Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa
File:                     AS54339.roa (raw, json)
Hash identifier:          Y25JKCM65NhGc73Tjwu3LGqF/4soHSceclqIS4lKg+4=
Subject key identifier:   D0:74:02:AC:0A:A5:8D:C7:CA:68:F5:A1:57:8A:54:6F:D2:CB:2A:CC
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3F07E01A2A1D98177551F06233441088FB85046B
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa
Signing time:             Wed 11 Jun 2025 14:56:10 +0000
ROA not before:           Wed 11 Jun 2025 14:51:10 +0000
ROA not after:            Wed 10 Jun 2026 14:56:10 +0000
asID:                     54339
IP address blocks:        140.233.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 20:59:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3f:07:e0:1a:2a:1d:98:17:75:51:f0:62:33:44:10:88:fb:85:04:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 11 14:51:10 2025 GMT
            Not After : Jun 10 14:56:10 2026 GMT
        Subject: CN=D07402AC0AA58DC7CA68F5A1578A546FD2CB2ACC
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:11:61:bf:bb:d4:15:a7:18:bc:e6:93:ac:36:
                    90:62:6e:77:f9:0f:57:b0:d4:9b:41:4f:0f:ed:de:
                    e8:70:a6:27:65:c5:9b:33:f2:7a:10:9e:cd:4e:be:
                    18:2a:b4:47:0c:46:e2:54:47:95:ae:ab:37:5e:10:
                    c8:4a:fb:84:94:6c:ff:01:99:b1:b8:ff:0d:7b:b8:
                    d1:f2:05:a8:84:e2:ff:36:a4:46:6e:7c:82:79:21:
                    de:5d:9d:91:b2:ce:8e:cb:ed:38:21:b2:c5:0e:a9:
                    1e:57:b1:8b:c8:de:e9:71:1b:b7:09:1b:a7:a3:be:
                    d8:e6:6a:0b:cc:5b:9c:ac:c4:cc:81:35:11:11:33:
                    d2:57:44:9f:50:ed:5b:0b:fb:5e:7b:c9:c0:7e:c6:
                    0c:08:c0:75:25:eb:a2:32:95:56:df:4a:4e:6c:06:
                    bc:87:f4:9d:c7:0c:8a:3a:68:9d:a9:9b:98:bd:6d:
                    8f:6f:d4:c0:38:18:a0:9b:20:e9:d7:9f:ad:6b:45:
                    c5:63:00:53:6d:8a:03:82:76:c5:be:90:01:9c:c0:
                    28:78:22:8f:82:0e:ed:63:dc:cf:0c:c9:18:7b:0e:
                    5a:4c:a3:76:55:68:ca:ce:69:7a:50:f6:24:21:6e:
                    e5:52:d9:95:4b:5b:b8:2a:3f:e4:cd:a7:1a:70:42:
                    62:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:74:02:AC:0A:A5:8D:C7:CA:68:F5:A1:57:8A:54:6F:D2:CB:2A:CC
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS54339.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:3f:af:c8:46:85:bf:6a:4c:bc:44:fb:09:7e:9b:dc:e1:50:
         9d:d7:3c:ae:35:bf:66:dc:79:5a:9f:a4:bb:8e:30:35:aa:74:
         f5:23:43:3a:2a:00:38:82:c9:62:08:18:b8:15:32:86:91:4b:
         c4:0e:92:e5:e4:66:02:66:55:b3:df:17:f7:a7:d2:37:cb:8e:
         78:f0:d6:09:35:0e:33:24:33:12:0c:72:a6:73:cb:24:a9:f5:
         a6:f4:5f:e9:a6:f9:74:7f:d4:5e:97:83:48:ca:dc:de:b1:56:
         a7:a6:cf:e6:10:34:42:2e:80:fb:34:6e:79:e8:ae:51:51:ae:
         b4:e0:f6:05:97:e2:c7:36:d8:4b:7b:39:0b:a5:bc:ec:d4:8d:
         5d:36:ce:1d:d3:e0:a0:b0:08:39:3e:cb:35:8a:6e:c1:20:b3:
         2d:d3:bb:c5:1c:04:d9:f1:95:2d:c1:66:8a:6a:ea:c3:75:2b:
         76:ad:6b:9d:7e:82:14:b3:17:e2:69:b1:e1:1d:58:6c:13:5b:
         23:df:3e:ac:fc:67:39:16:43:c4:e4:6e:a9:3a:55:6f:1f:b0:
         24:38:67:a1:4c:9b:93:10:37:b4:bb:99:88:7d:fe:a3:7f:09:
         b3:a5:c2:c6:2d:f4:4a:9b:e2:22:14:ca:aa:64:24:80:27:db:
         32:2e:23:01
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPwfgGiodmBd1UfBiM0QQiPuFBGswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA2MTExNDUxMTBaFw0yNjA2MTAxNDU2MTBaMDMxMTAvBgNV
BAMTKEQwNzQwMkFDMEFBNThEQzdDQTY4RjVBMTU3OEE1NDZGRDJDQjJBQ0MwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9EWG/u9QVpxi85pOsNpBibnf5
D1ew1JtBTw/t3uhwpidlxZsz8noQns1OvhgqtEcMRuJUR5WuqzdeEMhK+4SUbP8B
mbG4/w17uNHyBaiE4v82pEZufIJ5Id5dnZGyzo7L7TghssUOqR5XsYvI3ulxG7cJ
G6ejvtjmagvMW5ysxMyBNRERM9JXRJ9Q7VsL+157ycB+xgwIwHUl66IylVbfSk5s
BryH9J3HDIo6aJ2pm5i9bY9v1MA4GKCbIOnXn61rRcVjAFNtigOCdsW+kAGcwCh4
Io+CDu1j3M8MyRh7DlpMo3ZVaMrOaXpQ9iQhbuVS2ZVLW7gqP+TNpxpwQmKJAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU0HQCrAqljcfKaPWhV4pUb9LLKswwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTQzMzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACM6acw
DQYJKoZIhvcNAQELBQADggEBAEc/r8hGhb9qTLxE+wl+m9zhUJ3XPK41v2bceVqf
pLuOMDWqdPUjQzoqADiCyWIIGLgVMoaRS8QOkuXkZgJmVbPfF/en0jfLjnjw1gk1
DjMkMxIMcqZzyySp9ab0X+mm+XR/1F6Xg0jK3N6xVqemz+YQNEIugPs0bnnorlFR
rrTg9gWX4sc22Et7OQulvOzUjV02zh3T4KCwCDk+yzWKbsEgsy3Tu8UcBNnxlS3B
Zopq6sN1K3ata51+ghSzF+JpseEdWGwTWyPfPqz8ZzkWQ8Tkbqk6VW8fsCQ4Z6FM
m5MQN7S7mYh9/qN/CbOlwsYt9Eqb4iIUyqpkJIAn2zIuIwE=
-----END CERTIFICATE-----