Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
File:                     AS20326.roa (raw, json)
Hash identifier:          qeMx6z6GP2F0Tv/joFfERZ0DDFAJKOjZKVCU7hWmKDQ=
Subject key identifier:   DC:6A:77:40:4F:00:EA:E4:16:57:7D:50:98:60:15:68:39:3B:36:BB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       76F2FEB2EB4F8BE86FE402F75B9C1DDC51E3A198
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa
Signing time:             Tue 10 Dec 2024 20:33:02 +0000
ROA not before:           Tue 10 Dec 2024 20:28:02 +0000
ROA not after:            Tue 09 Dec 2025 20:33:02 +0000
asID:                     20326
IP address blocks:        96.62.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:f2:fe:b2:eb:4f:8b:e8:6f:e4:02:f7:5b:9c:1d:dc:51:e3:a1:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec 10 20:28:02 2024 GMT
            Not After : Dec  9 20:33:02 2025 GMT
        Subject: CN=DC6A77404F00EAE416577D5098601568393B36BB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:09:0f:8b:4a:fc:ed:f4:c8:0b:48:87:85:a9:
                    5d:a2:fb:53:1a:f7:bb:0e:9d:bd:ea:11:a4:41:c4:
                    f4:7a:ba:8d:c9:9e:c6:0b:aa:fb:00:1f:9c:3d:c6:
                    22:a0:df:1c:e9:09:37:c0:4c:46:9c:e2:3f:ec:92:
                    5a:7b:81:ae:a0:b0:97:1d:15:40:4b:a8:d9:d1:2c:
                    ea:86:d3:3b:49:a0:71:63:56:be:26:d7:2a:4d:bb:
                    92:01:ea:b4:70:b6:5d:12:50:40:b0:83:0a:1b:bd:
                    18:f6:8d:a4:0e:d4:55:7f:1d:24:43:43:a0:86:74:
                    02:ed:ce:6a:46:1d:df:c3:1f:ac:2a:42:30:b2:1a:
                    5c:b7:16:10:2e:94:82:9f:fd:21:80:36:cb:fe:e9:
                    a8:af:02:4d:3d:e9:fb:f7:ac:a2:0e:5a:59:dc:87:
                    a2:b3:a5:2a:ac:8e:48:f1:d5:9f:ce:a2:d6:c0:1a:
                    ee:13:08:b8:78:e6:4e:88:a4:41:19:00:d2:6d:0a:
                    a6:5f:8e:77:1c:12:b4:5f:ff:31:32:0e:4f:52:5e:
                    95:5c:be:ce:d6:b0:79:7e:66:dc:0e:40:36:7e:c6:
                    69:a7:24:91:87:79:a6:86:14:3b:0e:f4:b4:52:47:
                    92:65:81:c0:9b:76:31:34:a1:8c:ca:f1:f5:86:a1:
                    41:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:6A:77:40:4F:00:EA:E4:16:57:7D:50:98:60:15:68:39:3B:36:BB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20326.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         24:3a:12:3a:9c:08:30:44:b5:7f:59:f7:75:fa:a3:52:04:6a:
         4d:fc:19:50:b1:11:08:cf:c2:ba:8f:96:31:db:2c:39:52:13:
         10:14:09:34:4e:9d:c1:b5:44:10:de:24:91:93:36:eb:97:7d:
         c0:40:90:0a:b2:54:27:19:4b:c8:ca:82:e3:1e:99:13:99:c5:
         b0:ab:36:29:19:5f:40:1e:13:83:79:4a:7e:bf:a6:9c:ea:c4:
         19:39:2d:46:3b:d2:fc:b7:0f:2c:d7:bb:d2:f6:95:10:f1:99:
         f0:6a:e3:e4:11:37:6d:d0:07:88:e1:05:5d:04:79:5c:71:9e:
         6a:a5:62:7d:0a:0e:0b:d4:a6:07:59:46:10:de:b1:7a:3c:e5:
         46:81:37:a1:5c:e6:00:a9:22:8f:36:12:95:68:2d:e2:e3:41:
         ef:92:68:7d:12:24:e0:11:82:35:af:ca:96:9f:e0:1d:48:67:
         a0:ed:9e:21:29:46:a8:78:9a:6c:95:98:63:e9:f5:43:10:9a:
         05:d5:3a:04:67:76:03:74:00:a8:fd:41:0d:55:ea:19:1d:4f:
         3f:06:fe:03:0d:06:c6:1f:cc:10:d4:f0:ca:1a:42:0e:61:1c:
         68:4c:a1:9d:0a:21:48:a8:f4:7c:ea:1a:29:f1:0f:61:3d:9e:
         61:c2:4f:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUdvL+sutPi+hv5AL3W5wd3FHjoZgwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEyMTAyMDI4MDJaFw0yNTEyMDkyMDMzMDJaMDMxMTAvBgNV
BAMTKERDNkE3NzQwNEYwMEVBRTQxNjU3N0Q1MDk4NjAxNTY4MzkzQjM2QkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCECQ+LSvzt9MgLSIeFqV2i+1Ma
97sOnb3qEaRBxPR6uo3JnsYLqvsAH5w9xiKg3xzpCTfATEac4j/sklp7ga6gsJcd
FUBLqNnRLOqG0ztJoHFjVr4m1ypNu5IB6rRwtl0SUECwgwobvRj2jaQO1FV/HSRD
Q6CGdALtzmpGHd/DH6wqQjCyGly3FhAulIKf/SGANsv+6aivAk096fv3rKIOWlnc
h6KzpSqsjkjx1Z/OotbAGu4TCLh45k6IpEEZANJtCqZfjnccErRf/zEyDk9SXpVc
vs7WsHl+ZtwOQDZ+xmmnJJGHeaaGFDsO9LRSR5JlgcCbdjE0oYzK8fWGoUHjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU3Gp3QE8A6uQWV31QmGAVaDk7NrswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjAzMjYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBANgPsgw
DQYJKoZIhvcNAQELBQADggEBACQ6EjqcCDBEtX9Z93X6o1IEak38GVCxEQjPwrqP
ljHbLDlSExAUCTROncG1RBDeJJGTNuuXfcBAkAqyVCcZS8jKguMemROZxbCrNikZ
X0AeE4N5Sn6/ppzqxBk5LUY70vy3DyzXu9L2lRDxmfBq4+QRN23QB4jhBV0EeVxx
nmqlYn0KDgvUpgdZRhDesXo85UaBN6Fc5gCpIo82EpVoLeLjQe+SaH0SJOARgjWv
ypaf4B1IZ6DtniEpRqh4mmyVmGPp9UMQmgXVOgRndgN0AKj9QQ1V6hkdTz8G/gMN
BsYfzBDU8MoaQg5hHGhMoZ0KIUio9HzqGinxD2E9nmHCT6o=
-----END CERTIFICATE-----