Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          AGuJGoycaQJTWuhJ1UoFrwo0fyPm82J8DILq/nERTME=
Subject key identifier:   1C:F3:66:31:86:B2:61:9A:16:D2:CC:47:E8:BC:E7:A2:97:56:6D:41
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       727B6F4FB2E8F5FA39559708A6F65D046B124565
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
Signing time:             Sat 19 Jul 2025 16:12:00 +0000
ROA not before:           Sat 19 Jul 2025 16:07:00 +0000
ROA not after:            Sat 18 Jul 2026 16:12:00 +0000
asID:                     23470
IP address blocks:        143.14.173.0/24 maxlen: 24
                          146.103.11.0/24 maxlen: 24
                          150.241.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 13:47:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            72:7b:6f:4f:b2:e8:f5:fa:39:55:97:08:a6:f6:5d:04:6b:12:45:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 19 16:07:00 2025 GMT
            Not After : Jul 18 16:12:00 2026 GMT
        Subject: CN=1CF3663186B2619A16D2CC47E8BCE7A297566D41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:56:e2:1d:22:e9:41:27:eb:0a:91:70:72:d3:
                    15:33:f8:03:71:74:c2:27:7e:b8:ee:ad:72:b1:b1:
                    25:a3:08:e7:db:1d:ac:af:4f:91:30:b7:65:ee:d7:
                    de:c2:1a:69:90:13:31:f1:50:0e:d2:bf:3a:89:ab:
                    b2:ee:9f:61:2d:30:ee:1c:ee:61:b4:b1:7a:ba:d7:
                    9f:17:fe:c5:56:7f:99:ef:bf:0b:24:1d:95:d0:7f:
                    55:58:e7:18:e2:28:3b:c7:2e:74:ac:f5:3e:99:af:
                    ad:48:a5:53:88:53:67:16:cb:c5:3b:22:72:56:38:
                    fa:1c:2c:e4:a7:75:e2:0a:d7:67:df:07:1c:f7:cc:
                    79:50:a8:a6:f6:9e:bc:cf:78:87:d5:c0:87:dd:bf:
                    0a:11:f8:e0:d0:ee:e2:22:14:01:62:78:87:84:be:
                    d1:91:4e:77:57:f8:e0:52:ff:c4:fb:73:3f:7e:ed:
                    7a:4f:9a:4e:42:e3:19:98:67:d8:20:46:20:60:7a:
                    73:ca:c4:d7:51:ed:ad:22:c8:68:c6:12:56:9c:cb:
                    0d:e9:4d:e4:b9:67:b0:27:72:a5:89:b4:9b:91:2e:
                    f3:65:c8:c1:2e:56:db:e2:c6:7b:39:2e:87:c4:43:
                    b7:7d:1d:17:e2:d0:40:31:e8:78:8a:31:50:12:00:
                    79:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:F3:66:31:86:B2:61:9A:16:D2:CC:47:E8:BC:E7:A2:97:56:6D:41
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.173.0/24
                  146.103.11.0/24
                  150.241.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:29:82:ed:32:3b:44:d0:43:6d:5c:2c:81:61:4c:a4:98:05:
         3f:11:be:5a:29:51:6e:0f:b5:51:2b:bf:6b:79:f1:7e:a5:64:
         64:42:5d:a5:a6:55:81:47:2c:7e:46:ee:b6:bf:a4:47:c3:80:
         86:9f:f1:c8:ea:cd:3e:50:9f:82:09:38:3d:4a:74:2c:96:a3:
         74:39:21:ad:28:e9:7d:dc:c4:86:65:ed:96:ef:37:54:d8:e3:
         bb:fe:43:2b:ad:59:34:96:cf:30:28:b3:ae:3d:b9:7e:d4:a8:
         e1:c2:a8:01:35:ee:59:7a:52:c8:05:fa:0d:87:be:0e:4d:b8:
         18:88:51:a2:c1:0e:ea:9e:17:7e:d0:c9:4f:c3:fc:16:80:a5:
         e6:d5:70:b6:5c:22:9f:4a:72:0a:bc:48:74:54:09:95:d7:89:
         d4:26:64:80:af:11:6c:bf:ea:68:17:66:c8:f4:c5:6c:92:65:
         6c:18:0f:bb:b3:a1:fd:4a:62:4e:8e:75:73:19:1c:cc:1a:a5:
         79:ad:00:84:9a:84:6d:cb:e1:51:9a:ce:c1:33:b4:3a:47:c5:
         fa:43:5a:08:3f:c0:9d:f3:be:c2:21:b2:3b:8e:3a:8d:63:95:
         aa:d4:fe:99:c8:2f:be:73:4e:82:e0:5a:7d:64:52:ad:3e:e0:
         fd:d5:18:87
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUcntvT7Lo9fo5VZcIpvZdBGsSRWUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTkxNjA3MDBaFw0yNjA3MTgxNjEyMDBaMDMxMTAvBgNV
BAMTKDFDRjM2NjMxODZCMjYxOUExNkQyQ0M0N0U4QkNFN0EyOTc1NjZENDEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVuIdIulBJ+sKkXBy0xUz+ANx
dMInfrjurXKxsSWjCOfbHayvT5Ewt2Xu197CGmmQEzHxUA7SvzqJq7Lun2EtMO4c
7mG0sXq6158X/sVWf5nvvwskHZXQf1VY5xjiKDvHLnSs9T6Zr61IpVOIU2cWy8U7
InJWOPocLOSndeIK12ffBxz3zHlQqKb2nrzPeIfVwIfdvwoR+ODQ7uIiFAFieIeE
vtGRTndX+OBS/8T7cz9+7XpPmk5C4xmYZ9ggRiBgenPKxNdR7a0iyGjGElacyw3p
TeS5Z7AncqWJtJuRLvNlyMEuVtvixns5LofEQ7d9HRfi0EAx6HiKMVASAHlJAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUHPNmMYayYZoW0sxH6LznopdWbUEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACPDq0D
BACSZwsDBACW8dcwDQYJKoZIhvcNAQELBQADggEBAKgpgu0yO0TQQ21cLIFhTKSY
BT8RvlopUW4PtVErv2t58X6lZGRCXaWmVYFHLH5G7ra/pEfDgIaf8cjqzT5Qn4IJ
OD1KdCyWo3Q5Ia0o6X3cxIZl7ZbvN1TY47v+QyutWTSWzzAos649uX7UqOHCqAE1
7ll6UsgF+g2Hvg5NuBiIUaLBDuqeF37QyU/D/BaApebVcLZcIp9Kcgq8SHRUCZXX
idQmZICvEWy/6mgXZsj0xWySZWwYD7uzof1KYk6OdXMZHMwapXmtAISahG3L4VGa
zsEztDpHxfpDWgg/wJ3zvsIhsjuOOo1jlarU/pnIL75zToLgWn1kUq0+4P3VGIc=
-----END CERTIFICATE-----