Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
File:                     AS20860.roa (raw, json)
Hash identifier:          WBBGXpwAOxEJWK2MDkxx4LPeP0oiH9ymmWijHSVXvek=
Subject key identifier:   F2:56:8E:31:FB:FB:4D:2D:C6:65:EA:E5:0A:8D:FD:17:74:12:2D:0C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1A0DB345193578BC1318F01641D374E147D18D71
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa
Signing time:             Wed 31 Jul 2024 18:50:47 +0000
ROA not before:           Wed 31 Jul 2024 18:45:47 +0000
ROA not after:            Wed 30 Jul 2025 18:50:47 +0000
asID:                     20860
IP address blocks:        146.103.7.0/24 maxlen: 24
                          146.103.20.0/24 maxlen: 24
                          146.103.21.0/24 maxlen: 24
                          146.103.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:0d:b3:45:19:35:78:bc:13:18:f0:16:41:d3:74:e1:47:d1:8d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 31 18:45:47 2024 GMT
            Not After : Jul 30 18:50:47 2025 GMT
        Subject: CN=F2568E31FBFB4D2DC665EAE50A8DFD1774122D0C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:00:ca:74:5f:3f:73:ba:d2:68:9f:f1:98:47:
                    50:98:77:2a:a1:da:d3:a0:82:86:00:08:fb:27:61:
                    23:85:63:4f:b6:ea:42:86:28:83:d3:80:26:05:79:
                    73:9b:8a:64:38:c8:26:7d:75:d1:28:b7:3b:be:19:
                    23:7e:53:35:c0:4a:87:1d:15:db:9f:41:4c:a4:c6:
                    34:82:49:ac:22:4b:16:dd:41:b0:96:6b:4a:a8:f8:
                    fa:fe:2c:03:a8:60:0c:14:31:7e:fd:65:fb:9b:fc:
                    42:09:3e:4b:df:4c:e5:8e:65:6d:2d:72:8e:20:3f:
                    03:9b:2a:f5:30:4a:b5:e9:1b:b4:4b:07:1c:fe:c0:
                    fd:af:c8:ee:e9:d9:36:0a:3b:94:07:09:c5:be:40:
                    08:90:94:3b:67:73:d5:f4:cc:22:2d:ec:fd:ca:e8:
                    a8:de:a0:93:dc:0e:00:40:02:98:09:bc:b6:f6:2c:
                    d1:56:2f:bc:f0:cc:24:dc:19:0d:a9:60:07:34:04:
                    e1:2d:10:f1:e4:a8:40:2c:55:25:0f:19:09:c0:83:
                    f1:38:d4:aa:ed:60:f8:13:cf:5b:4a:02:7c:d1:6a:
                    72:f4:9d:95:9f:0d:f0:b4:9e:68:85:89:5b:21:42:
                    9e:40:66:db:63:4b:77:c4:81:da:a5:bc:2c:54:8d:
                    01:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:56:8E:31:FB:FB:4D:2D:C6:65:EA:E5:0A:8D:FD:17:74:12:2D:0C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS20860.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.7.0/24
                  146.103.20.0/23
                  146.103.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:e2:d9:2a:5a:3f:15:f1:e0:cd:dd:3f:a3:0b:ca:ec:0d:b1:
         ba:77:1c:fa:47:a3:c2:b2:d4:55:0f:92:82:b3:8e:5b:c9:ad:
         ac:e7:cf:d7:43:bb:dc:50:f9:57:65:18:37:00:de:0e:1a:d0:
         b1:81:96:3e:9c:b5:93:cd:e1:f1:ce:5f:5b:20:02:5f:e3:cd:
         b0:61:da:0c:87:d7:a7:2a:ef:98:db:5f:6a:6b:f3:47:64:20:
         cc:f0:1c:c4:42:50:d4:5a:bc:03:be:c5:03:7c:6a:e0:8c:e2:
         b3:e1:44:e8:57:a4:69:dd:67:42:18:6b:b3:04:1a:58:c7:83:
         73:dc:08:eb:c5:be:39:06:b3:33:2e:00:73:fb:07:01:ed:28:
         0c:0e:12:c6:5f:b8:27:51:ae:7f:a2:d4:25:55:a0:c8:a0:8b:
         5b:4d:c2:fd:34:fa:0f:86:46:52:02:d1:f8:f9:cb:ac:97:3a:
         1f:98:fe:5a:f9:1d:3d:a5:d2:2b:b3:35:c7:10:8d:99:09:2d:
         53:0e:b5:b5:f1:8b:e7:7d:ee:ad:3e:d4:fc:45:6a:3d:a8:e3:
         72:2f:73:eb:23:fd:42:c0:42:16:08:1e:c1:ee:25:11:d8:ae:
         9a:ff:31:f3:c3:11:a1:a9:af:17:ef:12:66:3a:24:f6:f7:9b:
         59:a4:91:2e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUGg2zRRk1eLwTGPAWQdN04UfRjXEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MzExODQ1NDdaFw0yNTA3MzAxODUwNDdaMDMxMTAvBgNV
BAMTKEYyNTY4RTMxRkJGQjREMkRDNjY1RUFFNTBBOERGRDE3NzQxMjJEMEMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD3AMp0Xz9zutJon/GYR1CYdyqh
2tOggoYACPsnYSOFY0+26kKGKIPTgCYFeXObimQ4yCZ9ddEotzu+GSN+UzXASocd
FdufQUykxjSCSawiSxbdQbCWa0qo+Pr+LAOoYAwUMX79Zfub/EIJPkvfTOWOZW0t
co4gPwObKvUwSrXpG7RLBxz+wP2vyO7p2TYKO5QHCcW+QAiQlDtnc9X0zCIt7P3K
6KjeoJPcDgBAApgJvLb2LNFWL7zwzCTcGQ2pYAc0BOEtEPHkqEAsVSUPGQnAg/E4
1KrtYPgTz1tKAnzRanL0nZWfDfC0nmiFiVshQp5AZttjS3fEgdqlvCxUjQHTAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQU8laOMfv7TS3GZerlCo39F3QSLQwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjA4NjAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBACSZwcD
BAGSZxQDBACSZxcwDQYJKoZIhvcNAQELBQADggEBAHXi2SpaPxXx4M3dP6MLyuwN
sbp3HPpHo8Ky1FUPkoKzjlvJraznz9dDu9xQ+VdlGDcA3g4a0LGBlj6ctZPN4fHO
X1sgAl/jzbBh2gyH16cq75jbX2pr80dkIMzwHMRCUNRavAO+xQN8auCM4rPhROhX
pGndZ0IYa7MEGljHg3PcCOvFvjkGszMuAHP7BwHtKAwOEsZfuCdRrn+i1CVVoMig
i1tNwv00+g+GRlIC0fj5y6yXOh+Y/lr5HT2l0iuzNccQjZkJLVMOtbXxi+d97q0+
1PxFaj2o43Ivc+sj/ULAQhYIHsHuJRHYrpr/MfPDEaGprxfvEmY6JPb3m1mkkS4=
-----END CERTIFICATE-----