Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          H6GjoayyQonIvGd0hyC/tXYJFsaL3VhSZ0kqNATyvlc=
Subject key identifier:   6B:69:AF:50:6A:2F:06:3A:5D:54:B4:C4:E1:B7:87:9B:D4:48:97:CE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       079430EC0911C74FAA1775E101B4DC5CA160234C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
Signing time:             Sat 06 Apr 2024 11:09:32 +0000
ROA not before:           Sat 06 Apr 2024 11:04:32 +0000
ROA not after:            Sat 05 Apr 2025 11:09:32 +0000
asID:                     23470
IP address blocks:        146.103.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:94:30:ec:09:11:c7:4f:aa:17:75:e1:01:b4:dc:5c:a1:60:23:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:32 2024 GMT
            Not After : Apr  5 11:09:32 2025 GMT
        Subject: CN=6B69AF506A2F063A5D54B4C4E1B7879BD44897CE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ff:cf:b7:a4:8f:54:68:e2:20:69:20:33:c6:
                    f0:0f:b9:14:bd:c7:aa:e2:a1:99:ba:2c:ce:f8:9e:
                    23:fd:4d:1f:75:65:82:59:74:9c:4e:d3:05:ee:e3:
                    70:51:75:f0:f3:34:9c:3f:be:ae:dd:33:d4:64:82:
                    68:76:4d:60:19:b2:5a:8c:81:5c:d9:e3:ca:94:32:
                    28:64:54:4b:43:a8:43:da:24:b1:72:d2:40:65:22:
                    01:61:b4:1f:98:e1:6a:59:19:8d:36:bb:56:4c:a2:
                    7e:74:5f:bb:bc:9f:08:d5:bc:4c:60:64:2a:90:86:
                    45:23:40:7a:da:a1:7f:24:3d:30:c7:fc:c5:fe:fd:
                    09:b7:f8:3c:d9:1b:f0:00:24:62:ae:31:b1:c9:a9:
                    92:13:7f:29:3f:c9:bd:0b:10:ea:1d:cb:73:1e:ad:
                    06:ad:81:17:40:4c:be:df:a2:c5:a9:3c:f8:9d:72:
                    ca:76:89:59:df:c8:b3:77:c6:09:dd:00:70:cc:c2:
                    c7:5c:e2:e0:10:93:dc:89:5f:0a:60:78:9c:53:bc:
                    38:ab:76:36:8a:21:4a:f1:39:71:e7:76:77:80:26:
                    0a:66:9f:35:2e:e6:f1:ad:aa:18:79:60:ed:d9:88:
                    40:c3:74:27:81:ee:28:be:04:bd:93:d5:f9:8f:1e:
                    4b:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:69:AF:50:6A:2F:06:3A:5D:54:B4:C4:E1:B7:87:9B:D4:48:97:CE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:b5:7b:84:94:c2:1b:47:0f:3a:84:63:93:76:81:d1:f0:51:
         32:15:69:55:27:ee:0f:97:b3:9b:7b:df:f1:b1:17:4e:76:b3:
         aa:66:04:42:a0:b6:e2:78:2b:9d:ad:bc:25:b9:65:01:c9:ad:
         31:d1:5d:01:11:85:73:b5:00:63:e7:23:e4:4e:c1:6b:12:79:
         1f:e7:94:e8:85:fb:d8:c5:e0:d5:11:95:24:2d:48:aa:59:a5:
         0d:65:fa:04:e4:22:0a:b1:69:b8:b1:1e:98:9f:53:4b:cd:53:
         8d:0e:aa:91:d3:9f:ca:16:b1:18:cf:5d:06:57:db:bd:37:69:
         b8:f1:40:f9:bd:79:9e:42:d1:dc:d7:3c:9b:40:ab:5b:fd:ca:
         ea:d9:d7:5b:3e:41:a8:71:ac:e2:8c:76:2a:9f:27:91:90:29:
         45:08:1f:9a:f6:9e:4b:b6:70:93:5c:34:86:c3:1d:58:ef:2f:
         e3:b9:29:4b:fe:fd:c4:f8:ba:13:bd:e9:4b:4c:91:92:4e:ca:
         36:52:8e:04:c7:1a:72:dc:eb:b2:24:93:d6:01:71:01:d0:d7:
         09:de:82:6b:b9:5d:f8:29:c3:8d:e8:6f:a8:df:6b:fe:5f:ce:
         2e:c5:9d:0b:bd:94:a7:0a:22:01:2c:32:0a:fb:74:9c:06:ac:
         07:8d:df:a3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUB5Qw7AkRx0+qF3XhAbTcXKFgI0wwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzJaFw0yNTA0MDUxMTA5MzJaMDMxMTAvBgNV
BAMTKDZCNjlBRjUwNkEyRjA2M0E1RDU0QjRDNEUxQjc4NzlCRDQ0ODk3Q0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb/8+3pI9UaOIgaSAzxvAPuRS9
x6rioZm6LM74niP9TR91ZYJZdJxO0wXu43BRdfDzNJw/vq7dM9Rkgmh2TWAZslqM
gVzZ48qUMihkVEtDqEPaJLFy0kBlIgFhtB+Y4WpZGY02u1ZMon50X7u8nwjVvExg
ZCqQhkUjQHraoX8kPTDH/MX+/Qm3+DzZG/AAJGKuMbHJqZITfyk/yb0LEOody3Me
rQatgRdATL7fosWpPPidcsp2iVnfyLN3xgndAHDMwsdc4uAQk9yJXwpgeJxTvDir
djaKIUrxOXHndneAJgpmnzUu5vGtqhh5YO3ZiEDDdCeB7ii+BL2T1fmPHkvZAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUa2mvUGovBjpdVLTE4beHm9RIl84wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZwsw
DQYJKoZIhvcNAQELBQADggEBAHi1e4SUwhtHDzqEY5N2gdHwUTIVaVUn7g+Xs5t7
3/GxF052s6pmBEKgtuJ4K52tvCW5ZQHJrTHRXQERhXO1AGPnI+ROwWsSeR/nlOiF
+9jF4NURlSQtSKpZpQ1l+gTkIgqxabixHpifU0vNU40OqpHTn8oWsRjPXQZX2703
abjxQPm9eZ5C0dzXPJtAq1v9yurZ11s+QahxrOKMdiqfJ5GQKUUIH5r2nku2cJNc
NIbDHVjvL+O5KUv+/cT4uhO96UtMkZJOyjZSjgTHGnLc67Ikk9YBcQHQ1wnegmu5
Xfgpw43ob6jfa/5fzi7FnQu9lKcKIgEsMgr7dJwGrAeN36M=
-----END CERTIFICATE-----