Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
File:                     AS39521.roa (raw, json)
Hash identifier:          eBWMpg3YRD8C0QG60Lw63Y7z+ACZ3WttsdTm+7GY/r0=
Subject key identifier:   28:4B:BF:BA:32:B8:C0:6A:07:58:89:20:77:04:B9:23:AF:31:F8:92
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6B9A4BC7BA8ECBC2314BC5F1CF49E6AC36E1084D
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa
Signing time:             Thu 05 Jun 2025 17:39:50 +0000
ROA not before:           Thu 05 Jun 2025 17:34:50 +0000
ROA not after:            Thu 04 Jun 2026 17:39:50 +0000
asID:                     39521
IP address blocks:        143.20.104.0/24 maxlen: 24
                          143.20.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:9a:4b:c7:ba:8e:cb:c2:31:4b:c5:f1:cf:49:e6:ac:36:e1:08:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:50 2025 GMT
            Not After : Jun  4 17:39:50 2026 GMT
        Subject: CN=284BBFBA32B8C06A075889207704B923AF31F892
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:33:5a:3a:a5:21:7a:a6:fd:75:87:0e:de:38:
                    f7:77:35:70:42:31:36:e8:bc:fd:22:13:4b:58:ad:
                    df:1f:a3:e8:a9:3b:fb:19:2e:a5:20:49:93:19:b9:
                    9e:37:e5:da:23:36:a4:77:8c:e6:6b:a7:53:26:02:
                    bd:f3:26:9e:73:43:fc:a5:eb:57:53:72:23:85:77:
                    f7:73:b7:70:16:61:15:9e:e9:58:8d:85:04:03:a5:
                    1e:82:fd:96:9c:12:38:87:95:44:0a:0d:71:00:0e:
                    b7:44:e6:a2:4c:d0:19:ed:3d:50:c5:b1:6c:56:86:
                    80:c1:59:ad:db:b9:09:94:fb:e3:93:f0:58:fc:30:
                    bc:0f:72:df:ca:5c:e0:a5:c8:34:e6:fe:42:81:1e:
                    23:52:26:21:a3:7f:06:a6:68:9e:21:a6:13:e2:78:
                    35:19:e3:1e:40:bb:92:a6:37:59:82:c3:11:45:c6:
                    46:dd:b2:d2:7f:91:93:f9:fb:d4:35:06:87:34:ad:
                    e4:15:43:b7:c8:c1:e4:fc:b1:d7:60:bb:94:dd:39:
                    ae:ba:c3:e1:f0:9f:30:64:01:b6:3a:41:77:e9:92:
                    3f:26:55:a3:63:6c:3f:02:4f:71:6f:64:59:ff:ac:
                    78:ae:f0:ad:96:96:75:f6:52:71:98:85:df:6a:3b:
                    91:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:4B:BF:BA:32:B8:C0:6A:07:58:89:20:77:04:B9:23:AF:31:F8:92
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS39521.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.20.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:6d:0b:0f:6e:54:b7:11:51:c6:8e:33:b0:6c:60:2b:0f:a1:
         90:da:21:36:9d:31:ab:6a:69:75:3b:fd:1e:56:3d:dd:e9:d8:
         1d:69:b7:4f:af:45:37:74:db:df:01:1e:4b:dd:11:3e:3f:68:
         ef:3c:62:9a:83:bd:f5:f5:03:ab:97:26:46:df:d1:f7:49:3a:
         09:0e:fa:b6:e1:da:db:a0:c2:bd:76:fb:94:9f:a2:ee:46:0c:
         1e:ca:25:1a:f2:03:01:2a:3c:97:5b:09:82:9f:6b:c2:dd:64:
         3b:11:4d:08:82:17:5e:3a:98:c7:c8:23:4a:3e:b5:74:07:5c:
         2c:05:1f:e1:02:7a:2c:c7:02:26:85:0e:77:b3:0f:23:8c:ce:
         fd:3c:32:23:5b:89:7a:6c:41:a5:9d:7e:31:ee:43:95:f2:3f:
         b7:60:1c:de:fa:d3:3f:48:89:c8:3c:cb:f8:08:de:92:16:24:
         c2:e6:a3:ef:8d:dd:f8:fb:95:79:8e:a0:0c:7f:86:e0:a7:82:
         c6:72:20:06:67:98:d3:d9:5f:7b:56:e5:8f:ad:b5:3b:72:ec:
         1a:da:55:8a:2f:37:32:4e:53:25:a1:7b:c3:53:b0:ec:8e:75:
         ec:a7:f5:34:5d:c0:5b:65:43:ee:83:1f:18:fc:38:95:b5:72:
         e7:8a:1e:e5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUa5pLx7qOy8IxS8Xxz0nmrDbhCE0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTBaFw0yNjA2MDQxNzM5NTBaMDMxMTAvBgNV
BAMTKDI4NEJCRkJBMzJCOEMwNkEwNzU4ODkyMDc3MDRCOTIzQUYzMUY4OTIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChM1o6pSF6pv11hw7eOPd3NXBC
MTbovP0iE0tYrd8fo+ipO/sZLqUgSZMZuZ435dojNqR3jOZrp1MmAr3zJp5zQ/yl
61dTciOFd/dzt3AWYRWe6ViNhQQDpR6C/ZacEjiHlUQKDXEADrdE5qJM0BntPVDF
sWxWhoDBWa3buQmU++OT8Fj8MLwPct/KXOClyDTm/kKBHiNSJiGjfwamaJ4hphPi
eDUZ4x5Au5KmN1mCwxFFxkbdstJ/kZP5+9Q1Boc0reQVQ7fIweT8sddgu5TdOa66
w+HwnzBkAbY6QXfpkj8mVaNjbD8CT3FvZFn/rHiu8K2WlnX2UnGYhd9qO5FlAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKEu/ujK4wGoHWIkgdwS5I68x+JIwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAGPFGgw
DQYJKoZIhvcNAQELBQADggEBALptCw9uVLcRUcaOM7BsYCsPoZDaITadMatqaXU7
/R5WPd3p2B1pt0+vRTd0298BHkvdET4/aO88YpqDvfX1A6uXJkbf0fdJOgkO+rbh
2tugwr12+5Sfou5GDB7KJRryAwEqPJdbCYKfa8LdZDsRTQiCF146mMfII0o+tXQH
XCwFH+ECeizHAiaFDnezDyOMzv08MiNbiXpsQaWdfjHuQ5XyP7dgHN760z9Iicg8
y/gI3pIWJMLmo++N3fj7lXmOoAx/huCngsZyIAZnmNPZX3tW5Y+ttTty7BraVYov
NzJOUyWhe8NTsOyOdeyn9TRdwFtlQ+6DHxj8OJW1cueKHuU=
-----END CERTIFICATE-----