Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          O1rBE71aBySgiCvSRU/tIG9HgRQJQupAhg5NUyLhqXo=
Subject key identifier:   A1:84:C1:78:45:5B:53:13:35:33:EE:E4:D2:41:EB:32:18:D9:14:24
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       210449876BD47D6DB62D4232A69DF263BBAC4245
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
Signing time:             Fri 11 Apr 2025 20:29:27 +0000
ROA not before:           Fri 11 Apr 2025 20:24:27 +0000
ROA not after:            Fri 10 Apr 2026 20:29:27 +0000
asID:                     23532
IP address blocks:        96.62.0.0/19 maxlen: 24
                          96.62.190.0/23 maxlen: 24
                          96.62.216.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 04:32:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            21:04:49:87:6b:d4:7d:6d:b6:2d:42:32:a6:9d:f2:63:bb:ac:42:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 11 20:24:27 2025 GMT
            Not After : Apr 10 20:29:27 2026 GMT
        Subject: CN=A184C178455B53133533EEE4D241EB3218D91424
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:be:7b:38:fd:97:19:b5:c4:78:af:d2:80:d0:
                    a2:d2:45:e3:6e:e1:a8:1a:5e:68:95:e4:93:97:cc:
                    ac:60:24:3d:1d:63:ef:71:7d:27:8c:d8:9d:82:75:
                    a1:de:31:ae:12:14:0d:10:22:55:a6:e1:48:d2:96:
                    dc:a2:b3:02:81:b8:3f:29:f9:af:13:21:d1:c8:e5:
                    86:fb:8b:28:ed:dc:82:a4:ae:b0:de:34:b7:2a:8f:
                    07:a2:23:8d:47:8b:5f:b9:19:63:77:1c:0b:55:a5:
                    08:0a:8c:f5:6d:16:ae:82:35:7b:fc:65:d6:df:48:
                    83:f8:e9:72:1c:8e:83:b9:6e:ec:18:ca:31:2b:09:
                    65:ca:a5:05:b8:0b:51:cb:1f:c1:b4:29:2c:d6:ad:
                    38:89:03:4e:87:f5:07:b3:96:dc:4b:f4:0f:21:8c:
                    82:7d:32:e5:0f:70:db:3c:82:4a:32:08:ec:cb:a1:
                    46:99:6c:75:8e:23:90:04:d6:89:8f:6e:34:90:0f:
                    fb:2b:7d:95:fe:e0:3e:43:02:12:82:b4:5c:76:45:
                    c4:1b:8a:5c:10:5f:61:de:74:64:41:76:5c:0a:14:
                    b7:3b:c6:13:53:6e:71:df:b1:82:70:2f:d8:2c:e6:
                    5b:be:8a:ab:59:c5:97:59:11:7e:51:65:ca:a4:3c:
                    5f:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:84:C1:78:45:5B:53:13:35:33:EE:E4:D2:41:EB:32:18:D9:14:24
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.0.0/19
                  96.62.190.0/23
                  96.62.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         22:84:a3:15:e7:66:37:c2:ef:a1:e9:82:b3:b3:49:a4:fc:e2:
         14:11:a5:62:99:18:ab:1f:1a:64:a0:90:09:ed:45:18:a0:10:
         29:c7:5d:ce:a2:41:0d:a7:29:28:1a:5f:f1:09:50:05:96:ba:
         5b:25:af:eb:1c:d2:59:88:15:47:c9:3f:91:e9:fb:aa:73:0a:
         bb:4a:49:70:69:34:e5:26:4b:fc:7f:5a:8b:d2:63:17:6e:0d:
         21:f6:cc:fc:22:61:6a:4d:22:ed:b2:4f:47:f3:59:9f:c9:ec:
         16:46:6f:b9:ae:70:f6:ef:59:8e:ee:dd:00:cb:27:ac:59:b3:
         83:27:e2:cd:c2:e7:90:53:ba:92:5b:5c:fd:4e:f2:77:e5:d5:
         1d:92:12:ff:25:f6:9d:4b:79:7b:55:cc:06:09:c4:66:78:11:
         10:52:2e:9c:63:69:ee:b9:90:f1:19:d0:1d:63:14:6e:92:89:
         0c:cf:23:ec:2e:26:ce:8a:85:ec:07:3e:8d:23:93:56:56:c7:
         21:90:0a:95:26:32:fb:d8:98:27:ed:c7:28:67:e8:1f:c0:95:
         33:d1:1c:02:c9:47:cd:57:06:3a:0e:70:8c:b0:ea:9b:6f:0b:
         31:fc:f3:aa:59:9c:03:77:e5:d5:06:69:f2:63:1c:63:5a:45:
         ab:0d:07:ee
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUIQRJh2vUfW22LUIypp3yY7usQkUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MTEyMDI0MjdaFw0yNjA0MTAyMDI5MjdaMDMxMTAvBgNV
BAMTKEExODRDMTc4NDU1QjUzMTMzNTMzRUVFNEQyNDFFQjMyMThEOTE0MjQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWvns4/ZcZtcR4r9KA0KLSReNu
4agaXmiV5JOXzKxgJD0dY+9xfSeM2J2CdaHeMa4SFA0QIlWm4UjSltyiswKBuD8p
+a8TIdHI5Yb7iyjt3IKkrrDeNLcqjweiI41Hi1+5GWN3HAtVpQgKjPVtFq6CNXv8
ZdbfSIP46XIcjoO5buwYyjErCWXKpQW4C1HLH8G0KSzWrTiJA06H9QezltxL9A8h
jIJ9MuUPcNs8gkoyCOzLoUaZbHWOI5AE1omPbjSQD/srfZX+4D5DAhKCtFx2RcQb
ilwQX2HedGRBdlwKFLc7xhNTbnHfsYJwL9gs5lu+iqtZxZdZEX5RZcqkPF/9AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUoYTBeEVbUxM1M+7k0kHrMhjZFCQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAVgPgAD
BAFgPr4DBANgPtgwDQYJKoZIhvcNAQELBQADggEBACKEoxXnZjfC76HpgrOzSaT8
4hQRpWKZGKsfGmSgkAntRRigECnHXc6iQQ2nKSgaX/EJUAWWulslr+sc0lmIFUfJ
P5Hp+6pzCrtKSXBpNOUmS/x/WovSYxduDSH2zPwiYWpNIu2yT0fzWZ/J7BZGb7mu
cPbvWY7u3QDLJ6xZs4Mn4s3C55BTupJbXP1O8nfl1R2SEv8l9p1LeXtVzAYJxGZ4
ERBSLpxjae65kPEZ0B1jFG6SiQzPI+wuJs6KhewHPo0jk1ZWxyGQCpUmMvvYmCft
xyhn6B/AlTPRHALJR81XBjoOcIyw6ptvCzH886pZnAN35dUGafJjHGNaRasNB+4=
-----END CERTIFICATE-----