Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
File:                     AS216022.roa (raw, json)
Hash identifier:          W4iRHgmPFX38brs0FNI2v36d9nX0PR7N6vsh9fo5fvg=
Subject key identifier:   F7:B6:FE:17:BB:AD:8F:CE:3A:20:39:F0:EA:43:4F:A8:2B:4D:6B:07
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7659F5D469650270601702079591BBB4087E5FD4
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa
Signing time:             Thu 12 Sep 2024 00:00:37 +0000
ROA not before:           Wed 11 Sep 2024 23:55:37 +0000
ROA not after:            Thu 11 Sep 2025 00:00:37 +0000
asID:                     216022
IP address blocks:        146.103.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            76:59:f5:d4:69:65:02:70:60:17:02:07:95:91:bb:b4:08:7e:5f:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 11 23:55:37 2024 GMT
            Not After : Sep 11 00:00:37 2025 GMT
        Subject: CN=F7B6FE17BBAD8FCE3A2039F0EA434FA82B4D6B07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:57:8b:d2:7c:85:19:70:7e:c1:00:a9:1f:67:
                    ee:19:0c:2a:2b:eb:a2:17:fa:f5:f6:f6:46:41:39:
                    f6:93:ce:8c:40:8b:18:72:e9:f4:61:77:60:e7:d9:
                    72:92:27:2c:ee:d5:21:20:96:83:a0:20:5b:c4:33:
                    18:c0:89:35:24:9a:bb:d1:5f:e7:33:c6:09:92:7f:
                    73:a9:57:c1:44:57:7a:dd:4a:71:c5:0a:68:66:e2:
                    29:97:ef:4b:70:a3:90:c0:75:d5:e9:24:c8:06:5a:
                    10:19:48:56:1e:f2:8d:e1:b1:32:23:6b:77:fd:92:
                    a7:24:73:e4:79:15:f6:ae:6d:21:27:d0:61:f7:0a:
                    45:2a:a3:83:cf:c0:01:57:50:98:b7:b9:c6:d6:a4:
                    b2:55:11:f7:8d:26:76:9a:33:e1:ee:85:1d:63:0d:
                    28:81:c2:76:52:09:2e:e6:05:21:35:fc:74:6c:aa:
                    a1:16:09:6e:69:61:01:1c:a2:5d:26:e0:ea:f6:c5:
                    24:72:f8:f1:56:e0:01:ac:74:a6:94:3c:70:94:4d:
                    26:01:36:dd:66:bf:b0:d4:1a:fc:3c:cb:94:e9:95:
                    12:82:d3:b3:00:41:77:44:b1:41:d8:f9:17:d1:72:
                    6c:f7:eb:17:3d:57:b8:23:4f:a9:5b:b4:5d:ce:18:
                    ee:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B6:FE:17:BB:AD:8F:CE:3A:20:39:F0:EA:43:4F:A8:2B:4D:6B:07
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS216022.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:18:69:05:15:9c:27:88:b2:05:6f:49:fa:19:cb:52:7e:61:
         1b:31:71:ad:56:da:b2:ba:83:f7:5f:af:42:41:4d:97:58:b7:
         3f:8e:5a:12:dc:83:cf:6a:e2:f1:5a:a9:a3:7d:4e:97:09:03:
         33:52:37:18:cd:ef:27:e8:c9:52:be:76:24:29:af:67:f3:23:
         08:9e:17:b5:db:8e:83:d0:64:91:c4:27:f7:fa:eb:47:3f:7b:
         39:3a:99:36:04:37:af:30:de:fa:30:1c:8e:14:28:29:71:ce:
         4f:23:37:04:19:61:29:7b:e8:83:f6:73:fc:f9:38:31:f8:9a:
         47:5e:cb:9f:97:02:38:ff:42:28:a9:09:0c:6c:52:3f:5f:ec:
         2d:f6:75:cd:26:22:33:45:05:3a:01:53:fa:d7:89:69:3d:2c:
         be:50:fd:0e:25:49:87:c6:a2:e8:58:5c:97:8a:a7:1d:77:39:
         4a:58:79:d0:b1:2e:09:88:e3:7e:f8:fa:65:e0:0c:1d:f8:17:
         58:df:8c:f0:31:0a:ee:05:25:51:a0:bb:dc:0f:40:49:72:89:
         1e:75:44:1e:8e:5d:e7:f3:fa:90:ca:be:02:7b:dd:ba:5e:e2:
         a4:ef:a8:4f:ec:0c:77:74:db:59:06:81:2e:6b:49:62:8f:59:
         38:7e:1c:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUdln11GllAnBgFwIHlZG7tAh+X9QwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA5MTEyMzU1MzdaFw0yNTA5MTEwMDAwMzdaMDMxMTAvBgNV
BAMTKEY3QjZGRTE3QkJBRDhGQ0UzQTIwMzlGMEVBNDM0RkE4MkI0RDZCMDcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGV4vSfIUZcH7BAKkfZ+4ZDCor
66IX+vX29kZBOfaTzoxAixhy6fRhd2Dn2XKSJyzu1SEgloOgIFvEMxjAiTUkmrvR
X+czxgmSf3OpV8FEV3rdSnHFCmhm4imX70two5DAddXpJMgGWhAZSFYe8o3hsTIj
a3f9kqckc+R5FfaubSEn0GH3CkUqo4PPwAFXUJi3ucbWpLJVEfeNJnaaM+HuhR1j
DSiBwnZSCS7mBSE1/HRsqqEWCW5pYQEcol0m4Or2xSRy+PFW4AGsdKaUPHCUTSYB
Nt1mv7DUGvw8y5TplRKC07MAQXdEsUHY+RfRcmz36xc9V7gjT6lbtF3OGO7BAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQU97b+F7utj846IDnw6kNPqCtNawcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjE2MDIyLnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmc2
MA0GCSqGSIb3DQEBCwUAA4IBAQCPGGkFFZwniLIFb0n6GctSfmEbMXGtVtqyuoP3
X69CQU2XWLc/jloS3IPPauLxWqmjfU6XCQMzUjcYze8n6MlSvnYkKa9n8yMInhe1
246D0GSRxCf3+utHP3s5Opk2BDevMN76MByOFCgpcc5PIzcEGWEpe+iD9nP8+Tgx
+JpHXsuflwI4/0IoqQkMbFI/X+wt9nXNJiIzRQU6AVP614lpPSy+UP0OJUmHxqLo
WFyXiqcddzlKWHnQsS4JiON++Ppl4Awd+BdY34zwMQruBSVRoLvcD0BJcokedUQe
jl3n8/qQyr4Ce926XuKk76hP7Ax3dNtZBoEua0lij1k4fhwJ
-----END CERTIFICATE-----