Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399073.roa
File:                     AS399073.roa (raw, json)
Hash identifier:          roYFiXBy4Kawh26d2bZyj9aVQYqz/15d3hCt+gNq00E=
Subject key identifier:   77:2F:75:DF:EE:AA:2D:92:D2:80:29:C8:D2:23:08:13:4A:4D:C8:3A
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       19A8E1B40D7307E82B227C738C177C3275BCE565
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399073.roa
Signing time:             Sun 24 Aug 2025 15:36:45 +0000
ROA not before:           Sun 24 Aug 2025 15:31:45 +0000
ROA not after:            Sun 23 Aug 2026 15:36:45 +0000
asID:                     399073
IP address blocks:        193.142.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Sep 2025 07:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:a8:e1:b4:0d:73:07:e8:2b:22:7c:73:8c:17:7c:32:75:bc:e5:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Aug 24 15:31:45 2025 GMT
            Not After : Aug 23 15:36:45 2026 GMT
        Subject: CN=772F75DFEEAA2D92D28029C8D22308134A4DC83A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:91:bb:63:eb:42:21:77:11:df:b3:7b:63:ca:
                    b1:bc:29:61:74:a9:3b:54:71:8d:df:27:f3:61:fe:
                    43:b6:83:1b:72:3d:51:e3:b3:4c:39:03:1c:a3:7d:
                    43:60:b8:b7:18:29:1e:3f:51:38:cf:b2:f3:8b:90:
                    6a:50:b3:d4:24:85:0d:f0:64:8a:0e:71:b4:f3:1c:
                    53:91:cd:78:a7:ad:03:f9:18:d4:85:da:7e:cf:19:
                    b5:14:67:3e:66:27:01:2d:4a:af:9c:a4:ed:9e:11:
                    2d:c1:34:28:1b:dd:ca:f0:5e:1c:8b:25:a3:d9:a6:
                    09:f4:ce:42:04:b4:23:b5:d7:12:a0:ea:9b:fb:9a:
                    e0:fa:6b:ae:27:f7:10:70:0a:f7:ab:39:30:fd:90:
                    75:08:c3:7a:17:fc:6a:44:a9:1e:ef:e6:a5:c7:9f:
                    76:5e:5e:1d:5c:4d:35:34:f7:3d:5a:2c:85:53:16:
                    13:d6:82:34:11:77:45:dd:33:a3:f9:21:24:ff:08:
                    32:fc:72:43:5b:71:a2:ca:11:f2:c4:a6:66:f7:f2:
                    15:ea:e5:cc:67:a3:04:96:40:e0:cb:d8:9c:d8:3d:
                    95:36:2d:1c:72:55:b1:d6:82:c0:18:5d:ad:56:3a:
                    e0:fa:b6:67:61:82:3b:6b:cd:75:e4:e3:7b:37:6e:
                    bf:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:2F:75:DF:EE:AA:2D:92:D2:80:29:C8:D2:23:08:13:4A:4D:C8:3A
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS399073.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.142.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:e6:a4:d2:78:48:6d:fd:68:ed:66:80:40:9a:67:b5:3a:4e:
         95:5b:44:63:b9:6a:28:f5:02:59:1f:30:bc:be:d4:0e:2a:2a:
         26:3f:fe:be:e7:eb:36:a0:1e:7d:de:17:4b:5f:b1:65:6b:0d:
         2b:41:40:70:f5:8d:05:39:45:38:28:79:b7:4d:d7:8b:c9:35:
         b4:ce:22:5d:f0:09:59:f3:ff:1a:84:42:4c:21:5c:55:6d:e7:
         a9:00:90:f2:fb:c6:15:e7:42:08:b1:74:d0:bb:71:ca:6b:84:
         52:da:39:ce:68:b4:8a:b1:77:ea:80:84:68:69:3c:fd:55:98:
         6d:9a:c9:43:41:9b:3d:23:48:1a:40:e2:4c:7e:d2:c0:56:87:
         d8:45:eb:e3:78:6b:57:57:6a:e1:83:1f:f1:12:fc:6f:45:11:
         bb:0e:77:33:0a:9c:57:ef:5d:9d:05:70:e2:ff:cb:4f:e3:35:
         43:81:d2:27:19:2e:93:f1:14:0c:bd:ed:58:df:ee:9f:cf:97:
         e2:92:6b:a8:4b:7a:1b:7b:93:b1:ce:ab:38:ff:e3:43:d0:a7:
         93:4c:f1:82:f5:e5:ee:18:7e:9a:3c:9f:1c:21:64:38:25:66:
         dc:b2:33:b5:79:3b:ed:a1:36:b3:10:6f:d9:dc:82:c1:0f:52:
         23:25:52:a4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGajhtA1zB+grInxzjBd8MnW85WUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA4MjQxNTMxNDVaFw0yNjA4MjMxNTM2NDVaMDMxMTAvBgNV
BAMTKDc3MkY3NURGRUVBQTJEOTJEMjgwMjlDOEQyMjMwODEzNEE0REM4M0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUkbtj60IhdxHfs3tjyrG8KWF0
qTtUcY3fJ/Nh/kO2gxtyPVHjs0w5AxyjfUNguLcYKR4/UTjPsvOLkGpQs9QkhQ3w
ZIoOcbTzHFORzXinrQP5GNSF2n7PGbUUZz5mJwEtSq+cpO2eES3BNCgb3crwXhyL
JaPZpgn0zkIEtCO11xKg6pv7muD6a64n9xBwCverOTD9kHUIw3oX/GpEqR7v5qXH
n3ZeXh1cTTU09z1aLIVTFhPWgjQRd0XdM6P5IST/CDL8ckNbcaLKEfLEpmb38hXq
5cxnowSWQODL2JzYPZU2LRxyVbHWgsAYXa1WOuD6tmdhgjtrzXXk43s3br/LAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUdy913+6qLZLSgCnI0iMIE0pNyDowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTMzk5MDczLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwY4W
MA0GCSqGSIb3DQEBCwUAA4IBAQB35qTSeEht/WjtZoBAmme1Ok6VW0RjuWoo9QJZ
HzC8vtQOKiomP/6+5+s2oB593hdLX7Flaw0rQUBw9Y0FOUU4KHm3TdeLyTW0ziJd
8AlZ8/8ahEJMIVxVbeepAJDy+8YV50IIsXTQu3HKa4RS2jnOaLSKsXfqgIRoaTz9
VZhtmslDQZs9I0gaQOJMftLAVofYRevjeGtXV2rhgx/xEvxvRRG7DnczCpxX712d
BXDi/8tP4zVDgdInGS6T8RQMve1Y3+6fz5fikmuoS3obe5Oxzqs4/+ND0KeTTPGC
9eXuGH6aPJ8cIWQ4JWbcsjO1eTvtoTazEG/Z3ILBD1IjJVKk
-----END CERTIFICATE-----