Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39521.roa
File:                     AS39521.roa (raw, json)
Hash identifier:          /EKxUsZSVzYUwyJuazL+6rpn1hyj1Ad1+J0t2IW+bu0=
Subject key identifier:   1A:D6:30:EC:3D:84:AD:A1:27:DF:0D:1A:28:03:0C:42:6E:6C:6F:9C
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       1088A9C339A39599A025511E3DCD05FA26C02B05
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39521.roa
Signing time:             Thu 22 May 2025 14:10:05 +0000
ROA not before:           Thu 22 May 2025 14:05:05 +0000
ROA not after:            Thu 21 May 2026 14:10:05 +0000
asID:                     39521
IP address blocks:        46.203.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:88:a9:c3:39:a3:95:99:a0:25:51:1e:3d:cd:05:fa:26:c0:2b:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May 22 14:05:05 2025 GMT
            Not After : May 21 14:10:05 2026 GMT
        Subject: CN=1AD630EC3D84ADA127DF0D1A28030C426E6C6F9C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ff:29:f0:38:17:8f:b6:ea:46:9f:80:0c:ef:
                    a4:c0:d4:f4:cf:c6:35:8b:21:64:fa:d3:a1:62:90:
                    4f:54:7c:37:4e:f4:d3:3b:fb:db:37:c5:a5:df:ee:
                    15:36:3a:09:68:9a:a8:3c:6b:2c:f7:56:ee:96:70:
                    05:77:ae:13:f4:49:e1:3e:ea:fa:21:37:6a:c2:3f:
                    02:46:8c:6a:dc:64:fd:2f:24:68:cd:69:aa:b4:55:
                    e1:cd:a3:32:c3:18:2f:de:df:83:28:9e:a6:b8:6e:
                    b0:cb:41:46:7b:08:7b:2a:a8:64:4b:71:32:4f:ab:
                    4b:75:4d:57:bf:6b:ec:62:5f:1e:a5:38:45:7b:1e:
                    1a:de:27:3a:83:9b:26:a3:0f:c0:2d:2a:d9:11:8e:
                    15:26:a3:ed:2e:e4:82:d6:7d:87:7b:fd:33:c3:c3:
                    93:dd:ae:fc:c3:cc:d4:38:41:05:85:79:a0:ef:1a:
                    46:52:47:58:d1:ca:d4:a9:bd:7b:93:6e:b8:56:b2:
                    4a:8f:4d:85:f6:c6:6b:fe:12:1e:bb:99:45:92:83:
                    92:7c:a3:07:48:25:0e:1a:f7:3e:db:d3:9b:31:c8:
                    14:75:06:aa:f0:ec:27:48:84:f0:cc:35:bc:9d:b8:
                    2f:12:99:95:ce:60:22:16:e1:ba:b1:14:fa:ec:67:
                    b5:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:D6:30:EC:3D:84:AD:A1:27:DF:0D:1A:28:03:0C:42:6E:6C:6F:9C
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS39521.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.203.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:b2:f9:62:ac:9e:b6:5b:cf:ba:78:4d:4e:55:9c:e1:d8:f3:
         3f:0e:9b:d7:1e:2b:08:67:e8:49:76:4f:e0:87:15:b9:52:92:
         27:5e:37:5b:63:f4:57:cf:7e:fe:5a:4e:73:11:04:65:c3:c8:
         ad:9c:2b:e8:84:25:13:c7:b8:a4:4d:e7:9f:ed:49:12:91:88:
         8c:02:ef:7b:87:a9:45:93:26:9a:7b:1b:11:fb:82:e4:9b:52:
         2e:1f:06:b8:5e:07:46:7f:13:f1:b0:72:3f:71:61:d8:06:69:
         26:67:91:17:4c:a1:4c:51:0c:a2:bc:d5:48:bb:36:4e:8e:27:
         50:09:4c:b4:2a:bb:b7:7b:db:14:d0:40:bc:6f:29:be:25:28:
         2e:3d:43:df:41:5b:7f:f3:3a:d8:f6:35:55:c8:24:74:bf:0c:
         96:0f:0e:1d:ea:d7:6f:62:43:e1:50:20:7c:4e:e0:0e:12:b2:
         44:0b:c6:d8:51:08:06:20:11:d6:75:a3:f4:fb:72:70:32:6f:
         3c:31:32:06:ea:9c:7f:c4:9c:0f:ec:53:ab:27:89:b4:52:d7:
         5d:fe:19:09:b9:a6:09:33:56:be:50:ed:3e:b1:dd:17:06:ea:
         ce:be:79:14:5d:f3:e0:8d:dc:2e:b6:00:a8:aa:70:ad:96:e1:
         8d:fe:85:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUEIipwzmjlZmgJVEePc0F+ibAKwUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA1MjIxNDA1MDVaFw0yNjA1MjExNDEwMDVaMDMxMTAvBgNV
BAMTKDFBRDYzMEVDM0Q4NEFEQTEyN0RGMEQxQTI4MDMwQzQyNkU2QzZGOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCx/ynwOBePtupGn4AM76TA1PTP
xjWLIWT606FikE9UfDdO9NM7+9s3xaXf7hU2Oglomqg8ayz3Vu6WcAV3rhP0SeE+
6vohN2rCPwJGjGrcZP0vJGjNaaq0VeHNozLDGC/e34Monqa4brDLQUZ7CHsqqGRL
cTJPq0t1TVe/a+xiXx6lOEV7HhreJzqDmyajD8AtKtkRjhUmo+0u5ILWfYd7/TPD
w5PdrvzDzNQ4QQWFeaDvGkZSR1jRytSpvXuTbrhWskqPTYX2xmv+Eh67mUWSg5J8
owdIJQ4a9z7b05sxyBR1Bqrw7CdIhPDMNbyduC8SmZXOYCIW4bqxFPrsZ7WpAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUGtYw7D2EraEn3w0aKAMMQm5sb5wwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMzk1MjEucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAuy00w
DQYJKoZIhvcNAQELBQADggEBAKSy+WKsnrZbz7p4TU5VnOHY8z8Om9ceKwhn6El2
T+CHFblSkideN1tj9FfPfv5aTnMRBGXDyK2cK+iEJRPHuKRN55/tSRKRiIwC73uH
qUWTJpp7GxH7guSbUi4fBrheB0Z/E/Gwcj9xYdgGaSZnkRdMoUxRDKK81Ui7Nk6O
J1AJTLQqu7d72xTQQLxvKb4lKC49Q99BW3/zOtj2NVXIJHS/DJYPDh3q129iQ+FQ
IHxO4A4SskQLxthRCAYgEdZ1o/T7cnAybzwxMgbqnH/EnA/sU6snibRS113+GQm5
pgkzVr5Q7T6x3RcG6s6+eRRd8+CN3C62AKiqcK2W4Y3+hZc=
-----END CERTIFICATE-----