Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396982.roa
File:                     AS396982.roa (raw, json)
Hash identifier:          FCZwk09P78SN4Yv24Dt9wLcpdxNBOPO+xPB23V0UXro=
Subject key identifier:   3E:44:79:B7:C2:3B:E8:E7:07:E2:5D:EC:86:9C:B1:84:B6:4F:76:9B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       21714F2C5AD135679547BA3CF84BBA63E4E3EEE0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396982.roa
Signing time:             Mon 04 Aug 2025 04:28:18 +0000
ROA not before:           Mon 04 Aug 2025 04:23:18 +0000
ROA not after:            Mon 03 Aug 2026 04:28:18 +0000
asID:                     396982
IP address blocks:        162.141.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 12:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:71:4f:2c:5a:d1:35:67:95:47:ba:3c:f8:4b:ba:63:e4:e3:ee:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug  4 04:23:18 2025 GMT
            Not After : Aug  3 04:28:18 2026 GMT
        Subject: CN=3E4479B7C23BE8E707E25DEC869CB184B64F769B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:eb:46:b4:01:00:7f:8c:e6:e3:dd:ff:13:c5:
                    4f:6d:2d:f8:69:95:e5:ae:d0:34:ac:71:01:e8:f5:
                    85:30:09:7b:04:74:23:e9:4d:a2:2e:0e:2d:15:9d:
                    4a:1b:79:b2:ce:0e:b2:3b:e4:a9:87:99:14:12:48:
                    db:b5:7c:f8:2f:19:ca:93:37:73:ed:29:f6:c5:cc:
                    11:27:d5:ad:53:06:bc:3f:09:57:a4:d4:37:c8:2c:
                    ce:b1:fe:04:73:c2:c1:95:48:39:b4:05:46:0a:0a:
                    a9:dd:35:1d:87:b0:f5:02:f5:9a:c9:bc:07:f0:93:
                    58:fa:d8:1a:27:5d:4a:95:ee:9f:ec:f6:e0:97:20:
                    38:88:63:9b:ac:90:ce:44:42:73:7a:7f:50:3d:bb:
                    5e:45:43:a1:db:14:af:c3:97:d8:e6:33:30:87:b3:
                    89:7b:a3:19:ec:71:eb:8d:4d:1d:c9:c2:6e:d1:3e:
                    79:10:37:1e:ee:49:f0:7a:88:5f:05:d5:ca:95:36:
                    6e:45:24:7d:55:da:95:cb:e2:ee:c1:e8:56:24:90:
                    53:25:fd:4d:93:16:a3:94:64:fd:42:ac:2a:5d:58:
                    08:62:6b:78:7c:a0:3c:0c:f3:21:47:eb:78:68:a9:
                    a2:37:90:4f:76:c4:b7:c4:0d:f6:de:65:db:af:ac:
                    46:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:44:79:B7:C2:3B:E8:E7:07:E2:5D:EC:86:9C:B1:84:B6:4F:76:9B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS396982.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  162.141.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:dc:a6:45:fc:bd:5c:d5:4f:63:fc:71:ee:fd:76:f2:50:29:
         85:e2:b5:27:f8:56:11:c9:aa:d9:a9:13:ec:3c:8f:9b:5e:1e:
         c3:f2:c7:e2:b3:f9:15:be:d5:ad:3e:91:b1:a8:d6:32:e0:99:
         21:79:4d:d0:75:50:1b:43:e9:8e:43:27:7a:a5:b3:71:e6:d9:
         2b:84:f6:a6:68:6c:6a:4d:b4:72:35:69:16:50:86:4a:75:77:
         35:65:13:8c:8d:13:8d:76:04:80:2d:51:b7:a3:02:1f:bc:22:
         16:dd:5c:d9:74:81:80:d4:26:4d:77:96:2a:65:a5:8b:41:ca:
         74:91:cd:98:12:18:79:9a:c6:bf:dd:a3:e9:2a:c9:a3:2d:f9:
         25:1d:86:03:06:18:42:ff:a6:cf:64:c3:68:72:48:e9:59:04:
         30:bb:fc:a8:ab:bf:15:b7:48:40:81:88:c7:3d:46:bf:b6:83:
         8e:ca:e2:22:4b:ce:49:8e:a4:b4:59:e0:a6:50:15:de:33:02:
         e7:02:9c:c6:dc:4b:04:3b:f2:07:92:a0:97:cb:5a:3e:db:2a:
         03:44:d5:3a:7c:ec:f5:8e:85:ec:7c:18:6e:dd:8f:f2:ec:6a:
         49:ab:72:b1:83:4d:63:6b:29:55:2f:1a:3f:36:86:22:be:25:
         33:b9:26:ca
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUIXFPLFrRNWeVR7o8+Eu6Y+Tj7uAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA4MDQwNDIzMThaFw0yNjA4MDMwNDI4MThaMDMxMTAvBgNV
BAMTKDNFNDQ3OUI3QzIzQkU4RTcwN0UyNURFQzg2OUNCMTg0QjY0Rjc2OUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF60a0AQB/jObj3f8TxU9tLfhp
leWu0DSscQHo9YUwCXsEdCPpTaIuDi0VnUobebLODrI75KmHmRQSSNu1fPgvGcqT
N3PtKfbFzBEn1a1TBrw/CVek1DfILM6x/gRzwsGVSDm0BUYKCqndNR2HsPUC9ZrJ
vAfwk1j62BonXUqV7p/s9uCXIDiIY5uskM5EQnN6f1A9u15FQ6HbFK/Dl9jmMzCH
s4l7oxnsceuNTR3Jwm7RPnkQNx7uSfB6iF8F1cqVNm5FJH1V2pXL4u7B6FYkkFMl
/U2TFqOUZP1CrCpdWAhia3h8oDwM8yFH63hoqaI3kE92xLfEDfbeZduvrEZfAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUPkR5t8I76OcH4l3shpyxhLZPdpswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzk2OTgyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoo15
MA0GCSqGSIb3DQEBCwUAA4IBAQCZ3KZF/L1c1U9j/HHu/XbyUCmF4rUn+FYRyarZ
qRPsPI+bXh7D8sfis/kVvtWtPpGxqNYy4JkheU3QdVAbQ+mOQyd6pbNx5tkrhPam
aGxqTbRyNWkWUIZKdXc1ZROMjRONdgSALVG3owIfvCIW3VzZdIGA1CZNd5YqZaWL
Qcp0kc2YEhh5msa/3aPpKsmjLfklHYYDBhhC/6bPZMNockjpWQQwu/yoq78Vt0hA
gYjHPUa/toOOyuIiS85JjqS0WeCmUBXeMwLnApzG3EsEO/IHkqCXy1o+2yoDRNU6
fOz1joXsfBhu3Y/y7GpJq3Kxg01jaylVLxo/NoYiviUzuSbK
-----END CERTIFICATE-----