Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          Jsrq0X8JBSV/Q6KQEPzIH3ZjAsTt0z/ToDJskN4lb94=
Subject key identifier:   92:7A:2A:AC:B6:E4:76:56:A8:A7:FB:74:DF:EE:0A:89:BE:CD:A0:FA
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       4E47122E97E7670E08E75DB95902BC3BF33F2DDF
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa
Signing time:             Tue 29 Jul 2025 00:00:13 +0000
ROA not before:           Mon 28 Jul 2025 23:55:13 +0000
ROA not after:            Tue 28 Jul 2026 00:00:13 +0000
asID:                     393942
IP address blocks:        191.101.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:47:12:2e:97:e7:67:0e:08:e7:5d:b9:59:02:bc:3b:f3:3f:2d:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jul 28 23:55:13 2025 GMT
            Not After : Jul 28 00:00:13 2026 GMT
        Subject: CN=927A2AACB6E47656A8A7FB74DFEE0A89BECDA0FA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:0d:dd:0a:11:f3:cd:ec:53:9d:a1:ae:0e:d7:
                    a9:e0:3e:1f:b8:19:1f:ed:5c:f0:f8:22:d5:6c:33:
                    27:a9:78:eb:c9:35:6e:63:bd:70:37:c1:33:3f:64:
                    ac:74:22:31:87:ac:3d:c0:72:82:65:57:60:02:83:
                    03:f8:5e:d4:09:1b:6c:53:1f:29:82:56:aa:03:2c:
                    72:64:88:8f:ff:80:35:2b:86:2f:da:1d:6d:c7:8b:
                    1a:b9:ba:e1:80:25:68:73:93:d0:ab:6d:34:9a:0f:
                    dc:1a:58:38:31:27:e0:fb:3a:93:d6:ed:19:09:32:
                    0f:45:d0:ad:0c:e1:24:da:ac:0b:3c:15:8d:3a:20:
                    06:46:ca:40:da:4a:3f:2e:b1:8e:2e:00:3a:e3:ee:
                    f0:ce:d3:e4:7d:f3:14:52:36:ac:a7:57:b1:a1:ba:
                    15:b9:6b:91:15:ef:19:d1:19:c7:df:02:75:93:56:
                    79:95:c5:58:4f:e3:aa:3e:7b:a7:4f:e0:47:ed:6b:
                    61:e8:61:32:a4:04:68:10:5a:ff:48:62:81:5a:3a:
                    50:5f:d0:56:12:9d:e5:0f:2c:25:9e:20:df:d5:0c:
                    2e:0c:ab:70:cf:90:58:7a:2f:12:ba:82:72:09:98:
                    f0:62:1e:17:bd:8a:21:0f:9c:df:71:d0:72:5d:b3:
                    82:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:7A:2A:AC:B6:E4:76:56:A8:A7:FB:74:DF:EE:0A:89:BE:CD:A0:FA
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:5a:1f:77:12:46:77:ef:ea:d4:8f:e8:15:31:a0:0f:c1:ca:
         77:ea:d7:41:14:ca:7d:a6:b3:95:57:dc:43:06:cf:2e:e0:09:
         4c:6a:c4:57:a9:ed:1d:49:de:b1:2d:06:db:13:a8:a0:61:d9:
         b0:ed:69:65:f0:ca:df:64:83:28:2b:74:7c:1a:ff:19:4f:a1:
         43:9c:bf:94:e0:2d:2d:bf:1b:68:2b:c9:8a:f0:bc:74:8b:82:
         c3:a7:6e:ea:62:87:89:9d:30:d5:af:49:5e:04:5d:08:94:69:
         17:a1:dd:d0:a4:4a:4a:ef:4f:5c:bb:a8:01:12:30:4e:7e:fc:
         9a:df:54:49:cc:77:8d:2c:03:1e:ff:25:43:7e:e1:42:66:95:
         30:8e:d1:76:cc:5c:8a:15:72:81:53:9b:c3:82:9a:06:c8:9b:
         49:a5:77:92:28:97:01:27:f0:a1:71:da:24:5a:eb:ca:01:bd:
         b9:f8:13:06:a6:6f:6d:dd:76:37:30:48:41:0e:e2:02:d5:27:
         60:9b:59:1c:dd:4e:3a:6d:53:dc:64:05:29:e7:88:a0:5d:c8:
         d5:c9:5e:94:b8:49:13:16:c1:c8:54:79:8a:7c:3b:8d:e4:a8:
         48:20:b8:82:e7:aa:8e:13:13:18:3b:9d:cf:e5:7e:bc:0f:bb:
         8c:f0:d5:6a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUTkcSLpfnZw4I5125WQK8O/M/Ld8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA3MjgyMzU1MTNaFw0yNjA3MjgwMDAwMTNaMDMxMTAvBgNV
BAMTKDkyN0EyQUFDQjZFNDc2NTZBOEE3RkI3NERGRUUwQTg5QkVDREEwRkEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Dd0KEfPN7FOdoa4O16ngPh+4
GR/tXPD4ItVsMyepeOvJNW5jvXA3wTM/ZKx0IjGHrD3AcoJlV2ACgwP4XtQJG2xT
HymCVqoDLHJkiI//gDUrhi/aHW3Hixq5uuGAJWhzk9CrbTSaD9waWDgxJ+D7OpPW
7RkJMg9F0K0M4STarAs8FY06IAZGykDaSj8usY4uADrj7vDO0+R98xRSNqynV7Gh
uhW5a5EV7xnRGcffAnWTVnmVxVhP46o+e6dP4Efta2HoYTKkBGgQWv9IYoFaOlBf
0FYSneUPLCWeIN/VDC4Mq3DPkFh6LxK6gnIJmPBiHhe9iiEPnN9x0HJds4IRAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUknoqrLbkdlaop/t03+4Kib7NoPowHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAv2W9
MA0GCSqGSIb3DQEBCwUAA4IBAQB8Wh93EkZ37+rUj+gVMaAPwcp36tdBFMp9prOV
V9xDBs8u4AlMasRXqe0dSd6xLQbbE6igYdmw7Wll8MrfZIMoK3R8Gv8ZT6FDnL+U
4C0tvxtoK8mK8Lx0i4LDp27qYoeJnTDVr0leBF0IlGkXod3QpEpK709cu6gBEjBO
fvya31RJzHeNLAMe/yVDfuFCZpUwjtF2zFyKFXKBU5vDgpoGyJtJpXeSKJcBJ/Ch
cdokWuvKAb25+BMGpm9t3XY3MEhBDuIC1Sdgm1kc3U46bVPcZAUp54igXcjVyV6U
uEkTFsHIVHmKfDuN5KhIILiC56qOExMYO53P5X68D7uM8NVq
-----END CERTIFICATE-----