Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa
File:                     AS39600.roa (raw, json)
Hash identifier:          nA2YHdNplw//fyi2suBuBvrGl+ZKQmpk1ATaqEj/B8Y=
Subject key identifier:   87:9A:D7:81:19:8D:F9:CB:CC:45:57:E8:FD:5C:C1:5B:35:8B:17:B9
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2447962B9BD7EDB8000348AA352BFB0F2AA9E767
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa
Signing time:             Mon 06 Nov 2023 00:00:07 +0000
ROA not before:           Sun 05 Nov 2023 23:55:07 +0000
ROA not after:            Mon 04 Nov 2024 00:00:07 +0000
asID:                     39600
IP address blocks:        141.11.152.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:47:96:2b:9b:d7:ed:b8:00:03:48:aa:35:2b:fb:0f:2a:a9:e7:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Nov  5 23:55:07 2023 GMT
            Not After : Nov  4 00:00:07 2024 GMT
        Subject: CN=879AD781198DF9CBCC4557E8FD5CC15B358B17B9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:66:d6:e8:e3:8f:bb:33:a9:63:08:a0:e2:5a:
                    df:03:40:d2:33:ae:e5:87:7d:16:5b:ae:e4:b8:8d:
                    92:fb:b9:5d:f0:e6:b8:db:7a:64:b2:02:4c:5b:4c:
                    7d:22:9d:d2:4a:51:9a:45:c5:66:d8:58:c4:39:fb:
                    8c:4d:f8:1a:b1:bc:0a:c3:9c:84:79:fc:db:da:56:
                    ba:53:ec:60:c0:93:4d:01:e8:f9:6b:24:03:f3:c6:
                    37:a9:53:dd:3d:01:64:d1:16:67:32:b9:79:33:e3:
                    9e:eb:f8:03:2b:54:e6:41:af:c4:ed:4c:81:f1:60:
                    25:0e:e4:35:32:82:c2:b5:8f:df:77:92:4b:48:c6:
                    78:2e:27:32:58:81:69:31:da:7f:03:3f:5d:df:a7:
                    bd:f8:78:4a:05:7f:2c:48:f2:65:c5:91:9f:7c:68:
                    5a:fa:4a:22:18:dc:88:f1:0b:0f:4e:45:a5:a5:fd:
                    6c:87:42:d0:84:ca:da:e4:de:76:8f:64:77:0b:64:
                    8b:bb:d8:9d:14:4b:81:8e:f7:f8:97:39:64:57:5f:
                    db:7b:71:c5:25:a7:7a:41:2b:ce:a0:87:93:a3:02:
                    66:5e:3c:50:b0:6f:94:4f:8f:99:5d:97:e1:4c:46:
                    85:06:09:79:92:20:8c:8a:2f:4d:18:0d:f4:0a:fa:
                    0f:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:9A:D7:81:19:8D:F9:CB:CC:45:57:E8:FD:5C:C1:5B:35:8B:17:B9
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:1f:b7:3b:a0:a9:39:85:73:23:cc:e6:d7:8e:1d:f8:51:8d:
         77:fa:11:a9:ed:ff:e7:c8:26:75:d8:d2:9e:60:aa:b4:c5:85:
         44:c7:a0:c5:3c:f3:83:8d:8e:9e:a2:c9:fa:2c:76:c5:4f:79:
         ab:44:c1:b5:13:a9:5b:49:dc:d5:f5:5f:41:be:9e:9b:ec:f8:
         12:d5:4b:01:85:07:c4:68:14:4c:8b:b3:06:bb:ec:40:5e:69:
         07:23:e6:cd:37:00:b9:53:f4:22:43:d7:be:e0:0b:5d:44:20:
         cf:37:05:f6:b3:37:b3:a9:b4:e4:7c:9a:75:6a:a3:c3:fa:50:
         08:8a:3b:9e:0a:c1:9d:f7:23:81:9b:a9:d6:16:73:92:57:93:
         c9:c6:54:02:b1:b5:ec:8e:35:b1:ff:b7:d0:fd:8a:ef:98:5e:
         1c:ba:cf:26:7c:c9:98:a9:1e:d8:9c:cf:93:06:48:08:9b:35:
         d9:82:57:eb:fb:9c:2d:9a:db:9a:0f:51:2c:b7:f0:be:27:72:
         3e:3b:2d:2b:a3:99:3f:9c:d5:3f:66:7d:5d:27:c5:0d:23:30:
         7b:44:a4:2b:6a:cb:8e:3d:d2:82:b5:93:c9:1c:8a:56:44:f1:
         71:8f:bd:e9:ff:5d:17:39:77:31:14:88:fb:9b:af:a8:e1:38:
         f7:98:09:4e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJEeWK5vX7bgAA0iqNSv7Dyqp52cwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yMzExMDUyMzU1MDdaFw0yNDExMDQwMDAwMDdaMDMxMTAvBgNV
BAMTKDg3OUFENzgxMTk4REY5Q0JDQzQ1NTdFOEZENUNDMTVCMzU4QjE3QjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJZtbo44+7M6ljCKDiWt8DQNIz
ruWHfRZbruS4jZL7uV3w5rjbemSyAkxbTH0indJKUZpFxWbYWMQ5+4xN+BqxvArD
nIR5/NvaVrpT7GDAk00B6PlrJAPzxjepU909AWTRFmcyuXkz457r+AMrVOZBr8Tt
TIHxYCUO5DUygsK1j993kktIxnguJzJYgWkx2n8DP13fp734eEoFfyxI8mXFkZ98
aFr6SiIY3IjxCw9ORaWl/WyHQtCEytrk3naPZHcLZIu72J0US4GO9/iXOWRXX9t7
ccUlp3pBK86gh5OjAmZePFCwb5RPj5ldl+FMRoUGCXmSIIyKL00YDfQK+g8DAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUh5rXgRmN+cvMRVfo/VzBWzWLF7kwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2MDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC5gw
DQYJKoZIhvcNAQELBQADggEBALEftzugqTmFcyPM5teOHfhRjXf6Eant/+fIJnXY
0p5gqrTFhUTHoMU884ONjp6iyfosdsVPeatEwbUTqVtJ3NX1X0G+npvs+BLVSwGF
B8RoFEyLswa77EBeaQcj5s03ALlT9CJD177gC11EIM83BfazN7OptOR8mnVqo8P6
UAiKO54KwZ33I4GbqdYWc5JXk8nGVAKxteyONbH/t9D9iu+YXhy6zyZ8yZipHtic
z5MGSAibNdmCV+v7nC2a25oPUSy38L4ncj47LSujmT+c1T9mfV0nxQ0jMHtEpCtq
y4490oK1k8kcilZE8XGPven/XRc5dzEUiPubr6jhOPeYCU4=
-----END CERTIFICATE-----