Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199058.roa
File:                     AS199058.roa (raw, json)
Hash identifier:          vZ340aS2PcV+Vj/EpHi6v85mXxEAJNfuD90ufFGVEBY=
Subject key identifier:   33:21:46:BE:9E:A3:FB:C1:03:FD:C2:D0:0E:88:AE:21:17:09:AE:D8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       28082156C73ED91027C081DEB0AD33518BAA66FE
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199058.roa
Signing time:             Mon 10 Mar 2025 14:53:57 +0000
ROA not before:           Mon 10 Mar 2025 14:48:57 +0000
ROA not after:            Mon 09 Mar 2026 14:53:57 +0000
asID:                     199058
IP address blocks:        146.103.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:08:21:56:c7:3e:d9:10:27:c0:81:de:b0:ad:33:51:8b:aa:66:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 10 14:48:57 2025 GMT
            Not After : Mar  9 14:53:57 2026 GMT
        Subject: CN=332146BE9EA3FBC103FDC2D00E88AE211709AED8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:46:8a:4a:79:d2:08:06:d8:8e:71:ce:2e:aa:
                    81:4d:6b:44:e8:fd:75:6b:20:fa:a2:bb:ad:6d:93:
                    de:d5:fe:59:82:d8:4e:34:0f:9a:02:a6:c4:ef:ab:
                    f6:13:69:45:7f:53:87:48:e7:17:88:0b:2f:e5:45:
                    10:51:53:8e:83:60:51:a7:59:e0:a8:af:af:f8:78:
                    0c:35:c4:66:46:f3:4d:e8:0b:3b:10:71:d5:09:ba:
                    d5:88:c8:71:d5:fc:dd:cb:eb:fc:27:89:66:aa:d5:
                    ef:6f:f9:6a:39:2c:b8:cf:5b:ed:82:2a:b6:99:5a:
                    aa:a1:7e:b1:d2:af:05:46:77:1d:17:b2:6f:5b:82:
                    fe:55:22:73:07:20:0b:e2:33:36:be:a5:c1:60:ad:
                    b5:b7:6a:f5:37:52:83:e1:0e:12:79:18:a6:3b:52:
                    92:29:95:8a:ae:9e:29:ee:71:d5:41:24:dc:6e:04:
                    de:2c:6a:14:f1:5b:8a:2f:41:27:7b:3a:01:b2:06:
                    fa:b5:b9:dd:c0:a1:ef:0f:8d:e0:a1:5d:5f:88:92:
                    b8:f6:99:75:a3:0d:48:82:7b:cc:31:34:3a:95:b0:
                    4b:64:2f:1c:d7:eb:cb:ce:0d:ab:99:6f:04:c0:ba:
                    5c:39:8d:81:3a:e6:84:fb:43:fd:13:cd:00:7a:20:
                    a9:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:21:46:BE:9E:A3:FB:C1:03:FD:C2:D0:0E:88:AE:21:17:09:AE:D8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199058.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:3f:12:50:df:e6:4f:85:b1:6f:b3:cc:7b:6e:af:25:b8:2a:
         3c:46:f4:37:fe:cb:50:b0:32:47:52:e8:a6:73:89:ee:5a:7a:
         fc:ce:12:f5:24:69:b7:d7:41:47:28:6e:2b:26:72:03:9f:9b:
         c8:8d:ea:71:70:43:19:77:34:84:b7:c1:cf:2f:89:47:d9:05:
         ab:6a:bf:1f:d9:5d:76:61:fb:f7:9d:e3:39:d8:d3:6e:c0:3b:
         fc:e3:db:f3:94:f1:6e:0a:8c:c2:f2:0f:ee:d5:f3:09:80:84:
         70:d3:43:2b:8f:85:0b:a3:25:a5:62:da:da:1a:6c:7d:8c:d5:
         8c:c1:02:b0:93:8b:32:4b:9a:d4:cd:43:79:42:b8:9c:cd:26:
         ef:ac:ef:56:2b:5b:a9:37:97:0b:74:36:b5:98:3b:be:0e:23:
         bc:26:0b:ec:41:08:fe:44:07:3c:1c:2b:58:9c:f8:6a:81:2d:
         c4:0e:5e:af:60:3e:99:8f:36:26:0b:04:e4:0b:62:f7:e6:77:
         f3:e8:f1:25:21:93:f6:63:a5:69:df:17:10:6d:8b:17:59:f7:
         3b:64:ec:3d:d3:06:e9:61:cd:10:1f:2e:4a:8f:13:91:39:22:
         7c:be:a5:c2:e5:7e:73:34:11:56:4a:dd:0b:8b:70:01:06:fc:
         c2:67:a5:d3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUKAghVsc+2RAnwIHesK0zUYuqZv4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMTAxNDQ4NTdaFw0yNjAzMDkxNDUzNTdaMDMxMTAvBgNV
BAMTKDMzMjE0NkJFOUVBM0ZCQzEwM0ZEQzJEMDBFODhBRTIxMTcwOUFFRDgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvRopKedIIBtiOcc4uqoFNa0To
/XVrIPqiu61tk97V/lmC2E40D5oCpsTvq/YTaUV/U4dI5xeICy/lRRBRU46DYFGn
WeCor6/4eAw1xGZG803oCzsQcdUJutWIyHHV/N3L6/wniWaq1e9v+Wo5LLjPW+2C
KraZWqqhfrHSrwVGdx0Xsm9bgv5VInMHIAviMza+pcFgrbW3avU3UoPhDhJ5GKY7
UpIplYquninucdVBJNxuBN4sahTxW4ovQSd7OgGyBvq1ud3Aoe8PjeChXV+Ikrj2
mXWjDUiCe8wxNDqVsEtkLxzX68vODauZbwTAulw5jYE65oT7Q/0TzQB6IKlVAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUMyFGvp6j+8ED/cLQDoiuIRcJrtgwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5MDU4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmch
MA0GCSqGSIb3DQEBCwUAA4IBAQCePxJQ3+ZPhbFvs8x7bq8luCo8RvQ3/stQsDJH
Uuimc4nuWnr8zhL1JGm310FHKG4rJnIDn5vIjepxcEMZdzSEt8HPL4lH2QWrar8f
2V12Yfv3neM52NNuwDv849vzlPFuCozC8g/u1fMJgIRw00Mrj4ULoyWlYtraGmx9
jNWMwQKwk4syS5rUzUN5QriczSbvrO9WK1upN5cLdDa1mDu+DiO8JgvsQQj+RAc8
HCtYnPhqgS3EDl6vYD6ZjzYmCwTkC2L35nfz6PElIZP2Y6Vp3xcQbYsXWfc7ZOw9
0wbpYc0QHy5KjxOROSJ8vqXC5X5zNBFWSt0Li3ABBvzCZ6XT
-----END CERTIFICATE-----