU+AJ4LGWPGSFPuxdpWKZrEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDA1MDUyMzU1MTZaFw0yNTA1MDUwMDAwMTZaMDMxMTAvBgNV
BAMTKDczRTU4REZCMzBFNzBEMTc3ODcxMkIyQTQ1MTkxQkM5Q0U5M0ZFMDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaDsSKpJRbLXvQXDNpUWJ2plhQ
/n2QdQs9afU3Di6vlNPva3lo8wYSJos/o4hChpKRAnq72S6R5UZrHjOWjaudGEK/
SAU5NnPC9CDgFy5VkNUhv50WzAbc5wEmg6LzhDb7Vtzo23Lj4BM/1817Fjg7M1Ld
6k2pDAXn6xgyOSNX+hoMykyv8KyjlyohTJBymqi9fApys+41pXEbytvCsQTlElDM
oD8VZAkT2Gi+i8gnjj6/x3woKR4UMFMtEWjGuBKydtMH75jlFFOKBor4UDT7Rs+s
s6VhF6+TttAuTsl+oki1O8KlJxHTusKgplawYGf1ccXuHL4w8RKL3WeXESHBAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUc+WN+zDnDRd4cSsqRRkbyc6T/gMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk1ODM5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2CU
AwQAv2DiMA0GCSqGSIb3DQEBCwUAA4IBAQBdLLpZwqvRWLb4IqqAFyNIYxDSFO6r
gYsKBfqQxM0XBgS6vYsiblRNDAmaD9YMOb/b5ef4Ml5SOu7ja8pGP+iohzI2jKpC
Zt7lBZ2iziOOKKVyPinkCRcjMssfJmQd66MdnxEcFgL/DTAG+asbXsc4AqVYhYpY
hJLHxZJW612hOJzgXNGkGmIVI8b4fnZlYwrT2G6qjFVyjPKb7jDQOra0OkZ/IFJ6
eJIyF4FAfofg+Mk2Uy9YOlz4c9bqzmMpFbUOGXHbSrfV43F/5moVjQovxtSRJxC8
mE0FwuOr8v5pIDMGt3v84PTHTLu3vD7hqikNz8a90ap1Tr0HSmW6LSn/
-----END CERTIFICATE-----