Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18779.roa
File:                     AS18779.roa (raw, json)
Hash identifier:          WOHI8/pdzPK99KtbhX54kVsBWWABlIuydy1LozBIfy8=
Subject key identifier:   D6:C0:B6:00:A4:75:AA:2D:36:9E:28:C0:36:2E:4A:63:42:78:0C:F9
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0F4553BB999F389F3A5A5D862404D21469AE865A
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18779.roa
Signing time:             Tue 13 May 2025 05:33:10 +0000
ROA not before:           Tue 13 May 2025 05:28:10 +0000
ROA not after:            Tue 12 May 2026 05:33:10 +0000
asID:                     18779
IP address blocks:        136.143.241.0/24 maxlen: 24
                          158.140.192.0/24 maxlen: 24
                          203.100.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0f:45:53:bb:99:9f:38:9f:3a:5a:5d:86:24:04:d2:14:69:ae:86:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 13 05:28:10 2025 GMT
            Not After : May 12 05:33:10 2026 GMT
        Subject: CN=D6C0B600A475AA2D369E28C0362E4A6342780CF9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:15:33:d8:4e:1e:38:6d:00:7e:f0:28:5e:75:
                    61:dc:a5:45:ca:90:ae:0d:ec:ee:17:3c:9e:22:e2:
                    36:e7:73:dd:65:ad:16:77:2d:06:fb:a7:3f:c8:01:
                    6c:97:1c:0a:16:09:08:36:4e:89:a5:79:c8:ef:23:
                    3d:8e:36:2c:7f:2e:73:5e:b8:7f:d3:13:9b:e5:66:
                    6f:f3:dc:5f:87:39:45:f3:f6:bc:19:a4:64:fc:a1:
                    07:d1:d4:83:8d:a8:a5:8e:7d:5a:c1:2c:01:5c:3b:
                    b5:f9:9a:c4:1c:bf:eb:e5:47:b8:6b:38:be:6e:af:
                    d1:bd:32:af:19:2c:94:06:3e:10:8a:1c:68:04:eb:
                    89:b8:c0:bc:45:3f:a4:71:94:9d:31:45:e7:b0:f2:
                    a3:da:f4:f5:94:df:ad:8c:af:2b:ac:ab:0f:09:1a:
                    35:16:b6:ab:35:96:b3:b7:0a:68:cc:6e:27:a4:39:
                    3d:34:e5:eb:2e:4e:32:d7:d6:92:8b:db:2c:78:11:
                    d0:e2:7e:f7:02:f8:70:35:88:f7:56:14:24:50:54:
                    4f:d9:79:ec:15:c6:37:85:32:cb:98:8e:6b:6a:69:
                    73:3e:2e:eb:35:19:82:41:1e:1e:3c:bc:f7:df:81:
                    08:24:04:d9:a3:a6:da:2e:ce:3c:8e:e9:32:06:f8:
                    3f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:C0:B6:00:A4:75:AA:2D:36:9E:28:C0:36:2E:4A:63:42:78:0C:F9
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS18779.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  136.143.241.0/24
                  158.140.192.0/24
                  203.100.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2b:18:4d:52:8b:16:30:c0:ff:d4:38:c4:bd:10:0c:67:91:d6:
         5a:08:aa:2d:98:4a:28:cb:53:ba:be:d2:1e:d5:5f:9c:14:88:
         9f:a0:1f:2c:98:6c:c1:71:bd:54:77:d1:d4:48:72:06:d4:c5:
         26:85:b2:58:9d:e2:5c:cb:98:8d:e3:35:f2:45:f3:76:3e:44:
         ad:ba:f9:6e:e4:2a:c3:ba:43:c2:11:ca:9d:13:36:e6:a1:b5:
         be:a2:59:a9:e3:76:cc:c9:73:b9:e2:09:3d:a1:21:8c:d2:92:
         55:59:14:74:66:6c:39:c1:f5:dd:5f:b5:61:dc:36:cd:95:f2:
         d5:37:58:33:82:48:76:8a:41:02:c0:4f:7b:19:1f:62:76:66:
         d8:56:13:25:f8:ea:95:77:a5:14:5d:db:24:ed:1d:14:94:e8:
         94:e7:e3:f9:9e:f6:24:be:1c:aa:c2:fb:eb:09:3e:31:b3:41:
         1e:7e:f4:36:eb:d1:7c:b5:ab:88:bc:d3:89:8f:34:ed:7c:fa:
         73:2b:65:93:82:ae:a9:ee:c9:f8:4a:a4:1c:2f:2e:67:20:d3:
         ce:c2:3d:51:8a:3c:7a:79:cc:a2:f0:29:0f:7d:3e:b5:0f:83:
         2d:17:b1:af:76:33:ef:23:0e:ea:a0:60:a8:5d:aa:54:62:d5:
         70:36:8d:4f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUD0VTu5mfOJ86Wl2GJATSFGmuhlowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTMwNTI4MTBaFw0yNjA1MTIwNTMzMTBaMDMxMTAvBgNV
BAMTKEQ2QzBCNjAwQTQ3NUFBMkQzNjlFMjhDMDM2MkU0QTYzNDI3ODBDRjkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzFTPYTh44bQB+8ChedWHcpUXK
kK4N7O4XPJ4i4jbnc91lrRZ3LQb7pz/IAWyXHAoWCQg2TomlecjvIz2ONix/LnNe
uH/TE5vlZm/z3F+HOUXz9rwZpGT8oQfR1IONqKWOfVrBLAFcO7X5msQcv+vlR7hr
OL5ur9G9Mq8ZLJQGPhCKHGgE64m4wLxFP6RxlJ0xReew8qPa9PWU362Mryusqw8J
GjUWtqs1lrO3CmjMbiekOT005esuTjLX1pKL2yx4EdDifvcC+HA1iPdWFCRQVE/Z
eewVxjeFMsuYjmtqaXM+Lus1GYJBHh48vPffgQgkBNmjptouzjyO6TIG+D9lAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU1sC2AKR1qi02nijANi5KY0J4DPkwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTg3Nzkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACIj/ED
BACejMADBAPLZNgwDQYJKoZIhvcNAQELBQADggEBACsYTVKLFjDA/9Q4xL0QDGeR
1loIqi2YSijLU7q+0h7VX5wUiJ+gHyyYbMFxvVR30dRIcgbUxSaFslid4lzLmI3j
NfJF83Y+RK26+W7kKsO6Q8IRyp0TNuahtb6iWanjdszJc7niCT2hIYzSklVZFHRm
bDnB9d1ftWHcNs2V8tU3WDOCSHaKQQLAT3sZH2J2ZthWEyX46pV3pRRd2yTtHRSU
6JTn4/me9iS+HKrC++sJPjGzQR5+9Dbr0Xy1q4i804mPNO18+nMrZZOCrqnuyfhK
pBwvLmcg087CPVGKPHp5zKLwKQ99PrUPgy0Xsa92M+8jDuqgYKhdqlRi1XA2jU8=
-----END CERTIFICATE-----