Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          WqVvXH+YQRNrZVBzDll5Fze+0TLZMWSzE4FlXr//3cU=
Subject key identifier:   A4:CA:94:50:87:32:A9:0A:5A:B3:64:2A:3D:12:4D:E9:6D:AB:09:5A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       01E4445D845B98FDB47E2824A98389CDC18022C0
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
Signing time:             Tue 24 Dec 2024 12:03:06 +0000
ROA not before:           Tue 24 Dec 2024 11:58:06 +0000
ROA not after:            Tue 23 Dec 2025 12:03:06 +0000
asID:                     23532
IP address blocks:        96.62.190.0/23 maxlen: 24
                          96.62.216.0/21 maxlen: 24
                          96.62.228.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:e4:44:5d:84:5b:98:fd:b4:7e:28:24:a9:83:89:cd:c1:80:22:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Dec 24 11:58:06 2024 GMT
            Not After : Dec 23 12:03:06 2025 GMT
        Subject: CN=A4CA94508732A90A5AB3642A3D124DE96DAB095A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:17:4f:7d:10:bb:92:f2:d3:5e:40:dc:90:93:
                    b4:e9:4f:e9:fb:13:ad:94:40:e6:fd:1d:81:bd:6e:
                    d9:52:7d:cd:7b:5d:fc:88:4b:35:af:33:51:e5:da:
                    e7:a5:b5:b4:8e:de:6e:21:5d:6a:18:2e:f2:b3:93:
                    f9:1f:ef:b6:40:35:63:96:1e:54:b9:52:03:79:81:
                    e1:bc:ec:e4:00:6c:d6:92:13:e6:94:ee:3f:c2:20:
                    e4:91:8f:69:82:1d:79:7e:fe:84:9f:53:85:90:f9:
                    f8:c5:2b:e8:b6:9a:04:7f:72:b0:cf:9e:69:42:4f:
                    53:b0:a8:86:c9:6e:59:e6:ee:b9:a5:b9:40:12:79:
                    58:65:35:e3:d9:5b:4f:09:2f:3e:f6:d7:f7:25:29:
                    0b:96:35:e1:63:a4:de:fd:13:a3:63:7b:87:4b:c9:
                    99:55:4a:74:c4:21:f6:b9:76:3f:55:53:b4:b0:39:
                    3c:57:33:18:09:e1:18:ee:c7:d8:2c:61:a1:1d:22:
                    6b:da:a5:10:de:85:0e:ad:61:ff:07:1d:d8:41:c9:
                    6f:64:0b:70:05:8b:44:9f:fc:e1:e7:7e:76:e7:34:
                    77:20:e9:fe:da:39:ff:6c:7f:5f:df:00:0e:2a:17:
                    4a:b9:78:e6:18:46:4b:51:76:90:ae:93:d9:b9:84:
                    9e:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:CA:94:50:87:32:A9:0A:5A:B3:64:2A:3D:12:4D:E9:6D:AB:09:5A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.190.0/23
                  96.62.216.0/21
                  96.62.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:15:46:7d:0d:a1:49:b0:d8:b0:ef:f2:c7:c2:07:67:19:00:
         21:85:ea:60:ee:2b:1f:eb:69:37:a9:b5:43:a6:26:92:91:f7:
         53:3c:29:28:19:e2:ec:0a:0c:bb:0e:61:7a:c5:6e:71:b5:15:
         38:db:a6:cb:6e:5c:b6:dd:0a:c9:76:a7:88:d7:4c:a7:06:a2:
         e7:07:6f:cd:46:c5:a9:8d:69:bd:6a:f4:53:55:cc:61:03:06:
         15:e0:43:7a:96:cb:db:32:83:b1:ab:41:36:ab:b8:53:42:4b:
         d4:70:56:f9:4f:61:5e:f6:a9:45:12:04:61:2f:c2:f3:cb:0f:
         24:34:ac:93:08:bb:91:2a:32:75:88:4c:4f:9a:21:10:c1:e1:
         72:d0:60:57:be:20:27:79:b2:c1:4b:57:fc:07:85:17:30:03:
         8d:95:e8:1d:81:22:e1:21:1f:80:61:b5:10:99:9b:47:07:ba:
         27:6b:4e:4c:70:4f:0f:4a:c2:f4:14:aa:27:ee:03:24:50:62:
         bf:e0:d5:9a:ed:aa:d5:d4:25:ff:6c:06:9f:db:a1:cd:3d:93:
         d3:65:50:dc:3c:36:e9:7c:88:d6:04:28:9d:be:cb:9a:64:ed:
         a0:e0:a7:f5:40:48:de:5b:8a:5f:47:81:45:e8:d8:d3:cf:54:
         c4:06:53:9e
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUAeREXYRbmP20figkqYOJzcGAIsAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEyMjQxMTU4MDZaFw0yNTEyMjMxMjAzMDZaMDMxMTAvBgNV
BAMTKEE0Q0E5NDUwODczMkE5MEE1QUIzNjQyQTNEMTI0REU5NkRBQjA5NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnF099ELuS8tNeQNyQk7TpT+n7
E62UQOb9HYG9btlSfc17XfyISzWvM1Hl2ueltbSO3m4hXWoYLvKzk/kf77ZANWOW
HlS5UgN5geG87OQAbNaSE+aU7j/CIOSRj2mCHXl+/oSfU4WQ+fjFK+i2mgR/crDP
nmlCT1OwqIbJblnm7rmluUASeVhlNePZW08JLz721/clKQuWNeFjpN79E6Nje4dL
yZlVSnTEIfa5dj9VU7SwOTxXMxgJ4Rjux9gsYaEdImvapRDehQ6tYf8HHdhByW9k
C3AFi0Sf/OHnfnbnNHcg6f7aOf9sf1/fAA4qF0q5eOYYRktRdpCuk9m5hJ7fAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUpMqUUIcyqQpas2QqPRJN6W2rCVowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAFgPr4D
BANgPtgDBAFgPuQwDQYJKoZIhvcNAQELBQADggEBAIUVRn0NoUmw2LDv8sfCB2cZ
ACGF6mDuKx/raTeptUOmJpKR91M8KSgZ4uwKDLsOYXrFbnG1FTjbpstuXLbdCsl2
p4jXTKcGoucHb81GxamNab1q9FNVzGEDBhXgQ3qWy9syg7GrQTaruFNCS9RwVvlP
YV72qUUSBGEvwvPLDyQ0rJMIu5EqMnWITE+aIRDB4XLQYFe+ICd5ssFLV/wHhRcw
A42V6B2BIuEhH4BhtRCZm0cHuidrTkxwTw9KwvQUqifuAyRQYr/g1ZrtqtXUJf9s
Bp/boc09k9NlUNw8Nul8iNYEKJ2+y5pk7aDgp/VASN5bil9HgUXo2NPPVMQGU54=
-----END CERTIFICATE-----