Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212762.roa
File:                     AS212762.roa (raw, json)
Hash identifier:          K4DTuaa74gKnfmewIwacssoLHJknTe3iu46SYq3a8k4=
Subject key identifier:   5E:ED:01:92:A2:06:A6:1D:59:4C:27:7F:C3:E6:2A:08:32:97:AB:88
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1ACB0DE4535C7E2AFCE2421729B08D1CCDBB7D47
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212762.roa
Signing time:             Fri 10 May 2024 16:52:48 +0000
ROA not before:           Fri 10 May 2024 16:47:48 +0000
ROA not after:            Fri 09 May 2025 16:52:48 +0000
asID:                     212762
IP address blocks:        146.103.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 18:21:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:cb:0d:e4:53:5c:7e:2a:fc:e2:42:17:29:b0:8d:1c:cd:bb:7d:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 10 16:47:48 2024 GMT
            Not After : May  9 16:52:48 2025 GMT
        Subject: CN=5EED0192A206A61D594C277FC3E62A083297AB88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:33:43:2d:f3:14:7c:64:f7:5d:e4:74:59:b8:
                    18:99:e8:87:da:9d:e1:7b:3d:68:f9:ba:f5:2e:a8:
                    49:b5:b0:44:0f:8d:e8:87:7b:38:4a:9d:69:41:7d:
                    0f:8c:b4:2c:f8:b4:f5:37:d3:bf:1d:e7:ee:bb:8c:
                    31:0b:72:80:9e:9f:ec:39:8b:b4:30:b7:af:82:5e:
                    f2:15:6c:3f:7e:12:6d:99:ad:9e:c2:59:2d:55:41:
                    29:f6:37:ea:10:f4:6e:0b:6a:0f:15:02:dd:34:ee:
                    10:01:93:6e:f2:7d:f8:2b:e9:5b:01:a4:0e:a6:4e:
                    2c:97:e2:c4:15:bb:7c:f2:7d:57:3c:3b:87:8f:06:
                    d9:c3:28:59:0b:4e:f2:03:05:d4:13:3e:f7:61:3e:
                    2d:84:87:03:65:2a:b7:4a:a8:83:49:9b:93:36:9d:
                    f9:0b:12:f2:41:c4:fd:d5:ef:19:fe:81:a4:6f:c3:
                    df:bb:90:7a:4a:cc:b7:5b:e4:d9:7b:47:59:b2:ab:
                    ec:d5:46:33:09:db:22:37:97:51:02:fb:17:7d:27:
                    7d:a8:ef:75:fb:35:60:d5:c9:66:ed:2d:36:10:61:
                    83:c7:68:8b:47:23:f9:b9:18:24:c2:74:5f:92:5b:
                    74:db:ef:ca:6e:02:11:f3:7c:78:e3:40:dc:2f:48:
                    f3:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:ED:01:92:A2:06:A6:1D:59:4C:27:7F:C3:E6:2A:08:32:97:AB:88
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS212762.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:c8:b6:72:78:f3:f5:95:60:9b:04:e9:25:15:3b:76:a7:77:
         44:64:6e:da:7d:90:f3:7c:19:82:49:b8:15:43:6b:10:6b:c0:
         84:16:91:1c:8e:02:d7:17:54:b5:8e:ec:fd:51:ad:4d:c1:e1:
         0f:4d:f1:4e:d8:f8:85:a6:ee:ce:58:53:19:66:c0:67:f5:a3:
         3d:a9:3a:37:fb:4e:64:4b:5d:32:28:34:01:d7:1b:ce:fd:8d:
         42:ca:c7:40:a3:24:7d:02:af:bd:18:67:ca:61:81:64:dc:47:
         a7:97:06:83:db:87:61:e3:ab:81:e0:a5:49:fc:2b:cf:fe:21:
         32:91:7d:b6:d0:87:08:8f:ca:6c:49:da:f7:75:7c:12:16:96:
         3d:ca:88:8c:86:ac:24:e1:09:6c:a3:6e:21:d5:ee:8b:2c:95:
         e5:7f:e8:2e:44:c7:36:09:b7:d6:a8:44:f7:93:11:d6:42:d5:
         c3:e9:41:12:6f:05:3a:2a:e6:ea:44:c2:27:2a:a3:e8:9c:38:
         e4:d9:0c:93:92:ca:82:77:07:d7:a8:2a:ae:40:3a:d4:1a:56:
         1c:55:d4:3f:fe:54:3e:1a:8e:4a:f7:e0:71:d3:59:e4:03:a2:
         23:3d:6f:ce:3f:13:0e:18:c7:87:af:51:fc:62:eb:03:fd:5f:
         56:2e:e0:82
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUGssN5FNcfir84kIXKbCNHM27fUcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MTAxNjQ3NDhaFw0yNTA1MDkxNjUyNDhaMDMxMTAvBgNV
BAMTKDVFRUQwMTkyQTIwNkE2MUQ1OTRDMjc3RkMzRTYyQTA4MzI5N0FCODgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9M0Mt8xR8ZPdd5HRZuBiZ6Ifa
neF7PWj5uvUuqEm1sEQPjeiHezhKnWlBfQ+MtCz4tPU3078d5+67jDELcoCen+w5
i7Qwt6+CXvIVbD9+Em2ZrZ7CWS1VQSn2N+oQ9G4Lag8VAt007hABk27yffgr6VsB
pA6mTiyX4sQVu3zyfVc8O4ePBtnDKFkLTvIDBdQTPvdhPi2EhwNlKrdKqINJm5M2
nfkLEvJBxP3V7xn+gaRvw9+7kHpKzLdb5Nl7R1myq+zVRjMJ2yI3l1EC+xd9J32o
73X7NWDVyWbtLTYQYYPHaItHI/m5GCTCdF+SW3Tb78puAhHzfHjjQNwvSPNJAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUXu0BkqIGph1ZTCd/w+YqCDKXq4gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjEyNzYyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcv
MA0GCSqGSIb3DQEBCwUAA4IBAQAEyLZyePP1lWCbBOklFTt2p3dEZG7afZDzfBmC
SbgVQ2sQa8CEFpEcjgLXF1S1juz9Ua1NweEPTfFO2PiFpu7OWFMZZsBn9aM9qTo3
+05kS10yKDQB1xvO/Y1CysdAoyR9Aq+9GGfKYYFk3EenlwaD24dh46uB4KVJ/CvP
/iEykX220IcIj8psSdr3dXwSFpY9yoiMhqwk4Qlso24h1e6LLJXlf+guRMc2CbfW
qET3kxHWQtXD6UESbwU6KubqRMInKqPonDjk2QyTksqCdwfXqCquQDrUGlYcVdQ/
/lQ+Go5K9+Bx01nkA6IjPW/OPxMOGMeHr1H8YusD/V9WLuCC
-----END CERTIFICATE-----