Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
File:                     AS49608.roa (raw, json)
Hash identifier:          Fzi0eK05/UM4Y8il3oD5oybQwKXU3RHehgPjBuu2aAw=
Subject key identifier:   36:93:64:A9:A3:93:29:F0:29:B4:2F:2C:94:B1:AF:69:D0:F7:01:94
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7F466A6E4456D72B4EAC1E8ECCD418E18A1CA0DB
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
Signing time:             Tue 30 Apr 2024 15:31:41 +0000
ROA not before:           Tue 30 Apr 2024 15:26:41 +0000
ROA not after:            Tue 29 Apr 2025 15:31:41 +0000
asID:                     49608
IP address blocks:        146.103.27.0/24 maxlen: 24
                          146.103.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7f:46:6a:6e:44:56:d7:2b:4e:ac:1e:8e:cc:d4:18:e1:8a:1c:a0:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 30 15:26:41 2024 GMT
            Not After : Apr 29 15:31:41 2025 GMT
        Subject: CN=369364A9A39329F029B42F2C94B1AF69D0F70194
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:05:0e:2a:a1:13:1d:8c:b8:bb:54:91:39:8c:
                    63:3e:b5:81:6b:d2:29:dc:71:b5:57:48:b7:57:c1:
                    5c:fe:85:db:ad:83:24:3a:0e:21:d1:27:d2:b1:f9:
                    f3:0c:1f:c9:bb:3c:a8:3c:fc:ac:02:86:37:0d:e4:
                    54:84:70:30:17:25:c1:33:81:0a:96:0f:15:3e:7c:
                    e4:b5:bf:24:0b:8c:0e:1e:8c:d1:52:39:b5:6c:b4:
                    bd:76:d9:84:63:2b:66:e9:ff:2f:1f:1c:93:db:13:
                    18:91:cf:35:97:59:ae:ad:da:ac:85:a8:05:c6:cc:
                    a0:72:94:55:e8:fb:e2:10:c1:f8:fb:d9:f7:99:c1:
                    eb:31:e5:4a:64:b6:9e:60:9c:d1:cb:f6:ac:17:f4:
                    44:48:01:22:35:d9:0e:ac:e7:a2:09:73:a2:07:05:
                    7b:37:c0:26:d3:a2:da:ff:93:24:a1:f6:54:c3:11:
                    b2:95:b5:bf:5c:11:a3:2f:2d:47:95:29:42:46:68:
                    09:cf:2c:9b:9f:bd:49:3c:a9:46:36:97:21:af:50:
                    43:dd:81:1b:96:d5:17:98:03:70:c4:f9:0e:e7:e7:
                    9c:cf:cb:a0:55:cd:0a:3b:18:47:22:ba:5e:a1:8e:
                    bd:ac:e7:88:92:72:2c:ed:bd:8f:82:11:88:38:d2:
                    fb:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:93:64:A9:A3:93:29:F0:29:B4:2F:2C:94:B1:AF:69:D0:F7:01:94
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.27.0/24
                  146.103.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:9d:cf:88:f1:4c:38:29:42:9f:ec:44:8c:3c:a3:3b:53:0c:
         b5:28:3a:6d:24:6a:2e:e6:3a:1a:fb:c9:22:61:29:39:33:32:
         26:6a:f1:8b:ec:a7:c4:79:19:d7:29:46:ce:79:0a:3c:5f:d4:
         29:2f:4a:dc:1d:d1:5c:64:3c:59:f3:02:c1:0c:27:34:38:5e:
         f9:93:66:27:c1:b2:05:28:eb:31:56:23:48:a9:cd:d3:e6:2b:
         15:b3:f8:3a:6a:7c:59:b7:4a:90:23:c6:e9:83:25:b7:40:d1:
         8c:e6:7c:f5:82:9d:53:32:03:6a:86:63:69:a3:1f:e8:c1:c2:
         83:b6:65:14:3a:70:6a:51:f2:7a:93:82:37:34:d7:62:52:85:
         2d:f4:d1:31:76:0f:f7:1e:46:5f:5d:80:7f:a4:a2:6f:b0:c0:
         30:36:f2:20:22:e3:a8:8c:4d:a6:b9:c5:83:61:6e:04:34:9c:
         4c:65:59:99:50:35:5d:0d:56:50:d0:33:d3:a4:6b:34:fe:3f:
         62:ef:40:8a:d1:40:d2:69:70:fe:50:57:94:7f:b3:cb:3b:33:
         f9:0c:60:65:15:56:f9:f1:31:ec:52:b3:cc:f2:d2:f1:91:2b:
         09:0c:e9:d9:2e:df:ee:07:36:b6:45:fe:2c:a4:31:fb:8e:a2:
         f3:87:6a:28
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUf0ZqbkRW1ytOrB6OzNQY4YocoNswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MzAxNTI2NDFaFw0yNTA0MjkxNTMxNDFaMDMxMTAvBgNV
BAMTKDM2OTM2NEE5QTM5MzI5RjAyOUI0MkYyQzk0QjFBRjY5RDBGNzAxOTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDuBQ4qoRMdjLi7VJE5jGM+tYFr
0inccbVXSLdXwVz+hdutgyQ6DiHRJ9Kx+fMMH8m7PKg8/KwChjcN5FSEcDAXJcEz
gQqWDxU+fOS1vyQLjA4ejNFSObVstL122YRjK2bp/y8fHJPbExiRzzWXWa6t2qyF
qAXGzKBylFXo++IQwfj72feZwesx5Upktp5gnNHL9qwX9ERIASI12Q6s56IJc6IH
BXs3wCbTotr/kySh9lTDEbKVtb9cEaMvLUeVKUJGaAnPLJufvUk8qUY2lyGvUEPd
gRuW1ReYA3DE+Q7n55zPy6BVzQo7GEciul6hjr2s54iSciztvY+CEYg40vu/AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUNpNkqaOTKfAptC8slLGvadD3AZQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDk2MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZxsD
BACSZyQwDQYJKoZIhvcNAQELBQADggEBAHCdz4jxTDgpQp/sRIw8oztTDLUoOm0k
ai7mOhr7ySJhKTkzMiZq8Yvsp8R5GdcpRs55Cjxf1CkvStwd0VxkPFnzAsEMJzQ4
XvmTZifBsgUo6zFWI0ipzdPmKxWz+DpqfFm3SpAjxumDJbdA0YzmfPWCnVMyA2qG
Y2mjH+jBwoO2ZRQ6cGpR8nqTgjc012JShS300TF2D/ceRl9dgH+kom+wwDA28iAi
46iMTaa5xYNhbgQ0nExlWZlQNV0NVlDQM9OkazT+P2LvQIrRQNJpcP5QV5R/s8s7
M/kMYGUVVvnxMexSs8zy0vGRKwkM6dku3+4HNrZF/iykMfuOovOHaig=
-----END CERTIFICATE-----