Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa
File:                     AS39600.roa (raw, json)
Hash identifier:          cif6q7WdX6ODDM5YOa3YgzUBNDZvp8OOg5zSv6q71mE=
Subject key identifier:   A4:6E:F3:0D:CE:90:66:79:F8:6C:97:1D:71:01:23:9B:7E:13:32:D6
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       2C7966D6A154AFAFB94F920A06762E9A6FA7116C
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa
Signing time:             Mon 07 Oct 2024 00:43:22 +0000
ROA not before:           Mon 07 Oct 2024 00:38:22 +0000
ROA not after:            Mon 06 Oct 2025 00:43:22 +0000
asID:                     39600
IP address blocks:        141.11.152.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2c:79:66:d6:a1:54:af:af:b9:4f:92:0a:06:76:2e:9a:6f:a7:11:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Oct  7 00:38:22 2024 GMT
            Not After : Oct  6 00:43:22 2025 GMT
        Subject: CN=A46EF30DCE906679F86C971D7101239B7E1332D6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:3e:83:1b:42:ae:76:09:d0:91:73:b1:f1:20:
                    3b:91:08:dd:7b:c8:0e:ca:b4:86:72:86:fa:5a:7e:
                    96:7c:fd:1d:24:ef:18:3d:ef:ab:87:57:4a:d7:c6:
                    63:8b:2b:df:24:41:50:ad:71:0e:4b:05:11:35:72:
                    b6:46:71:b5:f9:be:56:64:32:50:d6:76:f2:5d:d5:
                    86:ee:e3:c5:c1:86:0f:2e:e3:5a:d6:b6:05:97:34:
                    b9:ae:e3:57:d5:15:f3:ca:2a:b1:35:99:cc:c6:01:
                    45:8b:b8:bb:de:71:ae:28:f7:2d:69:6a:b5:68:0d:
                    85:d6:7b:03:c5:e9:79:66:6e:36:30:5a:db:b2:81:
                    81:6d:6b:d6:1e:02:bb:8a:3f:17:af:3a:8f:25:af:
                    9c:33:14:c2:b6:84:fc:4b:d8:23:0d:b5:9a:22:44:
                    cb:40:8c:72:0b:02:e3:e5:72:64:6c:53:7e:68:88:
                    b0:d5:d0:95:04:db:4f:9d:31:87:ad:f3:39:da:2c:
                    a9:fd:ae:58:c2:82:0e:de:e6:73:28:28:61:d3:d0:
                    a9:8a:0b:d8:d5:dc:a5:14:aa:10:c1:f3:9f:88:16:
                    26:2e:c1:35:40:ba:aa:6a:c8:96:1e:cd:7d:88:2a:
                    e1:25:31:62:0b:39:1d:f1:35:c3:da:3f:7e:6f:5b:
                    5d:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6E:F3:0D:CE:90:66:79:F8:6C:97:1D:71:01:23:9B:7E:13:32:D6
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS39600.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.11.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:fd:23:55:fe:93:4c:ae:8a:49:f8:5e:99:52:d0:b0:e4:22:
         d0:64:42:26:95:ab:53:8f:cf:ec:ae:ba:26:14:b7:f5:8d:6e:
         d0:ad:44:b2:f5:ce:6b:d4:af:0e:84:28:5c:64:0d:d3:ad:ae:
         c1:07:95:cd:38:26:39:8f:3c:1e:cc:69:42:0f:ab:13:18:d7:
         57:ea:86:8d:92:a8:e1:4c:1c:1d:ea:cb:82:99:08:b4:4a:e9:
         75:b9:7f:f3:7b:d6:f8:dc:92:fe:6d:0d:d8:d4:6a:89:13:93:
         0d:b9:f0:28:92:28:23:65:f8:c7:5b:c9:4d:f9:2b:85:7b:0e:
         42:41:6c:c0:cf:bb:67:1a:1d:db:cc:37:e2:82:97:8b:69:5c:
         dd:0b:75:44:36:4f:bb:35:fe:3d:58:df:a9:53:de:d6:ba:0e:
         e6:74:c4:8d:6f:83:d3:c7:d7:24:75:a7:4f:b1:07:76:e5:a2:
         bd:60:90:2e:3e:ef:9e:8b:b7:7c:67:8d:18:ff:0f:f6:ca:1b:
         60:b1:22:f3:4a:0b:71:33:0d:dc:77:8e:8b:e8:18:42:f3:ff:
         31:24:29:a8:85:23:2b:89:ce:7d:25:53:e1:f2:50:4e:bb:a5:
         8e:34:de:86:96:8b:6a:13:d9:2b:7e:ad:60:60:a7:f1:78:e4:
         53:76:f9:8e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIULHlm1qFUr6+5T5IKBnYumm+nEWwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNDEwMDcwMDM4MjJaFw0yNTEwMDYwMDQzMjJaMDMxMTAvBgNV
BAMTKEE0NkVGMzBEQ0U5MDY2NzlGODZDOTcxRDcxMDEyMzlCN0UxMzMyRDYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDePoMbQq52CdCRc7HxIDuRCN17
yA7KtIZyhvpafpZ8/R0k7xg976uHV0rXxmOLK98kQVCtcQ5LBRE1crZGcbX5vlZk
MlDWdvJd1Ybu48XBhg8u41rWtgWXNLmu41fVFfPKKrE1mczGAUWLuLveca4o9y1p
arVoDYXWewPF6XlmbjYwWtuygYFta9YeAruKPxevOo8lr5wzFMK2hPxL2CMNtZoi
RMtAjHILAuPlcmRsU35oiLDV0JUE20+dMYet8znaLKn9rljCgg7e5nMoKGHT0KmK
C9jV3KUUqhDB85+IFiYuwTVAuqpqyJYezX2IKuElMWILOR3xNcPaP35vW10hAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUpG7zDc6QZnn4bJcdcQEjm34TMtYwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzk2MDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGNC5gw
DQYJKoZIhvcNAQELBQADggEBAJb9I1X+k0yuikn4XplS0LDkItBkQiaVq1OPz+yu
uiYUt/WNbtCtRLL1zmvUrw6EKFxkDdOtrsEHlc04JjmPPB7MaUIPqxMY11fqho2S
qOFMHB3qy4KZCLRK6XW5f/N71vjckv5tDdjUaokTkw258CiSKCNl+MdbyU35K4V7
DkJBbMDPu2caHdvMN+KCl4tpXN0LdUQ2T7s1/j1Y36lT3ta6DuZ0xI1vg9PH1yR1
p0+xB3blor1gkC4+756Lt3xnjRj/D/bKG2CxIvNKC3EzDdx3jovoGELz/zEkKaiF
IyuJzn0lU+HyUE67pY403oaWi2oT2St+rWBgp/F45FN2+Y4=
-----END CERTIFICATE-----