Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          wfSti4lEoEylK6w1hT34+QhP6bnACfysNksEzIGpp6I=
Subject key identifier:   9A:A1:A5:E8:E5:17:63:CD:6F:0F:45:B2:FA:74:46:51:62:A1:F6:94
Certificate issuer:       /CN=c2302af143c15daad50042d8455e689d0828eca9
Certificate serial:       7476A1A23C46BE7A3F93670D93E15E6CC3317835
Authority key identifier: C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa
Signing time:             Fri 06 Jun 2025 02:07:28 +0000
ROA not before:           Fri 06 Jun 2025 02:02:28 +0000
ROA not after:            Fri 05 Jun 2026 02:07:28 +0000
asID:                     393942
IP address blocks:        194.60.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 20:45:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            74:76:a1:a2:3c:46:be:7a:3f:93:67:0d:93:e1:5e:6c:c3:31:78:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2302af143c15daad50042d8455e689d0828eca9
        Validity
            Not Before: Jun  6 02:02:28 2025 GMT
            Not After : Jun  5 02:07:28 2026 GMT
        Subject: CN=9AA1A5E8E51763CD6F0F45B2FA74465162A1F694
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b6:2b:f0:fb:fe:b8:16:b3:c0:5f:f2:77:2c:
                    50:07:e9:c4:23:77:33:4d:cd:58:03:11:16:4e:99:
                    3e:36:d6:17:d7:c1:19:7b:c7:14:43:03:c9:a9:e9:
                    d5:de:82:0a:cf:1a:cf:33:ac:3e:35:e2:4e:a6:a7:
                    5a:7c:91:73:10:45:51:b0:79:42:f3:78:dd:44:22:
                    a3:a7:04:67:6b:60:2b:b8:46:8a:cd:ee:3d:4f:47:
                    e7:cb:36:c9:46:c9:98:2b:91:1b:29:c1:b3:7b:ff:
                    68:fd:a2:57:10:74:b8:fe:81:01:c6:ab:7c:5a:bd:
                    f6:83:92:05:69:e8:c8:0e:c3:51:c9:27:2f:dc:76:
                    5f:7e:40:cd:09:ee:fa:7b:02:b1:16:33:df:d0:e0:
                    27:07:93:2d:c7:0c:27:a5:88:d1:84:da:80:68:17:
                    50:3d:68:57:25:ee:b4:e5:61:84:99:63:1b:31:72:
                    8f:80:3c:c5:c3:d4:5b:16:e2:eb:ef:e1:70:52:7b:
                    e5:28:08:66:59:81:a3:df:b9:9b:2e:4a:5f:33:f9:
                    4a:a2:36:ce:ae:33:5d:19:7e:ea:08:5f:3c:aa:ab:
                    b3:e1:20:0d:e2:23:fd:2e:8d:2f:6f:03:bc:50:a3:
                    f5:bf:d9:09:76:57:5e:90:2f:1b:f5:50:c2:48:5f:
                    53:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:A1:A5:E8:E5:17:63:CD:6F:0F:45:B2:FA:74:46:51:62:A1:F6:94
            X509v3 Authority Key Identifier:
                keyid:C2:30:2A:F1:43:C1:5D:AA:D5:00:42:D8:45:5E:68:9D:08:28:EC:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/C2302AF143C15DAAD50042D8455E689D0828ECA9.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjAq8UPBXarVAELYRV5onQgo7Kk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/a93cb55c-9571-44c8-90e1-965b92769e4e/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.60.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:c3:35:c2:41:cc:bc:0e:48:49:11:37:9a:8b:a7:8c:ee:4f:
