Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274099.roa
File:                     AS274099.roa (raw, json)
Hash identifier:          ZWQcsNC/F1xbZ9PdXpWLIHcTsQ8pNvUw/eZw/bAX/RA=
Subject key identifier:   34:32:E6:21:42:0E:C6:6B:03:78:50:B8:CB:51:57:8F:7A:28:F8:6D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7388B96378BF456E706132C2D85447CA723DB1CF
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274099.roa
Signing time:             Wed 14 May 2025 03:16:26 +0000
ROA not before:           Wed 14 May 2025 03:11:26 +0000
ROA not after:            Wed 13 May 2026 03:16:26 +0000
asID:                     274099
IP address blocks:        155.117.200.0/22 maxlen: 22
                          155.117.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:53:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:88:b9:63:78:bf:45:6e:70:61:32:c2:d8:54:47:ca:72:3d:b1:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 14 03:11:26 2025 GMT
            Not After : May 13 03:16:26 2026 GMT
        Subject: CN=3432E621420EC66B037850B8CB51578F7A28F86D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:42:22:ea:c3:e2:6b:c9:7f:e7:3b:a3:56:11:
                    e8:da:bf:fe:9e:3d:b3:17:3c:c0:ad:48:1e:d2:a7:
                    6a:16:4e:52:33:dd:aa:d2:c2:41:54:72:52:a3:14:
                    86:2b:a1:90:59:ab:e2:82:66:34:af:0b:28:25:50:
                    dc:e6:ae:c4:0c:dd:0c:23:f6:cc:cf:e4:2d:2b:a4:
                    5e:82:33:63:07:d4:e9:9a:fc:2b:50:2c:13:31:d6:
                    94:23:3e:1d:de:38:76:b9:18:ae:4c:ee:4c:95:52:
                    19:e0:54:80:b1:ac:ce:e1:0d:8d:32:cc:4d:96:62:
                    84:29:37:83:d4:d6:f0:91:dc:03:33:a8:90:6d:81:
                    89:c1:d6:51:7b:2b:5b:5f:4f:67:14:58:d4:3d:a0:
                    c0:27:9f:6d:af:0a:b6:12:fd:f3:c7:45:eb:6e:c9:
                    18:2e:30:55:9a:72:aa:94:73:40:66:44:3f:f7:ad:
                    90:71:a1:4e:69:ac:eb:cb:76:70:bb:9f:1d:4a:7c:
                    2b:20:17:f8:04:07:8a:9a:52:be:79:a8:5f:bf:41:
                    56:69:5c:5e:bc:01:a3:2d:33:6d:76:c3:8f:c0:2e:
                    40:59:6c:19:90:2c:82:a4:62:86:89:20:74:d1:8f:
                    13:9b:83:43:27:c3:e0:8f:bf:8b:96:ea:5f:7b:d0:
                    95:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:32:E6:21:42:0E:C6:6B:03:78:50:B8:CB:51:57:8F:7A:28:F8:6D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS274099.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  155.117.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         33:96:6e:c2:ba:cb:15:41:8c:d8:e9:fe:fd:f1:4d:ad:0b:2c:
         79:a9:fd:f3:47:a3:fa:2e:08:4a:e7:ee:46:45:01:a2:ed:7a:
         98:51:32:df:c6:5c:94:88:55:cc:69:dc:4e:27:c8:e8:b5:6d:
         8b:8a:0d:4f:ce:76:f8:5a:e2:5d:c7:9e:55:16:07:f7:9d:eb:
         ff:3c:2d:7d:b1:b3:81:63:df:9a:76:4a:62:c5:10:40:20:5f:
         30:cb:ca:20:ab:62:de:0c:51:4c:11:92:bd:a7:e9:2f:06:28:
         3b:d9:e9:05:16:db:b4:3b:3a:35:b5:7f:86:14:dc:52:29:76:
         a3:e0:48:ca:4e:8a:52:6c:dc:51:19:be:19:a2:50:a2:bc:09:
         2a:6b:e6:a6:3e:f2:ea:c7:14:14:53:09:2f:93:7b:6a:e4:fe:
         7f:24:35:6f:47:13:35:9c:7d:7d:55:6e:aa:d4:fa:cb:8f:5a:
         eb:ab:09:38:81:b5:b7:d8:ae:b0:aa:1a:6c:2d:55:07:45:91:
         1f:04:b8:51:2c:fb:a9:64:ee:9d:5b:5b:4e:5b:5d:c4:be:78:
         0a:b1:12:ed:51:43:75:53:b5:a6:d6:07:bb:af:0c:e8:c7:cd:
         ec:2a:43:12:91:19:c7:d6:73:e0:ba:bf:6f:6c:2f:9c:64:71:
         4f:ca:96:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUc4i5Y3i/RW5wYTLC2FRHynI9sc8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MTQwMzExMjZaFw0yNjA1MTMwMzE2MjZaMDMxMTAvBgNV
BAMTKDM0MzJFNjIxNDIwRUM2NkIwMzc4NTBCOENCNTE1NzhGN0EyOEY4NkQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKQiLqw+JryX/nO6NWEejav/6e
PbMXPMCtSB7Sp2oWTlIz3arSwkFUclKjFIYroZBZq+KCZjSvCyglUNzmrsQM3Qwj
9szP5C0rpF6CM2MH1Oma/CtQLBMx1pQjPh3eOHa5GK5M7kyVUhngVICxrM7hDY0y
zE2WYoQpN4PU1vCR3AMzqJBtgYnB1lF7K1tfT2cUWNQ9oMAnn22vCrYS/fPHRetu
yRguMFWacqqUc0BmRD/3rZBxoU5prOvLdnC7nx1KfCsgF/gEB4qaUr55qF+/QVZp
XF68AaMtM212w4/ALkBZbBmQLIKkYoaJIHTRjxObg0Mnw+CPv4uW6l970JULAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUNDLmIUIOxmsDeFC4y1FXj3oo+G0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjc0MDk5LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDm3XI
MA0GCSqGSIb3DQEBCwUAA4IBAQAzlm7CussVQYzY6f798U2tCyx5qf3zR6P6LghK
5+5GRQGi7XqYUTLfxlyUiFXMadxOJ8jotW2Lig1Pznb4WuJdx55VFgf3nev/PC19
sbOBY9+adkpixRBAIF8wy8ogq2LeDFFMEZK9p+kvBig72ekFFtu0Ozo1tX+GFNxS
KXaj4EjKTopSbNxRGb4ZolCivAkqa+amPvLqxxQUUwkvk3tq5P5/JDVvRxM1nH19
VW6q1PrLj1rrqwk4gbW32K6wqhpsLVUHRZEfBLhRLPupZO6dW1tOW13EvngKsRLt
UUN1U7Wm1ge7rwzox83sKkMSkRnH1nPgur9vbC+cZHFPypZg
-----END CERTIFICATE-----