Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa
File:                     AS394760.roa (raw, json)
Hash identifier:          riTPgOUvLSxEOScPVnH0Nt7gO5I37NbrZEh6uTX6AQQ=
Subject key identifier:   12:F0:F4:AD:FC:8D:E8:F0:25:BB:00:F1:9F:29:B9:F8:F5:9E:8B:56
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       59FC3CFBFDB8EAC66C444CDA076FF2E22770D6E8
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa
Signing time:             Mon 09 Jun 2025 22:54:09 +0000
ROA not before:           Mon 09 Jun 2025 22:49:09 +0000
ROA not after:            Mon 08 Jun 2026 22:54:09 +0000
asID:                     394760
IP address blocks:        191.96.39.0/24 maxlen: 24
                          191.96.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 12:46:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:fc:3c:fb:fd:b8:ea:c6:6c:44:4c:da:07:6f:f2:e2:27:70:d6:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jun  9 22:49:09 2025 GMT
            Not After : Jun  8 22:54:09 2026 GMT
        Subject: CN=12F0F4ADFC8DE8F025BB00F19F29B9F8F59E8B56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:39:b5:5c:e8:0a:52:7c:4f:0e:8b:25:4a:3f:
                    71:ad:c8:01:9d:3b:11:af:ba:46:ba:12:4c:8d:05:
                    73:43:94:21:54:c2:77:b3:fe:29:ba:54:a6:d8:af:
                    20:3f:40:38:f9:16:28:42:dd:74:17:4d:c5:9f:14:
                    8a:e7:7d:ec:42:d2:28:bd:33:06:12:4b:30:1e:56:
                    01:c3:36:e9:03:96:8f:21:3a:62:7c:31:37:b0:18:
                    05:a5:aa:3e:0f:da:d6:c9:3c:7d:6a:b5:c5:17:ea:
                    f1:7b:16:84:b6:6e:82:3b:f8:8a:a5:b4:84:8b:46:
                    e0:15:2c:f6:08:bf:99:ce:e9:d5:58:99:5d:7a:3b:
                    39:d2:c0:e1:16:c9:59:42:97:17:9a:d0:f9:0b:de:
                    ab:38:2c:45:cd:f4:ac:41:f6:4b:2d:98:f1:1c:1e:
                    19:8d:6c:99:e4:c4:c6:33:5b:6a:48:cc:6b:bf:4e:
                    8c:86:65:3c:8d:39:9e:26:8b:94:ad:1f:f1:c0:16:
                    08:8c:71:5d:da:51:38:f4:15:eb:c3:b4:75:f2:e8:
                    92:71:af:ee:ec:20:4d:14:ac:f9:53:db:5d:59:59:
                    83:b1:76:f3:40:ea:df:33:14:17:a9:40:42:4e:33:
                    de:bd:bc:82:8b:58:6b:58:f9:7f:50:88:a5:33:29:
                    52:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:F0:F4:AD:FC:8D:E8:F0:25:BB:00:F1:9F:29:B9:F8:F5:9E:8B:56
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS394760.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.96.39.0/24
                  191.96.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:6d:c3:3e:81:97:d1:4d:53:40:eb:c5:5b:91:64:6c:c9:0f:
         ce:48:c7:37:9f:06:98:d3:e3:44:47:81:e4:d0:13:4d:77:e8:
         44:1e:94:4b:83:55:9e:b7:5b:a9:d0:7c:f1:39:69:67:a3:b9:
         1f:5c:df:5b:b2:7c:3a:75:6f:03:02:25:25:dd:35:e8:19:b8:
         b9:51:89:07:b4:33:4f:7b:71:15:46:cf:82:4c:95:57:f9:38:
         2f:5c:36:6f:68:9b:1f:fe:b8:3f:46:f2:55:39:d4:28:ac:8d:
         86:0e:d0:f0:8f:e4:7d:2f:c9:a0:ca:81:0f:b5:62:b0:29:a9:
         c5:54:bb:54:65:78:b4:c6:82:dd:97:bf:5a:50:73:94:cf:39:
         a8:0d:55:a5:3c:6a:26:3a:13:10:60:28:82:84:c2:83:72:33:
         06:81:99:c9:11:e5:4c:d9:83:28:13:a5:27:02:5f:5d:2a:86:
         f0:ae:ee:85:42:c9:83:3f:b5:84:7a:07:06:aa:29:63:e4:78:
         58:24:33:49:97:89:0b:ee:83:35:db:3f:22:68:47:f6:29:ce:
         bf:4b:1d:b3:d0:d7:4d:e8:d3:f0:9b:34:c5:32:0a:4d:dc:75:
         f1:d4:4a:1a:b1:ab:1b:48:ef:43:2f:1f:a3:de:23:cf:61:2b:
         11:99:93:cf
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUWfw8+/246sZsREzaB2/y4idw1ugwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTA2MDkyMjQ5MDlaFw0yNjA2MDgyMjU0MDlaMDMxMTAvBgNV
BAMTKDEyRjBGNEFERkM4REU4RjAyNUJCMDBGMTlGMjlCOUY4RjU5RThCNTYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXObVc6ApSfE8OiyVKP3GtyAGd
OxGvuka6EkyNBXNDlCFUwnez/im6VKbYryA/QDj5FihC3XQXTcWfFIrnfexC0ii9
MwYSSzAeVgHDNukDlo8hOmJ8MTewGAWlqj4P2tbJPH1qtcUX6vF7FoS2boI7+Iql
tISLRuAVLPYIv5nO6dVYmV16OznSwOEWyVlClxea0PkL3qs4LEXN9KxB9kstmPEc
HhmNbJnkxMYzW2pIzGu/ToyGZTyNOZ4mi5StH/HAFgiMcV3aUTj0FevDtHXy6JJx
r+7sIE0UrPlT211ZWYOxdvNA6t8zFBepQEJOM969vIKLWGtY+X9QiKUzKVKPAgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUEvD0rfyN6PAluwDxnym5+PWei1YwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTMzk0NzYwLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAv2An
AwQAv2BMMA0GCSqGSIb3DQEBCwUAA4IBAQADbcM+gZfRTVNA68VbkWRsyQ/OSMc3
nwaY0+NER4Hk0BNNd+hEHpRLg1Wet1up0HzxOWlno7kfXN9bsnw6dW8DAiUl3TXo
Gbi5UYkHtDNPe3EVRs+CTJVX+TgvXDZvaJsf/rg/RvJVOdQorI2GDtDwj+R9L8mg
yoEPtWKwKanFVLtUZXi0xoLdl79aUHOUzzmoDVWlPGomOhMQYCiChMKDcjMGgZnJ
EeVM2YMoE6UnAl9dKobwru6FQsmDP7WEegcGqilj5HhYJDNJl4kL7oM12z8iaEf2
Kc6/Sx2z0NdN6NPwmzTFMgpN3HXx1EoasasbSO9DLx+j3iPPYSsRmZPP
-----END CERTIFICATE-----