Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa
File:                     AS198584.roa (raw, json)
Hash identifier:          n+8sElu85xYVW8BtPdoNYU8akWAXPPGI8glytmT9blI=
Subject key identifier:   94:29:6E:5E:3F:FF:7F:6C:A7:02:EF:40:12:0D:45:B7:03:8A:A5:63
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3670D1214A507FD69F2E4D2968C83D3963767DE5
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa
Signing time:             Thu 09 May 2024 22:00:14 +0000
ROA not before:           Thu 09 May 2024 21:55:14 +0000
ROA not after:            Thu 08 May 2025 22:00:14 +0000
asID:                     198584
IP address blocks:        147.79.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 13:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:70:d1:21:4a:50:7f:d6:9f:2e:4d:29:68:c8:3d:39:63:76:7d:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  9 21:55:14 2024 GMT
            Not After : May  8 22:00:14 2025 GMT
        Subject: CN=94296E5E3FFF7F6CA702EF40120D45B7038AA563
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:12:fd:ab:36:b7:77:bd:93:43:2a:09:87:b7:
                    1b:e1:7a:16:1e:9f:cc:66:42:a8:ec:c1:5a:b9:b3:
                    c5:fd:c0:74:92:ac:7b:e9:22:9f:1e:9f:8f:cf:ea:
                    1f:51:c0:22:73:35:07:2a:85:e3:91:9e:61:b9:61:
                    46:29:0f:c8:1a:99:ee:b8:07:19:52:66:12:94:04:
                    69:61:31:16:19:d4:11:80:de:0c:e8:f3:f5:7f:89:
                    c5:3b:e9:b3:c8:ba:bf:d7:cb:c7:86:93:26:6d:77:
                    59:2e:dc:93:86:a7:a8:29:04:a9:55:62:98:71:1e:
                    e3:02:a5:60:90:0a:3a:7e:89:8f:71:4e:1d:0d:a0:
                    a8:a6:c8:1a:7b:ba:75:ad:37:80:21:a6:d4:d3:05:
                    43:91:12:3c:57:cb:02:c3:64:89:0c:11:5c:0f:b8:
                    b5:10:a0:a0:cb:aa:a0:b8:d1:ef:48:b5:f5:d1:6e:
                    3c:71:a0:3d:bb:ac:0b:fe:90:49:dc:10:de:ce:48:
                    f6:8d:24:5a:14:6a:e1:c7:e1:59:ec:42:f4:71:2d:
                    8b:2a:99:5a:ce:d4:80:98:db:c8:f1:10:fb:df:ab:
                    38:5f:91:be:13:b0:c3:06:f1:93:b1:a2:2a:81:3a:
                    36:da:0d:f7:55:56:f1:da:cd:fe:25:e7:2e:d3:93:
                    f2:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:29:6E:5E:3F:FF:7F:6C:A7:02:EF:40:12:0D:45:B7:03:8A:A5:63
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS198584.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:4a:fd:b3:9a:2a:a1:a6:69:cb:46:75:fc:92:f3:e0:d0:bb:
         29:1c:db:bd:5a:91:af:ec:04:29:20:2f:19:0b:b1:44:f8:b8:
         22:da:24:1d:d2:93:9f:26:1c:a5:27:46:41:95:d3:32:25:53:
         ea:ac:b5:54:90:0c:b8:58:ea:82:c8:19:60:cf:d6:ee:54:0d:
         69:6e:32:6a:ef:34:38:c3:1b:35:3d:80:8a:cd:62:e0:cb:95:
         93:8d:c1:7d:4f:2b:93:d2:4e:af:64:ad:a9:7c:83:24:aa:04:
         cb:24:d0:19:27:56:f7:7c:e3:c5:fa:76:44:4c:91:ea:1f:95:
         ac:6e:e1:ab:cb:a0:37:7c:07:a4:32:1e:b0:a0:84:2c:bc:f1:
         ff:b2:2c:7c:24:65:44:bc:54:72:03:0f:46:8f:b7:1c:df:0d:
         9b:d5:49:48:ac:39:7f:d3:01:3c:72:a9:b7:5e:35:c8:10:94:
         e8:ec:d0:b5:52:3a:14:ba:16:ff:28:76:85:25:53:49:1b:da:
         d6:f3:e9:34:1f:17:b5:31:d0:75:a5:48:8e:a2:11:e5:2f:c2:
         75:bc:c9:20:a3:d2:26:23:e3:9a:55:2c:07:0b:df:d1:97:63:
         83:99:61:9d:56:65:bf:c0:e8:07:ad:e0:7a:86:2f:45:a1:d8:
         e9:be:bd:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUNnDRIUpQf9afLk0paMg9OWN2feUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MDkyMTU1MTRaFw0yNTA1MDgyMjAwMTRaMDMxMTAvBgNV
BAMTKDk0Mjk2RTVFM0ZGRjdGNkNBNzAyRUY0MDEyMEQ0NUI3MDM4QUE1NjMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfEv2rNrd3vZNDKgmHtxvhehYe
n8xmQqjswVq5s8X9wHSSrHvpIp8en4/P6h9RwCJzNQcqheORnmG5YUYpD8game64
BxlSZhKUBGlhMRYZ1BGA3gzo8/V/icU76bPIur/Xy8eGkyZtd1ku3JOGp6gpBKlV
YphxHuMCpWCQCjp+iY9xTh0NoKimyBp7unWtN4AhptTTBUOREjxXywLDZIkMEVwP
uLUQoKDLqqC40e9ItfXRbjxxoD27rAv+kEncEN7OSPaNJFoUauHH4VnsQvRxLYsq
mVrO1ICY28jxEPvfqzhfkb4TsMMG8ZOxoiqBOjbaDfdVVvHazf4l5y7Tk/LJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUlCluXj//f2ynAu9AEg1FtwOKpWMwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk4NTg0LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08A
MA0GCSqGSIb3DQEBCwUAA4IBAQCaSv2zmiqhpmnLRnX8kvPg0LspHNu9WpGv7AQp
IC8ZC7FE+Lgi2iQd0pOfJhylJ0ZBldMyJVPqrLVUkAy4WOqCyBlgz9buVA1pbjJq
7zQ4wxs1PYCKzWLgy5WTjcF9TyuT0k6vZK2pfIMkqgTLJNAZJ1b3fOPF+nZETJHq
H5WsbuGry6A3fAekMh6woIQsvPH/six8JGVEvFRyAw9Gj7cc3w2b1UlIrDl/0wE8
cqm3XjXIEJTo7NC1UjoUuhb/KHaFJVNJG9rW8+k0Hxe1MdB1pUiOohHlL8J1vMkg
o9ImI+OaVSwHC9/Rl2ODmWGdVmW/wOgHreB6hi9Fodjpvr2+
-----END CERTIFICATE-----