Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS399989.roa
File:                     AS399989.roa (raw, json)
Hash identifier:          FRInC9/a5ivbW/+4e6wjYQYdJpUCQmcW2dxK54SKi0M=
Subject key identifier:   8C:CA:99:18:17:6B:E4:CF:81:F9:1A:99:48:D0:27:8D:20:F4:0B:B7
Certificate issuer:       /CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
Certificate serial:       0A0DC091F2DE0844C144C3E190ADAC538AA3BA33
Authority key identifier: 70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS399989.roa
Signing time:             Wed 09 Apr 2025 12:53:16 +0000
ROA not before:           Wed 09 Apr 2025 12:48:16 +0000
ROA not after:            Wed 08 Apr 2026 12:53:16 +0000
asID:                     399989
IP address blocks:        85.8.156.0/22 maxlen: 22
                          193.187.108.0/22 maxlen: 22
                          213.139.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 01:19:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0a:0d:c0:91:f2:de:08:44:c1:44:c3:e1:90:ad:ac:53:8a:a3:ba:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7051b4c2f7ae9ef80b53000b32ab8f5d2f2f415b
        Validity
            Not Before: Apr  9 12:48:16 2025 GMT
            Not After : Apr  8 12:53:16 2026 GMT
        Subject: CN=8CCA9918176BE4CF81F91A9948D0278D20F40BB7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:72:5b:33:bd:5d:eb:39:3e:0d:bf:5e:b0:7d:
                    5b:4e:17:e0:fc:5a:08:6c:bf:0a:71:fb:5b:9d:07:
                    29:0b:8a:5c:29:1a:d7:2f:86:29:01:c9:17:d1:b4:
                    93:b2:7e:a6:a0:5d:48:1e:3f:99:6e:7a:6f:24:86:
                    4c:ff:05:54:9e:50:6c:ac:53:52:b4:59:11:f6:30:
                    ec:4e:ac:5a:97:81:8c:c1:b3:36:b2:ad:f9:2e:b1:
                    54:ed:6e:83:56:f7:78:a0:55:99:e5:6c:73:f0:5a:
                    12:2d:da:41:99:4d:b5:30:d1:fc:43:df:ba:8b:24:
                    53:a8:6e:87:fc:27:10:1c:f5:8d:b2:a7:60:c7:0d:
                    a8:08:ad:18:83:5e:cb:ae:d4:2f:3d:bf:88:9f:bb:
                    bc:bb:8e:6d:34:b9:7c:d5:4c:44:15:80:fc:3f:3b:
                    16:e5:ca:76:81:33:b7:f5:e6:80:ce:98:1d:00:ac:
                    e5:8a:51:14:36:d1:f2:02:28:b9:69:21:4a:68:36:
                    6e:99:5f:66:45:a0:a8:9a:fa:81:c1:9b:06:76:3f:
                    60:a8:5d:96:25:8e:25:0e:34:30:5d:cf:9a:bd:1b:
                    0f:b2:b2:82:50:50:c5:d7:10:c9:4e:e3:96:49:cf:
                    dd:09:6f:35:02:f0:64:d9:e7:3a:20:7a:6a:21:f2:
                    fc:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:CA:99:18:17:6B:E4:CF:81:F9:1A:99:48:D0:27:8D:20:F4:0B:B7
            X509v3 Authority Key Identifier:
                keyid:70:51:B4:C2:F7:AE:9E:F8:0B:53:00:0B:32:AB:8F:5D:2F:2F:41:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/7051B4C2F7AE9EF80B53000B32AB8F5D2F2F415B.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cFG0wveunvgLUwALMquPXS8vQVs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/9c5ce9fa-9a6f-4e0c-9809-7a4788744893/0/AS399989.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.8.156.0/22
