Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS39753.roa
File:                     AS39753.roa (raw, json)
Hash identifier:          1IaD7wgm0VGC8KmZ14gXR7I0J9gbHSHwuuiw1ZiFwc8=
Subject key identifier:   E0:49:37:88:92:E6:82:B3:05:51:7C:98:88:73:DF:93:BF:4B:C2:7E
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       65DC1C22E90764728B3AB4C7F1776116E8EB3B6D
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS39753.roa
Signing time:             Fri 23 Aug 2024 08:01:24 +0000
ROA not before:           Fri 23 Aug 2024 07:56:24 +0000
ROA not after:            Fri 22 Aug 2025 08:01:24 +0000
asID:                     39753
IP address blocks:        2a0f:85c1:100::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:dc:1c:22:e9:07:64:72:8b:3a:b4:c7:f1:77:61:16:e8:eb:3b:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:24 2024 GMT
            Not After : Aug 22 08:01:24 2025 GMT
        Subject: CN=E049378892E682B305517C988873DF93BF4BC27E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:8f:2e:ae:a8:08:cb:c0:c8:07:43:eb:53:62:
                    1b:80:41:27:d4:a8:b7:0e:6e:d6:2d:e3:5c:3a:da:
                    f1:0b:60:64:7b:f6:f0:14:ee:d6:f7:fe:5f:28:c3:
                    8f:e3:05:0a:26:6d:c5:46:f9:7c:f6:cb:91:c0:18:
                    03:ff:84:fd:4f:d2:4e:63:3e:ab:21:b9:ab:b3:2e:
                    29:d9:7c:02:94:bb:11:60:89:31:ea:b0:83:b9:2e:
                    43:bc:8c:5e:39:ec:fe:60:c6:57:01:d0:6b:4f:dd:
                    49:42:45:39:14:16:9b:26:71:56:9b:92:5b:6f:c0:
                    28:88:1f:8c:7b:54:08:fd:d1:c8:ea:c9:05:65:9b:
                    c3:c7:d1:e4:7b:c4:23:1b:bf:88:fb:36:02:b7:85:
                    cb:e2:18:b7:45:64:be:25:52:a5:73:48:fc:91:d8:
                    14:74:2c:27:f3:db:9a:2d:d2:cf:5b:76:a3:7d:de:
                    39:ad:7f:92:3b:b5:b0:c1:81:bf:5a:a8:95:0a:69:
                    83:52:b8:8a:c1:49:62:c2:b1:c4:f9:67:0f:3f:4f:
                    09:3b:cb:97:43:5b:3f:f8:44:37:65:87:22:48:03:
                    e8:96:b2:69:6b:c9:ec:6b:d3:6d:2b:bc:38:77:65:
                    e2:b1:5a:e5:0c:29:18:02:e7:93:58:92:f0:0c:46:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E0:49:37:88:92:E6:82:B3:05:51:7C:98:88:73:DF:93:BF:4B:C2:7E
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS39753.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         51:c2:33:9a:b8:89:b2:61:25:1f:f3:f6:6d:3d:09:1b:2d:09:
         60:ee:a7:b4:05:1d:bd:9c:dd:86:15:f0:d5:99:dc:b2:a1:6c:
         36:0c:20:f1:85:89:34:5d:ea:1a:6a:9c:3b:f2:6d:e4:7a:0f:
         a5:6c:4d:09:7f:43:ab:8b:a6:3f:ff:5d:c6:8c:cd:fb:72:a4:
         7d:1c:60:e1:7e:5d:50:2b:c1:87:b9:68:be:0f:34:a8:6a:ca:
         7a:70:e0:81:cf:d0:84:73:8b:2b:79:a0:28:bd:f6:9e:c8:a1:
         97:99:9a:95:86:80:86:db:54:02:f5:0c:df:39:d6:9a:24:be:
         e1:2e:ee:c5:cf:80:dd:72:71:80:aa:17:bf:96:b3:19:eb:d5:
         a6:bf:86:c0:1e:63:46:64:19:5f:8c:8e:de:fe:d2:b9:4e:67:
         9f:d5:00:6b:c0:41:15:71:44:5c:07:42:aa:4a:ed:67:c8:06:
         11:3f:34:17:1d:b9:eb:7f:d1:19:37:0d:be:9f:ae:30:e6:98:
         2f:9a:58:e4:07:ed:1f:e7:52:61:c2:b1:be:89:52:6e:e7:2e:
         39:00:1d:96:f4:11:88:fb:a3:b4:b6:7b:86:b7:11:04:59:04:
         4b:a7:cd:8f:ff:c1:80:5b:3b:05:78:73:97:d7:4f:9f:96:c9:
         7f:e3:c2:58
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIUZdwcIukHZHKLOrTH8XdhFujrO20wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjRaFw0yNTA4MjIwODAxMjRaMDMxMTAvBgNV
BAMTKEUwNDkzNzg4OTJFNjgyQjMwNTUxN0M5ODg4NzNERjkzQkY0QkMyN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDrjy6uqAjLwMgHQ+tTYhuAQSfU
qLcObtYt41w62vELYGR79vAU7tb3/l8ow4/jBQombcVG+Xz2y5HAGAP/hP1P0k5j
PqshuauzLinZfAKUuxFgiTHqsIO5LkO8jF457P5gxlcB0GtP3UlCRTkUFpsmcVab
kltvwCiIH4x7VAj90cjqyQVlm8PH0eR7xCMbv4j7NgK3hcviGLdFZL4lUqVzSPyR
2BR0LCfz25ot0s9bdqN93jmtf5I7tbDBgb9aqJUKaYNSuIrBSWLCscT5Zw8/Twk7
y5dDWz/4RDdlhyJIA+iWsmlryexr020rvDh3ZeKxWuUMKRgC55NYkvAMRjIvAgMB
AAGjggILMIICBzAdBgNVHQ4EFgQU4Ek3iJLmgrMFUXyYiHPfk79Lwn4wHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzk3NTMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIQYIKwYBBQUHAQcBAf8EEjAQMA4EAgACMAgDBgAqD4XB
ATANBgkqhkiG9w0BAQsFAAOCAQEAUcIzmriJsmElH/P2bT0JGy0JYO6ntAUdvZzd
hhXw1ZncsqFsNgwg8YWJNF3qGmqcO/Jt5HoPpWxNCX9Dq4umP/9dxozN+3KkfRxg
4X5dUCvBh7lovg80qGrKenDggc/QhHOLK3mgKL32nsihl5malYaAhttUAvUM3znW
miS+4S7uxc+A3XJxgKoXv5azGevVpr+GwB5jRmQZX4yO3v7SuU5nn9UAa8BBFXFE
XAdCqkrtZ8gGET80Fx2563/RGTcNvp+uMOaYL5pY5AftH+dSYcKxvolSbucuOQAd
lvQRiPujtLZ7hrcRBFkES6fNj//BgFs7BXhzl9dPn5bJf+PCWA==
-----END CERTIFICATE-----