Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS329007.roa
File:                     AS329007.roa (raw, json)
Hash identifier:          TpaowqwThlfr/EoYFe+LsZ9i4FE8jcmjKqFjt2eH4C4=
Subject key identifier:   AA:B6:05:23:D0:95:93:CB:BC:2C:C1:07:4B:9A:DE:4E:BC:3F:DF:27
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5452510640A6EC5A4B52130039076E6434D60F6E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS329007.roa
Signing time:             Fri 18 Jul 2025 16:27:25 +0000
ROA not before:           Fri 18 Jul 2025 16:22:25 +0000
ROA not after:            Fri 17 Jul 2026 16:27:25 +0000
asID:                     329007
IP address blocks:        140.233.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 14:17:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:52:51:06:40:a6:ec:5a:4b:52:13:00:39:07:6e:64:34:d6:0f:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 18 16:22:25 2025 GMT
            Not After : Jul 17 16:27:25 2026 GMT
        Subject: CN=AAB60523D09593CBBC2CC1074B9ADE4EBC3FDF27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b1:7a:ca:ee:ca:a1:ab:27:6e:af:b8:65:af:
                    5e:98:3c:ce:92:b8:de:09:75:2d:20:cf:08:4c:c5:
                    17:6e:41:9c:c6:21:42:9f:0d:26:80:de:83:29:b0:
                    cb:87:c4:3b:6d:e5:03:00:a4:b4:53:4d:5c:5f:53:
                    55:68:4e:d5:08:5e:70:a3:1d:ec:5f:88:85:94:1a:
                    0f:a5:e1:70:17:de:98:99:76:55:6d:f2:cd:c2:17:
                    8f:a6:d4:d7:c3:1a:d7:18:dd:b4:52:1c:9f:76:53:
                    af:5f:81:20:9c:7c:be:b8:60:42:2e:92:d7:65:52:
                    46:6d:b7:f2:24:df:da:f4:bb:a2:9f:54:f9:c2:98:
                    c6:a5:0f:28:7e:9f:dc:54:01:86:42:9c:ff:d6:08:
                    a2:a3:f2:b9:09:b8:37:ba:67:8f:0c:5d:ba:73:56:
                    fc:3a:ae:90:34:1d:62:25:79:56:46:c1:8f:31:50:
                    7f:ff:33:13:c8:b3:9d:1e:df:30:33:f8:04:6e:97:
                    81:44:60:15:38:71:69:25:2d:de:3b:fa:49:26:83:
                    af:18:33:69:03:7e:8b:c9:6c:73:dd:e7:d8:99:bf:
                    7e:a1:14:2e:ad:d5:77:84:a1:b3:2a:87:49:ae:98:
                    0d:85:b0:39:59:3e:d6:43:9c:f2:0f:38:e3:cd:67:
                    f3:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:B6:05:23:D0:95:93:CB:BC:2C:C1:07:4B:9A:DE:4E:BC:3F:DF:27
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS329007.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:b8:1b:bf:1b:b8:ee:da:fd:fb:57:d5:f7:21:55:54:aa:1f:
         06:20:79:71:66:ba:f9:87:81:a0:4b:d1:90:9c:01:d4:c2:e3:
         fc:53:fc:c5:ba:e7:2a:a7:43:1c:90:49:33:d8:ee:65:aa:f3:
         1f:3b:71:dd:8a:fe:da:77:76:57:a0:9a:8d:9e:f9:01:c6:fe:
         59:3f:66:fe:ee:cb:9e:2d:8c:04:c1:83:78:a3:ca:bd:1d:e8:
         d0:f1:12:11:64:fa:e3:8e:55:9b:b9:8a:be:8c:3a:7b:36:1d:
         d8:a8:e2:72:c8:eb:63:73:9c:f9:3a:a9:8e:22:4c:40:06:d1:
         97:4e:80:60:c1:da:7d:8f:79:d5:38:3c:01:c7:ef:3f:c8:4a:
         b7:ae:22:6e:2b:98:88:7d:6e:89:ab:06:0d:99:c5:88:e6:f6:
         24:85:d6:df:11:17:1d:7f:78:e9:af:8b:78:e3:ae:3c:e0:68:
         b9:d9:2e:82:ec:69:c2:44:86:04:2b:5d:ed:d9:d3:95:cd:8b:
         7f:09:8e:f9:ec:32:ef:5d:bd:97:27:ec:2e:d7:de:8f:23:fc:
         9f:90:12:82:5a:2b:73:fb:4a:b8:8d:0e:f3:60:1c:ca:29:97:
         89:52:9e:0b:76:7d:d1:f7:a8:d0:45:44:85:01:12:6c:51:ce:
         a3:af:5e:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUVFJRBkCm7FpLUhMAOQduZDTWD24wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA3MTgxNjIyMjVaFw0yNjA3MTcxNjI3MjVaMDMxMTAvBgNV
BAMTKEFBQjYwNTIzRDA5NTkzQ0JCQzJDQzEwNzRCOUFERTRFQkMzRkRGMjcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJsXrK7sqhqydur7hlr16YPM6S
uN4JdS0gzwhMxRduQZzGIUKfDSaA3oMpsMuHxDtt5QMApLRTTVxfU1VoTtUIXnCj
HexfiIWUGg+l4XAX3piZdlVt8s3CF4+m1NfDGtcY3bRSHJ92U69fgSCcfL64YEIu
ktdlUkZtt/Ik39r0u6KfVPnCmMalDyh+n9xUAYZCnP/WCKKj8rkJuDe6Z48MXbpz
Vvw6rpA0HWIleVZGwY8xUH//MxPIs50e3zAz+ARul4FEYBU4cWklLd47+kkmg68Y
M2kDfovJbHPd59iZv36hFC6t1XeEobMqh0mumA2FsDlZPtZDnPIPOOPNZ/MnAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUqrYFI9CVk8u8LMEHS5reTrw/3ycwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzI5MDA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjOm7
MA0GCSqGSIb3DQEBCwUAA4IBAQANuBu/G7ju2v37V9X3IVVUqh8GIHlxZrr5h4Gg
S9GQnAHUwuP8U/zFuucqp0MckEkz2O5lqvMfO3Hdiv7ad3ZXoJqNnvkBxv5ZP2b+
7sueLYwEwYN4o8q9HejQ8RIRZPrjjlWbuYq+jDp7Nh3YqOJyyOtjc5z5OqmOIkxA
BtGXToBgwdp9j3nVODwBx+8/yEq3riJuK5iIfW6JqwYNmcWI5vYkhdbfERcdf3jp
r4t446484Gi52S6C7GnCRIYEK13t2dOVzYt/CY757DLvXb2XJ+wu196PI/yfkBKC
Witz+0q4jQ7zYBzKKZeJUp4Ldn3R96jQRUSFARJsUc6jr14f
-----END CERTIFICATE-----