Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
File:                     AS25369.roa (raw, json)
Hash identifier:          R6mZKbCG9jbQTlB/4r0oCXgWiOmgPI0elVDqzqpzA+o=
Subject key identifier:   D3:2F:D1:95:19:42:2A:FE:CB:49:C9:ED:BB:AA:0C:67:33:F5:A3:22
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1AFEA330686B1339CCBFFE5398B43C917CFB9743
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa
Signing time:             Fri 10 May 2024 12:28:56 +0000
ROA not before:           Fri 10 May 2024 12:23:56 +0000
ROA not after:            Fri 09 May 2025 12:28:56 +0000
asID:                     25369
IP address blocks:        146.103.56.0/24 maxlen: 24
                          147.79.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:fe:a3:30:68:6b:13:39:cc:bf:fe:53:98:b4:3c:91:7c:fb:97:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 10 12:23:56 2024 GMT
            Not After : May  9 12:28:56 2025 GMT
        Subject: CN=D32FD19519422AFECB49C9EDBBAA0C6733F5A322
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fb:a8:43:a3:29:ce:28:8e:d7:19:1c:60:60:
                    7e:6e:38:95:0a:1e:ab:e9:0f:b3:c0:af:4d:56:8a:
                    99:b3:da:33:00:9c:14:c2:5e:cd:12:0f:99:7c:a4:
                    ae:60:a8:32:a7:18:4b:5a:54:48:d6:0b:c6:51:63:
                    b0:e2:cd:35:b1:13:26:64:2d:1a:b3:d4:6f:6a:81:
                    c1:72:2f:73:eb:73:61:29:e1:45:7f:94:77:2e:4d:
                    d9:df:66:6e:51:bd:29:96:55:2d:73:cf:1b:82:17:
                    b2:fe:05:6f:d3:2e:84:80:0c:b1:d1:41:0c:2c:b1:
                    7f:74:97:59:ed:41:1e:61:a3:f3:e1:50:d3:a4:f5:
                    9c:15:c6:78:48:12:99:d3:0b:08:70:82:f8:cb:04:
                    44:40:46:d2:ab:d6:a4:6a:cd:ad:84:80:f7:6b:ae:
                    8d:a8:cf:83:e5:c0:7f:17:0c:e4:1c:9d:3f:cb:8a:
                    20:be:67:50:f2:28:6f:e6:85:16:a3:20:e7:57:10:
                    2f:1d:6e:45:55:01:a1:06:61:9c:1a:2a:ba:80:10:
                    75:15:d4:13:50:c0:41:c7:94:12:b1:61:1a:9e:ba:
                    6a:33:f4:32:25:5c:85:25:26:84:7e:b7:9a:49:d2:
                    3f:af:f0:c1:91:63:37:fa:eb:87:eb:88:a1:ec:7b:
                    84:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2F:D1:95:19:42:2A:FE:CB:49:C9:ED:BB:AA:0C:67:33:F5:A3:22
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS25369.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.56.0/24
                  147.79.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:2c:db:b0:b2:95:ab:58:d2:92:64:91:4a:ad:ae:ea:9f:d4:
         4a:cb:f0:8b:2e:d5:df:60:14:b7:d8:6e:7b:15:92:5b:cb:99:
         be:75:6b:2e:c3:13:2e:4e:05:ab:b8:e9:e3:00:ba:cd:61:4c:
         ef:51:f8:df:81:b7:48:26:76:49:38:57:35:0b:03:d7:45:c4:
         f8:71:3d:1d:38:3b:a7:34:8a:bc:46:7a:85:be:8b:1f:54:b4:
         2c:b9:3e:ae:71:6b:70:27:a5:8d:ae:b5:4d:c5:74:69:98:f0:
         0e:8c:2f:d1:62:8c:a7:68:3e:e8:07:8f:89:67:3b:01:cb:e2:
         a1:30:6d:ec:69:ac:4a:60:84:88:b4:41:1b:5d:63:c0:2d:e7:
         eb:1e:21:0e:c5:0e:b9:8b:b5:a4:a1:7f:28:4e:95:46:59:49:
         4d:fc:c2:c5:f7:5a:10:22:94:3b:9d:e3:71:a6:92:51:92:ae:
         fb:13:b2:71:71:cf:ee:8e:24:8c:11:de:fa:ff:3e:a3:b7:84:
         cb:39:6c:49:4f:f4:4e:35:80:d4:ee:f7:44:14:51:d3:eb:6e:
         8c:de:67:48:f5:c0:e4:b0:5b:61:41:2d:8b:5b:c3:d2:af:68:
         9f:97:f4:0a:80:ee:80:b0:f6:b6:70:1a:0a:f8:f9:bc:2c:b5:
         82:aa:45:f2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUGv6jMGhrEznMv/5TmLQ8kXz7l0MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MTAxMjIzNTZaFw0yNTA1MDkxMjI4NTZaMDMxMTAvBgNV
BAMTKEQzMkZEMTk1MTk0MjJBRkVDQjQ5QzlFREJCQUEwQzY3MzNGNUEzMjIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7+6hDoynOKI7XGRxgYH5uOJUK
HqvpD7PAr01Wipmz2jMAnBTCXs0SD5l8pK5gqDKnGEtaVEjWC8ZRY7DizTWxEyZk
LRqz1G9qgcFyL3Prc2Ep4UV/lHcuTdnfZm5RvSmWVS1zzxuCF7L+BW/TLoSADLHR
QQwssX90l1ntQR5ho/PhUNOk9ZwVxnhIEpnTCwhwgvjLBERARtKr1qRqza2EgPdr
ro2oz4PlwH8XDOQcnT/LiiC+Z1DyKG/mhRajIOdXEC8dbkVVAaEGYZwaKrqAEHUV
1BNQwEHHlBKxYRqeumoz9DIlXIUlJoR+t5pJ0j+v8MGRYzf664friKHse4TXAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU0y/RlRlCKv7LScntu6oMZzP1oyIwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjUzNjkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZzgD
BACTTwQwDQYJKoZIhvcNAQELBQADggEBAEQs27CylatY0pJkkUqtruqf1ErL8Isu
1d9gFLfYbnsVklvLmb51ay7DEy5OBau46eMAus1hTO9R+N+Bt0gmdkk4VzULA9dF
xPhxPR04O6c0irxGeoW+ix9UtCy5Pq5xa3AnpY2utU3FdGmY8A6ML9FijKdoPugH
j4lnOwHL4qEwbexprEpghIi0QRtdY8At5+seIQ7FDrmLtaShfyhOlUZZSU38wsX3
WhAilDud43GmklGSrvsTsnFxz+6OJIwR3vr/PqO3hMs5bElP9E41gNTu90QUUdPr
bozeZ0j1wOSwW2FBLYtbw9KvaJ+X9AqA7oCw9rZwGgr4+bwstYKqRfI=
-----END CERTIFICATE-----