Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
File:                     AS35916.roa (raw, json)
Hash identifier:          5JTkyXN0TeBstpy6+spYHyjuvvsraIrtAj/Xw++zCWE=
Subject key identifier:   B9:A6:A9:C3:60:BC:A1:56:C4:00:30:31:7B:35:D9:1B:CE:2B:57:AE
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       284D1F3B72DAEB40B42A9630D878F413F9AAC813
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
Signing time:             Tue 09 Apr 2024 21:24:36 +0000
ROA not before:           Tue 09 Apr 2024 21:19:36 +0000
ROA not after:            Tue 08 Apr 2025 21:24:36 +0000
asID:                     35916
IP address blocks:        147.79.7.0/24 maxlen: 24
                          148.135.0.0/17 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:4d:1f:3b:72:da:eb:40:b4:2a:96:30:d8:78:f4:13:f9:aa:c8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  9 21:19:36 2024 GMT
            Not After : Apr  8 21:24:36 2025 GMT
        Subject: CN=B9A6A9C360BCA156C40030317B35D91BCE2B57AE
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:64:03:a4:e5:be:50:59:9c:d9:af:77:59:4b:
                    3d:96:04:1c:54:ed:86:6d:87:4b:90:2d:2e:b3:4f:
                    ac:96:6b:03:ab:2d:e8:68:38:de:e9:f9:ff:59:3c:
                    af:3f:24:d1:30:d3:55:b0:92:23:71:a9:aa:cf:d8:
                    56:5f:bc:27:c1:78:c6:6e:18:bc:e4:72:b7:cc:f4:
                    9e:14:90:87:a7:ac:f2:35:21:ca:1f:69:65:b7:08:
                    9d:9c:d5:a7:17:7d:1e:09:03:59:61:e5:82:77:0f:
                    a9:54:0f:44:1a:a5:93:46:39:ed:cb:13:f4:c0:14:
                    02:28:8e:11:04:1b:a0:7c:d8:50:98:3d:93:1b:9f:
                    c4:d4:b6:c0:58:98:bb:b5:3c:d0:30:77:a4:74:14:
                    d0:0c:f4:78:f3:89:26:c0:1a:32:1d:9e:88:f1:fa:
                    b7:e1:85:1f:ee:54:41:1f:6c:8f:5b:dc:87:a6:a5:
                    4a:c7:5e:66:10:c6:3f:42:bc:fb:9d:30:d8:1e:9d:
                    1b:ec:5c:c8:b1:c4:8f:7a:82:1a:3b:56:89:7e:c2:
                    a9:94:de:1b:ee:3d:e2:93:e7:68:23:16:8c:a0:56:
                    53:5d:2a:13:02:6d:a7:a8:b2:bc:e5:eb:88:9a:8f:
                    86:f6:41:61:67:3c:fb:c6:7b:91:e0:47:d1:1d:5f:
                    ec:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:A6:A9:C3:60:BC:A1:56:C4:00:30:31:7B:35:D9:1B:CE:2B:57:AE
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.7.0/24
                  148.135.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         6f:72:4c:52:1a:0c:42:eb:8d:5f:f1:8c:e5:f8:84:f0:db:0d:
         50:cb:a0:d1:96:88:81:a6:78:c3:bf:bd:22:ad:1d:df:ba:40:
         d5:bc:54:7e:9a:0f:57:09:1c:b8:aa:b4:07:86:84:2c:83:2b:
         6f:3f:fd:e1:ef:b0:e0:4e:9b:f8:92:c9:df:d8:8a:80:cb:d8:
         2c:42:08:09:3c:6a:27:b5:ed:33:65:ff:12:93:57:5e:ef:aa:
         cb:36:2f:f8:cc:83:5d:d8:41:92:be:e6:39:e1:dc:7f:c5:c1:
         4d:46:da:95:7f:07:bb:57:5a:6b:b1:4c:5b:f3:fe:6d:43:88:
         da:2d:20:62:d1:2a:1d:c8:78:a3:aa:07:fc:54:cb:f7:00:5b:
         d7:40:7d:02:35:21:ee:32:80:4a:74:b5:6c:98:5e:5f:ae:e4:
         12:2f:18:6b:d3:21:4c:62:07:4e:92:71:31:d4:0b:9d:ba:bc:
         02:91:e2:7c:48:dd:23:ef:66:7b:cf:0f:28:e7:00:0b:a6:bf:
         67:98:67:f4:5d:d4:f0:cc:d3:7d:20:82:89:c5:df:ab:d7:28:
         98:32:81:76:b8:f1:9c:5a:d0:70:a4:6d:74:7e:4a:03:51:04:
         46:ab:90:3b:25:d0:86:20:06:53:ac:fe:ce:c3:f5:7c:b0:35:
         e8:86:39:d7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUKE0fO3La60C0KpYw2Hj0E/mqyBMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDkyMTE5MzZaFw0yNTA0MDgyMTI0MzZaMDMxMTAvBgNV
BAMTKEI5QTZBOUMzNjBCQ0ExNTZDNDAwMzAzMTdCMzVEOTFCQ0UyQjU3QUUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC+ZAOk5b5QWZzZr3dZSz2WBBxU
7YZth0uQLS6zT6yWawOrLehoON7p+f9ZPK8/JNEw01WwkiNxqarP2FZfvCfBeMZu
GLzkcrfM9J4UkIenrPI1IcofaWW3CJ2c1acXfR4JA1lh5YJ3D6lUD0QapZNGOe3L
E/TAFAIojhEEG6B82FCYPZMbn8TUtsBYmLu1PNAwd6R0FNAM9HjziSbAGjIdnojx
+rfhhR/uVEEfbI9b3IempUrHXmYQxj9CvPudMNgenRvsXMixxI96gho7Vol+wqmU
3hvuPeKT52gjFoygVlNdKhMCbaeosrzl64iaj4b2QWFnPPvGe5HgR9EdX+xpAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUuaapw2C8oVbEADAxezXZG84rV64wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzU5MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTTwcD
BAeUhwAwDQYJKoZIhvcNAQELBQADggEBAG9yTFIaDELrjV/xjOX4hPDbDVDLoNGW
iIGmeMO/vSKtHd+6QNW8VH6aD1cJHLiqtAeGhCyDK28//eHvsOBOm/iSyd/YioDL
2CxCCAk8aie17TNl/xKTV17vqss2L/jMg13YQZK+5jnh3H/FwU1G2pV/B7tXWmux
TFvz/m1DiNotIGLRKh3IeKOqB/xUy/cAW9dAfQI1Ie4ygEp0tWyYXl+u5BIvGGvT
IUxiB06ScTHUC526vAKR4nxI3SPvZnvPDyjnAAumv2eYZ/Rd1PDM030ggonF36vX
KJgygXa48Zxa0HCkbXR+SgNRBEarkDsl0IYgBlOs/s7D9XywNeiGOdc=
-----END CERTIFICATE-----