Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa
File:                     AS399587.roa (raw, json)
Hash identifier:          GJGUOByU5o554tyMSh8kilLYvEoXEfGFWBpGhATRKI4=
Subject key identifier:   60:88:6E:30:D1:00:05:1C:70:EC:DE:84:3E:29:62:56:81:21:E5:AA
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       54D2B4954A193E640B3976D104765D2550796B80
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa
Signing time:             Fri 23 Aug 2024 08:01:26 +0000
ROA not before:           Fri 23 Aug 2024 07:56:26 +0000
ROA not after:            Fri 22 Aug 2025 08:01:26 +0000
asID:                     399587
IP address blocks:        2a0f:85c1:84e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:d2:b4:95:4a:19:3e:64:0b:39:76:d1:04:76:5d:25:50:79:6b:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Aug 23 07:56:26 2024 GMT
            Not After : Aug 22 08:01:26 2025 GMT
        Subject: CN=60886E30D100051C70ECDE843E2962568121E5AA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4b:83:6a:6a:9f:28:33:b7:4b:d3:14:e8:c0:
                    ed:27:84:27:b0:b0:61:71:33:ec:cc:b6:39:b3:29:
                    02:de:0a:26:1c:61:07:11:b1:87:59:ea:6a:43:d7:
                    a3:e6:c0:94:d4:c1:42:68:30:3c:78:67:3b:45:09:
                    d5:2a:a3:05:61:8e:19:a2:d1:4c:61:a1:f5:c8:29:
                    80:bf:75:de:a2:f6:75:49:f7:11:ba:ed:fe:02:33:
                    8e:b5:c5:53:b1:a0:63:de:16:64:ed:e5:3b:31:39:
                    5b:fd:47:d2:bf:b9:27:7f:27:d3:14:81:8a:1b:48:
                    b0:72:72:fe:40:e3:6d:2f:dc:da:7f:93:8f:98:12:
                    f3:16:15:5f:d3:24:06:0d:9a:1e:8b:47:09:7f:b7:
                    f4:72:7e:a5:df:19:d5:b7:cc:99:39:2a:7d:fd:14:
                    9e:58:a3:8b:15:4a:77:18:10:dc:81:23:f5:eb:7d:
                    6f:1b:f0:bf:73:28:3b:39:55:ed:3a:90:d7:83:ac:
                    ae:eb:53:1e:b7:a2:f8:9e:99:ce:02:7d:24:e2:53:
                    87:be:b1:91:7c:f1:ef:08:f2:55:be:1b:b4:f0:d6:
                    df:88:01:d2:f5:af:58:0a:dd:31:87:c2:58:d9:e7:
                    23:53:cd:2c:36:ff:53:3e:91:2a:e3:ab:3c:83:d7:
                    ce:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:88:6E:30:D1:00:05:1C:70:EC:DE:84:3E:29:62:56:81:21:E5:AA
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS399587.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:84e::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:43:7f:81:b1:cb:45:fb:fb:ca:e7:5a:96:27:69:6b:52:8d:
         ee:c1:6a:d6:0d:c5:20:c9:45:64:69:9e:70:c3:03:8a:3f:67:
         b6:fe:e5:ff:fe:0b:2c:2a:85:ec:c1:f6:25:a3:7f:8c:43:3e:
         f6:d0:9f:f1:70:0f:c1:b2:33:da:01:08:bb:0c:2d:f1:4f:d0:
         71:f3:90:71:35:ef:0f:a4:39:cd:38:a2:91:46:e0:27:64:04:
         08:dc:6a:19:34:77:fc:5c:e8:86:58:6f:69:ef:e8:ec:f7:f2:
         24:f3:81:47:1c:ec:34:56:22:32:a2:4e:c0:4e:a8:3b:fb:c8:
         66:4e:58:22:20:0f:9c:ff:a5:fb:a2:e2:bc:93:ed:08:61:15:
         37:66:4d:09:84:79:4a:e5:ef:3b:c1:fd:21:24:3d:b3:77:da:
         2e:ca:c3:15:67:a1:2e:db:48:12:53:6e:b0:c5:12:df:ff:01:
         17:7f:a6:9c:88:18:7d:71:39:a6:80:8f:87:d6:5f:3e:83:bd:
         02:23:27:5f:38:e7:8e:14:ba:70:be:8f:f3:70:d1:46:dc:8e:
         5a:b8:73:c9:22:49:d2:5d:3c:13:8c:45:f3:bb:02:2e:e2:63:
         d5:07:ef:ea:99:da:34:4c:72:c5:ad:f1:81:bd:07:b7:3e:8f:
         fe:5c:53:ee
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIUVNK0lUoZPmQLOXbRBHZdJVB5a4AwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA4MjMwNzU2MjZaFw0yNTA4MjIwODAxMjZaMDMxMTAvBgNV
BAMTKDYwODg2RTMwRDEwMDA1MUM3MEVDREU4NDNFMjk2MjU2ODEyMUU1QUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMS4Nqap8oM7dL0xTowO0nhCew
sGFxM+zMtjmzKQLeCiYcYQcRsYdZ6mpD16PmwJTUwUJoMDx4ZztFCdUqowVhjhmi
0UxhofXIKYC/dd6i9nVJ9xG67f4CM461xVOxoGPeFmTt5TsxOVv9R9K/uSd/J9MU
gYobSLBycv5A420v3Np/k4+YEvMWFV/TJAYNmh6LRwl/t/RyfqXfGdW3zJk5Kn39
FJ5Yo4sVSncYENyBI/XrfW8b8L9zKDs5Ve06kNeDrK7rUx63oviemc4CfSTiU4e+
sZF88e8I8lW+G7Tw1t+IAdL1r1gK3TGHwljZ5yNTzSw2/1M+kSrjqzyD187zAgMB
AAGjggINMIICCTAdBgNVHQ4EFgQUYIhuMNEABRxw7N6EPiliVoEh5aowHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMzk5NTg3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+F
wQhOMA0GCSqGSIb3DQEBCwUAA4IBAQDbQ3+BsctF+/vK51qWJ2lrUo3uwWrWDcUg
yUVkaZ5wwwOKP2e2/uX//gssKoXswfYlo3+MQz720J/xcA/BsjPaAQi7DC3xT9Bx
85BxNe8PpDnNOKKRRuAnZAQI3GoZNHf8XOiGWG9p7+js9/Ik84FHHOw0ViIyok7A
Tqg7+8hmTlgiIA+c/6X7ouK8k+0IYRU3Zk0JhHlK5e87wf0hJD2zd9ouysMVZ6Eu
20gSU26wxRLf/wEXf6aciBh9cTmmgI+H1l8+g70CIydfOOeOFLpwvo/zcNFG3I5a
uHPJIknSXTwTjEXzuwIu4mPVB+/qmdo0THLFrfGBvQe3Po/+XFPu
-----END CERTIFICATE-----