Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
File:                     AS393942.roa (raw, json)
Hash identifier:          9In5TRJuEZW14yvGYJJUTxfQQUQDC/ruhnhTVKScaIc=
Subject key identifier:   63:F3:A2:0D:0F:B3:DB:AF:76:B0:5E:29:90:57:DE:BE:B0:4F:55:97
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       4B628A4BD9456300A94A4DF715AB279A61DFB16A
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa
Signing time:             Wed 11 Jun 2025 11:11:53 +0000
ROA not before:           Wed 11 Jun 2025 11:06:53 +0000
ROA not after:            Wed 10 Jun 2026 11:11:53 +0000
asID:                     393942
IP address blocks:        178.92.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4b:62:8a:4b:d9:45:63:00:a9:4a:4d:f7:15:ab:27:9a:61:df:b1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: Jun 11 11:06:53 2025 GMT
            Not After : Jun 10 11:11:53 2026 GMT
        Subject: CN=63F3A20D0FB3DBAF76B05E299057DEBEB04F5597
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:29:38:62:7f:3f:d6:3b:ff:79:a8:f3:3d:c3:
                    ea:a0:a1:c8:2a:a1:ef:e4:90:47:ad:f6:08:cf:dc:
                    56:4c:21:e6:80:34:b3:fb:bf:5e:7f:ee:06:bf:5a:
                    d9:3b:cd:8c:ed:10:4c:1c:22:41:65:7f:17:05:c9:
                    e7:fd:e4:ba:95:e8:e3:f3:39:c1:98:61:04:0d:a3:
                    1a:1b:90:f2:64:52:1d:29:be:22:a3:70:b6:12:99:
                    a7:df:53:be:25:40:a7:d6:53:ad:3c:5a:ee:51:80:
                    b5:d4:a1:45:0d:9d:95:0a:3b:2a:b7:90:1c:fc:46:
                    e9:89:70:6a:99:04:3b:be:4c:d0:5f:3e:a8:11:9b:
                    9b:c9:b4:9d:38:7b:7d:b6:96:1b:68:1e:4a:a8:1f:
                    00:50:a9:e6:61:82:7e:01:b8:23:49:dd:1d:7a:e7:
                    3d:3f:37:43:dd:57:f7:b5:d9:4b:61:25:b6:76:20:
                    c3:04:0e:84:fb:ff:3a:96:a6:74:79:f1:a6:26:ed:
                    0a:dc:e9:b2:6c:80:83:15:e4:41:91:b8:7c:09:7f:
                    59:f1:cc:1e:75:12:50:66:96:2b:16:aa:d1:03:6a:
                    1c:66:2a:b2:0d:0b:c5:13:fb:6e:6f:a0:2b:68:b6:
                    90:b3:41:3e:f6:9b:9e:97:ec:9a:b7:2b:ae:30:dd:
                    56:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F3:A2:0D:0F:B3:DB:AF:76:B0:5E:29:90:57:DE:BE:B0:4F:55:97
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS393942.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.92.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:a1:c2:f6:43:36:12:c3:50:df:08:16:ed:76:9d:e9:aa:db:
         7c:1f:84:e6:62:22:a4:cd:09:26:91:12:4c:96:04:aa:d3:28:
         16:05:90:18:9f:d4:c2:34:59:68:ee:47:b2:3d:01:7e:41:c9:
         a2:1b:3b:44:c2:a5:0d:e7:3f:2d:44:cb:48:16:c6:3e:08:06:
         80:83:ba:ff:54:7e:9f:c3:7d:f4:51:39:cc:d4:c5:93:94:81:
         6a:c1:43:f2:59:d7:c1:dc:5e:5f:23:59:7f:2c:a2:62:bf:73:
         ca:32:92:ec:45:35:e1:ba:3d:22:74:eb:ac:8d:09:14:3d:5d:
         18:16:05:64:f2:c4:00:9b:6c:89:52:87:1f:aa:8c:62:ef:cf:
         55:10:6f:ee:27:fe:87:95:65:c9:d1:09:37:8b:ea:e2:b3:96:
         e2:8c:69:56:10:b3:1c:48:29:bf:95:f2:57:ab:bc:74:d3:27:
         79:4b:c8:cc:cd:73:ae:a9:18:8d:f1:01:7a:eb:13:aa:d9:08:
         47:a0:7b:6d:7d:e8:b2:0e:ff:35:ab:e3:8f:50:08:bf:f7:fc:
         15:08:ba:38:62:d8:80:00:e3:71:ea:f4:b0:59:78:fc:3b:fc:
         6c:16:f6:19:c6:01:6b:c2:ac:71:8e:7c:5a:54:03:1d:a9:98:
         f6:18:a2:fe
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUS2KKS9lFYwCpSk33FasnmmHfsWowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA2MTExMTA2NTNaFw0yNjA2MTAxMTExNTNaMDMxMTAvBgNV
BAMTKDYzRjNBMjBEMEZCM0RCQUY3NkIwNUUyOTkwNTdERUJFQjA0RjU1OTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLKThifz/WO/95qPM9w+qgocgq
oe/kkEet9gjP3FZMIeaANLP7v15/7ga/Wtk7zYztEEwcIkFlfxcFyef95LqV6OPz
OcGYYQQNoxobkPJkUh0pviKjcLYSmaffU74lQKfWU608Wu5RgLXUoUUNnZUKOyq3
kBz8RumJcGqZBDu+TNBfPqgRm5vJtJ04e322lhtoHkqoHwBQqeZhgn4BuCNJ3R16
5z0/N0PdV/e12UthJbZ2IMMEDoT7/zqWpnR58aYm7Qrc6bJsgIMV5EGRuHwJf1nx
zB51ElBmlisWqtEDahxmKrINC8UT+25voCtotpCzQT72m56X7Jq3K64w3VbDAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUY/OiDQ+z2692sF4pkFfevrBPVZcwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzkzOTQyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAslx1
MA0GCSqGSIb3DQEBCwUAA4IBAQB+ocL2QzYSw1DfCBbtdp3pqtt8H4TmYiKkzQkm
kRJMlgSq0ygWBZAYn9TCNFlo7keyPQF+QcmiGztEwqUN5z8tRMtIFsY+CAaAg7r/
VH6fw330UTnM1MWTlIFqwUPyWdfB3F5fI1l/LKJiv3PKMpLsRTXhuj0idOusjQkU
PV0YFgVk8sQAm2yJUocfqoxi789VEG/uJ/6HlWXJ0Qk3i+ris5bijGlWELMcSCm/
lfJXq7x00yd5S8jMzXOuqRiN8QF66xOq2QhHoHttfeiyDv81q+OPUAi/9/wVCLo4
YtiAAONx6vSwWXj8O/xsFvYZxgFrwqxxjnxaVAMdqZj2GKL+
-----END CERTIFICATE-----