Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa
File:                     AS264617.roa (raw, json)
Hash identifier:          IGKBfMWIAHx8PXhsQCC44AihKShmEjEiAW2IQY6SLr4=
Subject key identifier:   CD:F0:67:59:05:B1:25:4A:F9:0F:0E:5F:77:B7:CF:DC:32:77:82:5D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       45F84CDD484CF128E1E3571E26AB52FEDA563A9E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa
Signing time:             Mon 12 May 2025 05:59:15 +0000
ROA not before:           Mon 12 May 2025 05:54:15 +0000
ROA not after:            Mon 11 May 2026 05:59:15 +0000
asID:                     264617
IP address blocks:        158.140.197.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:f8:4c:dd:48:4c:f1:28:e1:e3:57:1e:26:ab:52:fe:da:56:3a:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 12 05:54:15 2025 GMT
            Not After : May 11 05:59:15 2026 GMT
        Subject: CN=CDF0675905B1254AF90F0E5F77B7CFDC3277825D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:96:4d:df:3a:da:3e:64:99:e2:76:a1:de:a7:
                    11:53:da:1a:23:34:38:a2:aa:db:41:f5:24:76:af:
                    21:68:a6:90:be:93:cb:85:ca:6d:18:1d:c5:28:b9:
                    ee:74:02:5a:b3:cc:f7:11:d5:c2:60:57:73:9b:53:
                    1e:4c:90:a9:73:d4:c1:e2:b9:40:7a:17:4b:af:02:
                    99:be:f6:d7:e7:5c:b5:3c:b4:8c:b2:97:4b:ca:21:
                    f2:34:e9:c5:5b:39:6e:e1:29:40:5d:60:70:ca:7e:
                    d7:cd:50:9d:21:b0:d7:6d:bc:61:60:26:d9:4f:9b:
                    64:8e:4e:fd:5c:be:62:6c:55:df:b4:2f:1f:26:65:
                    a7:d6:56:23:cb:c8:09:d6:41:9c:75:c1:84:2c:fe:
                    e5:0f:9c:64:b7:01:e3:ed:ba:4b:91:29:a4:a3:fc:
                    3a:e5:e1:77:e4:51:80:3a:c1:a6:12:1e:89:44:70:
                    bf:09:d5:3a:6c:4a:33:78:47:22:08:e5:26:88:b7:
                    2f:ea:2d:ee:6d:bc:bf:7c:ee:17:bf:5a:5e:f1:3a:
                    f0:ab:90:04:10:75:62:31:d0:64:7a:53:69:79:b9:
                    1d:15:44:5f:e7:fc:02:f6:6d:9b:49:ab:6d:a4:4f:
                    0a:bb:d2:ad:45:6c:a7:fd:27:68:32:99:e1:70:00:
                    71:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:F0:67:59:05:B1:25:4A:F9:0F:0E:5F:77:B7:CF:DC:32:77:82:5D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS264617.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.140.197.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:de:08:3b:ab:79:7b:e9:6d:30:30:dc:ce:94:16:63:ce:d5:
         f4:4c:3f:e4:88:ff:e5:d9:a7:1a:46:83:69:be:35:06:53:91:
         93:d2:f5:54:da:4c:dd:81:ca:49:8a:c9:69:01:d5:08:f5:32:
         d9:d9:c5:e6:61:14:a5:36:3e:01:c9:ca:fe:30:69:33:1a:55:
         2e:0b:e0:99:56:79:99:8c:29:ac:9b:a4:e3:54:98:1a:76:4e:
         d7:3b:8e:15:3c:70:e0:c3:e9:db:fd:cf:ac:ad:f8:b5:e6:1b:
         f4:3b:df:a1:9e:04:46:27:23:fc:8a:20:20:d8:29:19:96:b8:
         1e:76:b5:d7:f8:55:f0:e9:6e:2c:0f:61:d9:ab:75:93:3c:c7:
         e3:fa:1a:bf:f3:72:8b:b0:23:8f:ba:f3:25:6b:2c:e7:c3:93:
         a5:cb:53:e4:4c:bb:66:df:5e:4b:ae:e9:dc:c4:d2:3c:42:ca:
         cf:e2:cd:d1:21:f5:48:d5:30:94:ed:06:3c:ee:c0:a7:5e:a8:
         8d:a6:e0:d8:2e:8a:89:10:49:84:b9:0c:37:48:a2:ba:df:7c:
         cc:91:e7:f7:4e:a3:c3:3d:d7:e2:e7:11:0c:cc:50:dc:4c:b7:
         2e:89:4c:76:3c:67:08:e7:dd:e4:da:d0:72:74:ad:2b:83:6c:
         c1:e9:8b:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIURfhM3UhM8Sjh41ceJqtS/tpWOp4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTIwNTU0MTVaFw0yNjA1MTEwNTU5MTVaMDMxMTAvBgNV
BAMTKENERjA2NzU5MDVCMTI1NEFGOTBGMEU1Rjc3QjdDRkRDMzI3NzgyNUQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2lk3fOto+ZJnidqHepxFT2hoj
NDiiqttB9SR2ryFoppC+k8uFym0YHcUoue50AlqzzPcR1cJgV3ObUx5MkKlz1MHi
uUB6F0uvApm+9tfnXLU8tIyyl0vKIfI06cVbOW7hKUBdYHDKftfNUJ0hsNdtvGFg
JtlPm2SOTv1cvmJsVd+0Lx8mZafWViPLyAnWQZx1wYQs/uUPnGS3AePtukuRKaSj
/Drl4XfkUYA6waYSHolEcL8J1TpsSjN4RyII5SaIty/qLe5tvL987he/Wl7xOvCr
kAQQdWIx0GR6U2l5uR0VRF/n/AL2bZtJq22kTwq70q1FbKf9J2gymeFwAHFBAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUzfBnWQWxJUr5Dw5fd7fP3DJ3gl0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjY0NjE3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAnozF
MA0GCSqGSIb3DQEBCwUAA4IBAQAV3gg7q3l76W0wMNzOlBZjztX0TD/kiP/l2aca
RoNpvjUGU5GT0vVU2kzdgcpJislpAdUI9TLZ2cXmYRSlNj4Bycr+MGkzGlUuC+CZ
VnmZjCmsm6TjVJgadk7XO44VPHDgw+nb/c+srfi15hv0O9+hngRGJyP8iiAg2CkZ
lrgedrXX+FXw6W4sD2HZq3WTPMfj+hq/83KLsCOPuvMlayznw5Oly1PkTLtm315L
runcxNI8QsrP4s3RIfVI1TCU7QY87sCnXqiNpuDYLoqJEEmEuQw3SKK633zMkef3
TqPDPdfi5xEMzFDcTLcuiUx2PGcI593k2tBydK0rg2zB6Ytl
-----END CERTIFICATE-----