Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa
File:                     AS399827.roa (raw, json)
Hash identifier:          GijWsCeMyGdtkGMwgc2EvSrTKqsOUWCgM2lw0sxShnI=
Subject key identifier:   D1:6B:8E:30:75:15:CA:BA:55:BA:D5:F3:2C:C9:60:73:E8:7D:B7:70
Certificate issuer:       /CN=88c14ec02adbf083138eddd47871176ddeb93d9d
Certificate serial:       6B1C1A9F26B9A06F69FD183F0C06DE2EAEB0AABA
Authority key identifier: 88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa
Signing time:             Thu 05 Jun 2025 17:39:51 +0000
ROA not before:           Thu 05 Jun 2025 17:34:51 +0000
ROA not after:            Thu 04 Jun 2026 17:39:51 +0000
asID:                     399827
IP address blocks:        185.208.0.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 12:26:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:1c:1a:9f:26:b9:a0:6f:69:fd:18:3f:0c:06:de:2e:ae:b0:aa:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88c14ec02adbf083138eddd47871176ddeb93d9d
        Validity
            Not Before: Jun  5 17:34:51 2025 GMT
            Not After : Jun  4 17:39:51 2026 GMT
        Subject: CN=D16B8E307515CABA55BAD5F32CC96073E87DB770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:3e:dc:fa:44:85:8d:21:b5:2a:80:14:ff:dc:
                    db:43:25:27:9e:fb:3b:9e:50:38:db:a5:96:ce:0a:
                    b9:4d:e0:06:48:2e:8f:fc:99:4f:5c:68:9d:5a:a0:
                    2d:4f:22:7c:15:41:f9:ae:1e:fa:46:d1:a0:41:5c:
                    46:12:9d:96:92:77:9f:73:db:0f:55:1d:f4:b7:2a:
                    cf:60:de:87:6d:c9:ec:98:1c:3b:34:5b:40:2b:d4:
                    4c:fa:20:41:8d:a0:2c:02:41:8e:86:24:cc:9f:43:
                    3e:2b:a5:43:86:f5:04:00:6e:35:78:94:c1:75:2c:
                    b8:b9:11:2a:55:44:21:0d:f2:59:26:3e:be:bf:13:
                    e5:85:98:43:24:cc:4b:37:bc:0c:b5:bb:f1:ea:e4:
                    88:cd:99:d8:00:e7:82:a8:f1:9e:0b:16:da:2e:00:
                    ee:6c:2f:77:c2:94:29:5e:b7:03:42:4e:7f:3f:64:
                    3c:71:2a:f1:50:3b:97:b7:68:da:d0:73:7f:ec:44:
                    62:6b:37:56:83:c4:e6:d8:6d:e3:02:0f:01:5d:7a:
                    c1:3c:07:8c:c9:b2:50:08:a3:4b:bc:4f:19:08:80:
                    98:7e:bd:23:8a:6c:a7:93:4e:7f:5c:30:6a:82:ed:
                    6b:e8:c6:58:e2:5f:ec:f3:f0:f7:ff:00:f2:be:34:
                    ec:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:6B:8E:30:75:15:CA:BA:55:BA:D5:F3:2C:C9:60:73:E8:7D:B7:70
            X509v3 Authority Key Identifier:
