Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
File:                     AS47436.roa (raw, json)
Hash identifier:          2FgeYgJhk2PV2kWDA1FqvttimJm3QuqI5vvCcuh3+Bc=
Subject key identifier:   70:64:0B:5A:AB:A8:56:44:B5:87:8F:69:47:11:7B:D7:F5:B7:F4:C8
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       76BB3411A8B400AC4C6BADF695A1D40338B11838
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
Signing time:             Sun 22 Oct 2023 05:39:53 +0000
ROA not before:           Sun 22 Oct 2023 05:34:53 +0000
ROA not after:            Sun 20 Oct 2024 05:39:53 +0000
asID:                     47436
IP address blocks:        195.206.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:bb:34:11:a8:b4:00:ac:4c:6b:ad:f6:95:a1:d4:03:38:b1:18:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Oct 22 05:34:53 2023 GMT
            Not After : Oct 20 05:39:53 2024 GMT
        Subject: CN=70640B5AABA85644B5878F6947117BD7F5B7F4C8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:bb:69:d4:27:18:61:80:19:86:fa:7e:cb:d5:
                    f0:8f:ad:2c:d0:22:0a:87:5e:95:55:f4:ca:e0:b1:
                    b9:ba:ee:72:de:92:ae:8b:9b:27:22:18:96:b5:a8:
                    b8:86:1d:b8:d6:46:3a:d7:c7:b3:a9:55:6b:29:c6:
                    cb:3d:6f:18:da:36:70:68:25:c8:b7:07:fa:17:e9:
                    ae:57:27:36:ee:61:cb:1b:cc:66:fe:2f:e2:ea:7e:
                    62:7b:44:bd:3b:9c:43:69:3a:69:a9:44:63:43:1e:
                    df:47:48:26:b2:50:02:da:e2:12:2c:fc:71:8f:8e:
                    32:f4:ed:a8:5b:78:e8:46:bf:4c:16:f4:00:ef:63:
                    1a:d2:ec:ae:7d:3b:27:db:4c:9b:d8:72:66:c1:45:
                    e8:9e:93:f2:d7:8e:6e:e0:a3:15:bc:a5:bc:68:2e:
                    94:e5:74:96:dc:0a:0a:e1:d9:d9:65:2e:75:d1:dd:
                    24:c5:b0:34:3e:71:22:44:b9:05:13:c0:46:4b:ac:
                    2c:e4:f2:61:c5:72:6c:1d:24:ee:d8:f3:8b:a3:72:
                    ca:b3:00:40:aa:59:ef:1c:a2:df:5c:53:75:c3:a5:
                    e5:56:d9:5e:e6:1b:eb:93:87:e2:10:27:ee:cf:d3:
                    cc:bf:b4:b5:c5:c9:e4:cc:6f:09:c0:da:43:46:ce:
                    52:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:64:0B:5A:AB:A8:56:44:B5:87:8F:69:47:11:7B:D7:F5:B7:F4:C8
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:90:4d:34:d9:06:29:14:50:0e:96:9b:8f:d9:c1:f0:26:bd:
         3c:29:31:be:c9:be:bf:b3:2d:a7:53:2a:35:7a:02:d8:56:41:
         86:c1:19:93:b7:81:07:be:60:43:13:77:2f:99:96:f4:18:42:
         45:b6:54:ef:df:19:a2:ec:c2:f8:d4:88:e2:c1:b3:8f:af:14:
         88:d6:d3:98:ff:8b:2f:da:da:ae:20:fc:70:c0:ee:e5:85:04:
         c8:ad:b3:1a:15:e0:91:92:a3:3e:2c:09:89:c7:e1:cc:65:10:
         a5:02:37:95:91:2f:87:50:d8:dc:62:31:43:3f:47:6e:14:35:
         e1:0a:92:65:95:9b:2c:e7:54:2f:10:8c:84:78:ac:5a:d3:f1:
         e2:1c:3c:a2:42:33:42:6b:df:c7:b0:08:ac:b9:1f:03:2d:79:
         c0:6f:30:84:2d:e0:70:11:46:b0:a7:73:35:2c:a0:35:bc:a4:
         7c:61:89:f1:e1:84:28:93:e8:20:70:79:ca:b2:ce:aa:88:53:
         ae:19:c2:f7:29:65:f9:a9:45:bd:f9:77:c3:2e:62:72:30:44:
         26:0e:03:54:26:b4:d8:9c:6f:ec:a8:d3:f5:6f:57:22:99:42:
         14:4a:cc:bc:5b:f0:85:0c:c7:c4:3c:73:94:75:af:83:32:27:
         2d:fc:2b:b4
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdrs0Eai0AKxMa632laHUAzixGDgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yMzEwMjIwNTM0NTNaFw0yNDEwMjAwNTM5NTNaMDMxMTAvBgNV
BAMTKDcwNjQwQjVBQUJBODU2NDRCNTg3OEY2OTQ3MTE3QkQ3RjVCN0Y0QzgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCOu2nUJxhhgBmG+n7L1fCPrSzQ
IgqHXpVV9Mrgsbm67nLekq6LmyciGJa1qLiGHbjWRjrXx7OpVWspxss9bxjaNnBo
Jci3B/oX6a5XJzbuYcsbzGb+L+LqfmJ7RL07nENpOmmpRGNDHt9HSCayUALa4hIs
/HGPjjL07ahbeOhGv0wW9ADvYxrS7K59OyfbTJvYcmbBReiek/LXjm7goxW8pbxo
LpTldJbcCgrh2dllLnXR3STFsDQ+cSJEuQUTwEZLrCzk8mHFcmwdJO7Y84ujcsqz
AECqWe8cot9cU3XDpeVW2V7mG+uTh+IQJ+7P08y/tLXFyeTMbwnA2kNGzlLnAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUcGQLWquoVkS1h49pRxF71/W39MgwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDc0MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzusw
DQYJKoZIhvcNAQELBQADggEBAAiQTTTZBikUUA6Wm4/ZwfAmvTwpMb7Jvr+zLadT
KjV6AthWQYbBGZO3gQe+YEMTdy+ZlvQYQkW2VO/fGaLswvjUiOLBs4+vFIjW05j/
iy/a2q4g/HDA7uWFBMitsxoV4JGSoz4sCYnH4cxlEKUCN5WRL4dQ2NxiMUM/R24U
NeEKkmWVmyznVC8QjIR4rFrT8eIcPKJCM0Jr38ewCKy5HwMtecBvMIQt4HARRrCn
czUsoDW8pHxhifHhhCiT6CBwecqyzqqIU64ZwvcpZfmpRb35d8MuYnIwRCYOA1Qm
tNicb+yo0/VvVyKZQhRKzLxb8IUMx8Q8c5R1r4MyJy38K7Q=
-----END CERTIFICATE-----