         50:ee:99:b2:b0:9f:35:3e:a3:ce:b1:d3:44:ea:d8:e5:fe:ad:
         43:4b:6f:da:2d:31:8f:99:32:7c:dd:36:35:ea:d3:2e:ac:2a:
         b0:1e:72:59:c8:9e:86:55:c3:9d:82:f4:4e:d4:6c:99:42:bb:
         b8:11:e4:05:55:d6:5b:ad:d8:f8:d5:fc:db:a2:f1:b6:80:79:
         f0:fd:c7:46:3b:f3:48:ff:08:e3:4e:dd:74:4b:4c:21:22:eb:
         95:21:f6:62:ea:4a:7a:d6:d7:5b:24:73:1c:a6:4c:dd:33:01:
         29:d5:49:a3:aa:29:59:c3:fb:f9:32:7d:36:92:51:48:82:df:
         75:cf:d1:62:54:8b:d7:b2:2b:74:f9:5a:8a:b3:d4:dd:6c:b7:
         6e:2d:46:5f:9b:05:5f:14:db:c5:5e:df:93:43:7b:de:cd:a8:
         28:97:9c:2c:7c:5f:27:e3:55:98:b1:21:3d:f5:06:1b:f7:a4:
         c0:1c:ec:38:04:d9:71:47:82:a6:fd:b8:f0:45:27:4e:26:39:
         66:1c:20:20:fc:2e:9a:e2:62:b1:ca:95:6a:30:6a:0a:c6:5f:
         5e:66:f4:fd:f0:ad:8e:d7:20:f7:03:f1:6c:bd:b7:a3:6a:9d:
         0a:be:c3:d2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdHahojxGvno/k2cNk+FebMMxeDUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzIzMDJhZjE0M2MxNWRhYWQ1MDA0MmQ4NDU1ZTY4OWQw
ODI4ZWNhOTAeFw0yNTA2MDYwMjAyMjhaFw0yNjA2MDUwMjA3MjhaMDMxMTAvBgNV
BAMTKDlBQTFBNUU4RTUxNzYzQ0Q2RjBGNDVCMkZBNzQ0NjUxNjJBMUY2OTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDVtivw+/64FrPAX/J3LFAH6cQj
dzNNzVgDERZOmT421hfXwRl7xxRDA8mp6dXeggrPGs8zrD414k6mp1p8kXMQRVGw
eULzeN1EIqOnBGdrYCu4RorN7j1PR+fLNslGyZgrkRspwbN7/2j9olcQdLj+gQHG
q3xavfaDkgVp6MgOw1HJJy/cdl9+QM0J7vp7ArEWM9/Q4CcHky3HDCeliNGE2oBo
F1A9aFcl7rTlYYSZYxsxco+APMXD1FsW4uvv4XBSe+UoCGZZgaPfuZsuSl8z+Uqi
Ns6uM10ZfuoIXzyqq7PhIA3iI/0ujS9vA7xQo/W/2Ql2V16QLxv1UMJIX1PrAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUmqGl6OUXY81vD0Wy+nRGUWKh9pQwHwYDVR0j
BBgwFoAUwjAq8UPBXarVAELYRV5onQgo7KkwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYTkzY2I1NWMtOTU3MS00NGM4LTkwZTEtOTY1YjkyNzY5
ZTRlLzAvQzIzMDJBRjE0M0MxNURBQUQ1MDA0MkQ4NDU1RTY4OUQwODI4RUNBOS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3dqQXE4VVBCWGFyVkFFTFlSVjVvblFn
bzdLay5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2E5M2NiNTVjLTk1NzEt
NDRjOC05MGUxLTk2NWI5Mjc2OWU0ZS8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjxZ
MA0GCSqGSIb3DQEBCwUAA4IBAQC6wzXCQcy8DkhJETeai6eM7k9Q7pmysJ81PqPO
sdNE6tjl/q1DS2/aLTGPmTJ83TY16tMurCqwHnJZyJ6GVcOdgvRO1GyZQru4EeQF
VdZbrdj41fzbovG2gHnw/cdGO/NI/wjjTt10S0whIuuVIfZi6kp61tdbJHMcpkzd
MwEp1UmjqilZw/v5Mn02klFIgt91z9FiVIvXsit0+VqKs9TdbLduLUZfmwVfFNvF
Xt+TQ3vezagol5wsfF8n41WYsSE99QYb96TAHOw4BNlxR4Km/bjwRSdOJjlmHCAg
/C6a4mKxypVqMGoKxl9eZvT98K2O1yD3A/Fsvbejap0KvsPS
-----END CERTIFICATE-----