Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS39798.roa
File:                     AS39798.roa (raw, json)
Hash identifier:          P4BDVqkr5M6wiKvWiBjrVJMzY9xRb7Gn+RTGLxPQIK4=
Subject key identifier:   3A:80:A7:80:8A:E4:AA:9E:22:66:EC:F5:44:25:9A:5D:1D:AF:A0:F3
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       44F89245A192D07AA994E3682D01B6FBBADEE6F3
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS39798.roa
Signing time:             Thu 28 Nov 2024 08:38:55 +0000
ROA not before:           Thu 28 Nov 2024 08:33:55 +0000
ROA not after:            Thu 27 Nov 2025 08:38:55 +0000
asID:                     39798
IP address blocks:        185.145.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:12:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            44:f8:92:45:a1:92:d0:7a:a9:94:e3:68:2d:01:b6:fb:ba:de:e6:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Nov 28 08:33:55 2024 GMT
            Not After : Nov 27 08:38:55 2025 GMT
        Subject: CN=3A80A7808AE4AA9E2266ECF544259A5D1DAFA0F3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:26:7c:ed:9a:83:de:06:c6:eb:ef:d7:29:46:
                    35:19:50:3a:af:57:ba:a5:7e:d0:b9:e7:c6:09:1e:
                    2a:d2:c3:d8:20:d9:87:d8:a6:fe:fe:c3:1d:cf:6f:
                    9e:49:dd:cf:7a:c1:85:7a:a6:6b:9d:a1:81:87:60:
                    93:0f:43:f1:d5:8d:4e:81:5f:b0:18:6b:5d:30:f4:
                    62:31:3b:51:27:ab:af:9e:ae:f2:cf:f4:c9:f9:cb:
                    4a:4d:1e:7f:0e:71:5c:ae:49:4f:d3:23:3a:53:e6:
                    bf:d9:2f:56:5a:1d:e9:6c:92:fe:af:c4:88:c6:23:
                    bb:b7:58:79:89:1d:46:6c:45:5c:db:4e:be:ca:7d:
                    57:63:e5:c7:8f:c1:a4:6e:87:0d:08:de:ef:55:be:
                    03:08:a5:b8:90:b8:92:1b:9d:33:51:a1:ac:ff:ba:
                    1c:8a:92:51:67:2e:eb:31:a9:3a:0b:7f:9c:3b:7f:
                    ca:d2:5a:d7:5a:27:d0:17:41:ad:0a:e0:ea:02:14:
                    ed:ac:a0:8a:c4:c2:39:0a:24:56:83:c7:0d:c0:d5:
                    c9:9d:7d:62:10:52:a0:9c:22:ff:2c:af:50:aa:d0:
                    d1:38:25:b3:e6:6c:9d:1f:40:de:d1:7d:1b:6d:eb:
                    c6:cd:b2:d1:76:a2:bd:89:ed:1f:bf:97:16:dd:39:
                    e2:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:80:A7:80:8A:E4:AA:9E:22:66:EC:F5:44:25:9A:5D:1D:AF:A0:F3
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS39798.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:06:31:9a:86:b5:12:4f:fd:e5:9e:23:ea:7f:9d:4d:3d:51:
         6f:d1:00:35:5d:30:14:c2:a1:68:43:91:be:60:42:65:61:48:
         42:aa:b3:ef:90:ca:97:b0:76:34:af:c7:bb:4e:ce:33:0e:69:
         18:7b:69:44:df:cc:15:d2:dc:29:62:60:d0:df:3e:e2:bb:e7:
         95:0e:3d:ff:00:8c:d5:76:08:a3:f4:fa:bc:fa:57:1c:98:dd:
         67:c3:93:26:cf:fb:66:c8:77:bb:62:d9:dc:d2:cf:79:67:04:
         d2:f2:d6:66:e0:70:03:15:fa:e3:50:7a:2c:85:d9:4d:2d:9d:
         10:fa:00:0a:3d:68:9d:f7:7e:93:ee:4d:31:c8:27:e0:1d:22:
         d6:eb:99:3a:7c:32:42:c8:85:f6:51:1d:19:e6:33:06:18:16:
         2f:b2:22:16:93:73:7e:ff:a6:13:b1:f9:3a:d5:f3:8a:70:14:
         0a:08:6f:e8:44:4d:5f:2c:99:74:7f:b8:d4:17:ff:e5:04:02:
         9a:c9:7e:25:10:c1:da:be:9e:e0:50:08:d7:a1:2d:a1:6d:ae:
         0e:cf:c9:f7:a7:4e:10:ed:c5:f0:51:3e:7b:d5:f2:97:27:cd:
         a2:17:50:73:cc:28:ca:03:4d:35:47:f4:9a:80:06:60:80:7c:
         ff:9b:a4:3b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIURPiSRaGS0HqplONoLQG2+7re5vMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDExMjgwODMzNTVaFw0yNTExMjcwODM4NTVaMDMxMTAvBgNV
BAMTKDNBODBBNzgwOEFFNEFBOUUyMjY2RUNGNTQ0MjU5QTVEMURBRkEwRjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC1JnztmoPeBsbr79cpRjUZUDqv
V7qlftC558YJHirSw9gg2YfYpv7+wx3Pb55J3c96wYV6pmudoYGHYJMPQ/HVjU6B
X7AYa10w9GIxO1Enq6+ervLP9Mn5y0pNHn8OcVyuSU/TIzpT5r/ZL1ZaHelskv6v
xIjGI7u3WHmJHUZsRVzbTr7KfVdj5cePwaRuhw0I3u9VvgMIpbiQuJIbnTNRoaz/
uhyKklFnLusxqToLf5w7f8rSWtdaJ9AXQa0K4OoCFO2soIrEwjkKJFaDxw3A1cmd
fWIQUqCcIv8sr1Cq0NE4JbPmbJ0fQN7RfRtt68bNstF2or2J7R+/lxbdOeIBAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOoCngIrkqp4iZuz1RCWaXR2voPMwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk3OTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5kSUw
DQYJKoZIhvcNAQELBQADggEBAEMGMZqGtRJP/eWeI+p/nU09UW/RADVdMBTCoWhD
kb5gQmVhSEKqs++QypewdjSvx7tOzjMOaRh7aUTfzBXS3CliYNDfPuK755UOPf8A
jNV2CKP0+rz6VxyY3WfDkybP+2bId7ti2dzSz3lnBNLy1mbgcAMV+uNQeiyF2U0t
nRD6AAo9aJ33fpPuTTHIJ+AdItbrmTp8MkLIhfZRHRnmMwYYFi+yIhaTc37/phOx
+TrV84pwFAoIb+hETV8smXR/uNQX/+UEAprJfiUQwdq+nuBQCNehLaFtrg7Pyfen
ThDtxfBRPnvV8pcnzaIXUHPMKMoDTTVH9JqABmCAfP+bpDs=
-----END CERTIFICATE-----