                  193.187.108.0/22
                  213.139.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:5f:e0:a2:bb:c4:51:13:3a:50:6a:17:d2:c2:6c:4a:ea:60:
         75:90:69:fb:3c:bb:ec:67:bb:2a:a4:b0:dc:fc:31:c9:7a:c7:
         9a:46:e0:d2:f7:32:da:c5:79:63:24:e3:38:7d:00:64:cf:8d:
         b0:fb:01:80:40:46:f6:69:15:b5:27:07:82:f9:6d:22:95:f0:
         e9:40:aa:79:13:4b:fd:10:6f:3b:9d:be:68:ac:a3:43:7c:43:
         c1:ec:a8:eb:4d:a8:74:c9:69:63:b1:f5:b0:e8:19:c4:4a:78:
         21:a3:bc:31:46:92:0b:4e:76:b6:0e:ca:57:70:9e:43:f2:b6:
         23:1f:4d:12:65:ad:08:7d:96:67:55:23:8a:a2:c9:87:42:61:
         16:76:4e:bf:77:81:04:08:6b:1d:f0:26:b1:3e:a5:2e:dd:d1:
         12:65:b6:89:a8:77:7b:42:a3:2f:d0:f5:85:f3:b6:a0:e7:c7:
         a1:19:66:e7:27:2f:40:02:f8:11:c9:f2:fb:2d:d7:47:ab:47:
         75:da:fd:95:7f:d7:7b:5c:20:18:18:69:6d:93:3c:9e:36:85:
         0d:c7:52:54:4c:0c:ca:a4:e6:47:aa:6d:72:aa:ea:24:54:34:
         93:3e:ae:d6:d8:53:3e:ff:12:01:14:dc:2e:fb:f6:ed:6f:8b:
         06:30:3d:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUCg3AkfLeCETBRMPhkK2sU4qjujMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzA1MWI0YzJmN2FlOWVmODBiNTMwMDBiMzJhYjhmNWQy
ZjJmNDE1YjAeFw0yNTA0MDkxMjQ4MTZaFw0yNjA0MDgxMjUzMTZaMDMxMTAvBgNV
BAMTKDhDQ0E5OTE4MTc2QkU0Q0Y4MUY5MUE5OTQ4RDAyNzhEMjBGNDBCQjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCWclszvV3rOT4Nv16wfVtOF+D8
Wghsvwpx+1udBykLilwpGtcvhikByRfRtJOyfqagXUgeP5luem8khkz/BVSeUGys
U1K0WRH2MOxOrFqXgYzBszayrfkusVTtboNW93igVZnlbHPwWhIt2kGZTbUw0fxD
37qLJFOobof8JxAc9Y2yp2DHDagIrRiDXsuu1C89v4ifu7y7jm00uXzVTEQVgPw/
OxblynaBM7f15oDOmB0ArOWKURQ20fICKLlpIUpoNm6ZX2ZFoKia+oHBmwZ2P2Co
XZYljiUONDBdz5q9Gw+ysoJQUMXXEMlO45ZJz90JbzUC8GTZ5zogemoh8vzlAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUjMqZGBdr5M+B+RqZSNAnjSD0C7cwHwYDVR0j
BBgwFoAUcFG0wveunvgLUwALMquPXS8vQVswDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvOWM1Y2U5ZmEtOWE2Zi00ZTBjLTk4MDktN2E0Nzg4NzQ0
ODkzLzAvNzA1MUI0QzJGN0FFOUVGODBCNTMwMDBCMzJBQjhGNUQyRjJGNDE1Qi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2NGRzB3dmV1bnZnTFV3QUxNcXVQWFM4
dlFWcy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzljNWNlOWZhLTlhNmYt
NGUwYy05ODA5LTdhNDc4ODc0NDg5My8wL0FTMzk5OTg5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCVQic
AwQCwbtsAwQC1YvgMA0GCSqGSIb3DQEBCwUAA4IBAQCzX+Ciu8RREzpQahfSwmxK
6mB1kGn7PLvsZ7sqpLDc/DHJeseaRuDS9zLaxXljJOM4fQBkz42w+wGAQEb2aRW1
JweC+W0ilfDpQKp5E0v9EG87nb5orKNDfEPB7KjrTah0yWljsfWw6BnESngho7wx
RpILTna2DspXcJ5D8rYjH00SZa0IfZZnVSOKosmHQmEWdk6/d4EECGsd8CaxPqUu
3dESZbaJqHd7QqMv0PWF87ag58ehGWbnJy9AAvgRyfL7LddHq0d12v2Vf9d7XCAY
GGltkzyeNoUNx1JUTAzKpOZHqm1yquokVDSTPq7W2FM+/xIBFNwu+/btb4sGMD2G
-----END CERTIFICATE-----