                keyid:88:C1:4E:C0:2A:DB:F0:83:13:8E:DD:D4:78:71:17:6D:DE:B9:3D:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/88C14EC02ADBF083138EDDD47871176DDEB93D9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iMFOwCrb8IMTjt3UeHEXbd65PZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c409d7b2-ee64-49f1-ad81-8e4a107d62e0/0/AS399827.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:f4:59:47:e5:17:81:c6:ff:35:6c:ec:41:7d:b1:36:6e:30:
         45:4c:6a:31:6a:92:c1:a0:3b:11:3d:20:ce:fe:d9:82:79:21:
         8b:8c:7b:d7:ad:24:74:9e:84:99:46:92:60:eb:b2:7b:fc:84:
         cc:25:7d:a0:ac:59:2b:88:db:b1:ed:ef:f1:4f:8d:13:4e:dd:
         3a:16:9e:dc:3e:ae:13:bd:72:53:96:4c:0e:55:13:8c:df:99:
         74:cf:6d:55:e2:1b:aa:90:e0:91:4b:d9:95:cf:16:f7:0a:62:
         71:eb:69:85:a0:75:7d:b1:10:2e:db:44:d3:4c:dd:ca:84:79:
         c7:54:95:c2:87:b6:1b:8b:ba:0b:c5:5f:20:ae:42:10:83:12:
         b7:4f:57:59:10:5b:a0:39:4b:18:41:4b:e0:d6:b7:bb:1a:fe:
         27:b8:4e:59:6c:8f:ae:e3:21:98:08:bb:d0:fa:18:8e:cb:12:
         26:d8:35:4b:c3:04:59:31:1a:af:76:ef:f0:26:45:4d:f8:c8:
         53:2b:95:dc:63:28:37:cb:90:b0:ea:46:3a:eb:cc:b7:e6:06:
         6d:28:ef:78:d5:39:bb:e0:6f:3f:38:4e:78:8e:0b:a5:91:2c:
         89:40:dd:db:91:67:8d:00:6b:f8:a7:79:34:08:72:88:da:5b:
         48:7e:f2:3d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUaxwanya5oG9p/Rg/DAbeLq6wqrowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoODhjMTRlYzAyYWRiZjA4MzEzOGVkZGQ0Nzg3MTE3NmRk
ZWI5M2Q5ZDAeFw0yNTA2MDUxNzM0NTFaFw0yNjA2MDQxNzM5NTFaMDMxMTAvBgNV
BAMTKEQxNkI4RTMwNzUxNUNBQkE1NUJBRDVGMzJDQzk2MDczRTg3REI3NzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRPtz6RIWNIbUqgBT/3NtDJSee
+zueUDjbpZbOCrlN4AZILo/8mU9caJ1aoC1PInwVQfmuHvpG0aBBXEYSnZaSd59z
2w9VHfS3Ks9g3odtyeyYHDs0W0Ar1Ez6IEGNoCwCQY6GJMyfQz4rpUOG9QQAbjV4
lMF1LLi5ESpVRCEN8lkmPr6/E+WFmEMkzEs3vAy1u/Hq5IjNmdgA54Ko8Z4LFtou
AO5sL3fClCletwNCTn8/ZDxxKvFQO5e3aNrQc3/sRGJrN1aDxObYbeMCDwFdesE8
B4zJslAIo0u8TxkIgJh+vSOKbKeTTn9cMGqC7WvoxljiX+zz8Pf/APK+NOyNAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU0WuOMHUVyrpVutXzLMlgc+h9t3AwHwYDVR0j
BBgwFoAUiMFOwCrb8IMTjt3UeHEXbd65PZ0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQwOWQ3YjItZWU2NC00OWYxLWFkODEtOGU0YTEwN2Q2
MmUwLzAvODhDMTRFQzAyQURCRjA4MzEzOEVEREQ0Nzg3MTE3NkRERUI5M0Q5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2lNRk93Q3JiOElNVGp0M1VlSEVYYmQ2
NVBaMC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0MDlkN2IyLWVlNjQt
NDlmMS1hZDgxLThlNGExMDdkNjJlMC8wL0FTMzk5ODI3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCF9FlH5ReBxv81bOxBfbE2bjBFTGoxapLBoDsR
PSDO/tmCeSGLjHvXrSR0noSZRpJg67J7/ITMJX2grFkriNux7e/xT40TTt06Fp7c
Pq4TvXJTlkwOVROM35l0z21V4huqkOCRS9mVzxb3CmJx62mFoHV9sRAu20TTTN3K
hHnHVJXCh7Ybi7oLxV8grkIQgxK3T1dZEFugOUsYQUvg1re7Gv4nuE5ZbI+u4yGY
CLvQ+hiOyxIm2DVLwwRZMRqvdu/wJkVN+MhTK5XcYyg3y5Cw6kY668y35gZtKO94
1Tm74G8/OE54jgulkSyJQN3bkWeNAGv4p3k0CHKI2ltIfvI9
-----END CERTIFICATE-----