Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
File:                     AS35916.roa (raw, json)
Hash identifier:          1iZZJYh+bhL/7LVz7YlQeP21KHCmra+q9+Oe2zLPacQ=
Subject key identifier:   0E:97:25:05:82:BE:10:41:6A:01:4A:37:53:DB:F7:C6:A8:CA:1A:75
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       75408FD11CB57B4FEEBE3CDD59C0CDB588ED3F46
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa
Signing time:             Tue 11 Mar 2025 21:53:58 +0000
ROA not before:           Tue 11 Mar 2025 21:48:58 +0000
ROA not after:            Tue 10 Mar 2026 21:53:58 +0000
asID:                     35916
IP address blocks:        147.79.7.0/24 maxlen: 24
                          148.135.0.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:40:8f:d1:1c:b5:7b:4f:ee:be:3c:dd:59:c0:cd:b5:88:ed:3f:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 11 21:48:58 2025 GMT
            Not After : Mar 10 21:53:58 2026 GMT
        Subject: CN=0E97250582BE10416A014A3753DBF7C6A8CA1A75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:e2:45:f3:5b:35:43:28:ec:01:36:1a:af:9f:
                    af:20:61:0d:12:69:62:3f:87:54:32:fe:a2:df:92:
                    52:7f:38:ca:b7:0f:73:29:c0:aa:71:04:01:65:6e:
                    7d:34:0d:86:3c:7f:3a:c9:0a:f4:c3:7f:51:b8:99:
                    e4:70:0a:09:07:67:89:a4:56:d0:79:30:98:26:2f:
                    9b:5b:bb:49:52:1f:0e:1b:a9:6e:eb:61:42:7f:2e:
                    eb:3d:ce:19:11:91:d2:97:aa:00:ba:36:b4:9a:f3:
                    fc:7b:8e:d5:08:c8:18:d6:ae:66:5f:4f:f7:9a:ba:
                    bc:0b:62:f1:a1:a2:b9:39:23:5d:eb:a4:b4:6f:c5:
                    9a:37:d0:3c:81:0b:6a:60:1b:a0:b4:22:58:39:b6:
                    d3:23:97:b6:b4:8f:ba:47:70:80:c3:4a:3a:3e:20:
                    46:42:1a:dd:ee:3c:2f:b3:b4:16:41:91:b0:15:71:
                    48:95:a6:b5:ac:2b:47:bf:b2:5b:6e:94:08:ba:58:
                    76:2e:85:89:93:b6:66:46:f0:56:52:e4:22:c6:c8:
                    68:85:75:94:76:cc:4e:32:07:15:62:73:2b:52:6d:
                    40:a2:1c:52:d4:96:b2:37:83:75:18:2f:a6:1d:5b:
                    98:f5:51:51:d3:c5:87:76:ce:5a:f4:a4:49:86:ad:
                    1f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:97:25:05:82:BE:10:41:6A:01:4A:37:53:DB:F7:C6:A8:CA:1A:75
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS35916.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.7.0/24
                  148.135.0.0/17

    Signature Algorithm: sha256WithRSAEncryption
         50:58:15:2c:77:d7:f7:af:87:2f:58:11:70:e7:2b:3d:cb:7e:
         99:07:4c:82:a2:ac:8d:2d:df:5e:ef:23:64:51:bf:c3:02:14:
         6d:da:d0:93:19:34:c2:c9:6e:f8:2c:5e:93:57:0a:7b:ec:1c:
         02:25:c6:19:8d:ee:44:4a:aa:e9:27:f4:ce:cf:55:06:05:9d:
         73:b5:48:21:aa:ac:25:39:5b:b7:6b:06:8f:c6:b7:28:9e:2a:
         ba:20:96:83:e8:0d:8d:8e:e3:15:6f:7d:d4:44:1a:32:cd:2c:
         52:d8:14:a1:d8:31:89:7d:e2:c4:1c:fb:b7:e6:dd:c5:2a:e8:
         8b:02:a6:35:87:f9:17:bd:ee:ae:36:78:be:26:80:d7:21:44:
         10:06:f9:b8:99:3c:e8:0b:43:f1:13:ad:1b:fb:f4:bc:fa:3b:
         95:6b:30:f6:ea:e3:63:39:7a:5f:48:69:d6:44:17:a6:e7:29:
         25:07:ab:b4:b6:fe:4f:46:97:ae:74:7a:0b:a5:29:ab:a3:fb:
         b5:ea:9b:97:7f:61:f9:51:8a:6f:6c:ab:b8:cc:8a:80:66:7b:
         30:f2:a5:08:70:d1:e9:b9:79:81:3a:4c:df:39:8d:ed:71:e0:
         ba:c5:79:77:ea:85:1f:57:6e:3b:20:b1:ee:52:ec:f1:ed:01:
         f1:66:09:0a
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUdUCP0Ry1e0/uvjzdWcDNtYjtP0YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTAzMTEyMTQ4NThaFw0yNjAzMTAyMTUzNThaMDMxMTAvBgNV
BAMTKDBFOTcyNTA1ODJCRTEwNDE2QTAxNEEzNzUzREJGN0M2QThDQTFBNzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDL4kXzWzVDKOwBNhqvn68gYQ0S
aWI/h1Qy/qLfklJ/OMq3D3MpwKpxBAFlbn00DYY8fzrJCvTDf1G4meRwCgkHZ4mk
VtB5MJgmL5tbu0lSHw4bqW7rYUJ/Lus9zhkRkdKXqgC6NrSa8/x7jtUIyBjWrmZf
T/eaurwLYvGhork5I13rpLRvxZo30DyBC2pgG6C0Ilg5ttMjl7a0j7pHcIDDSjo+
IEZCGt3uPC+ztBZBkbAVcUiVprWsK0e/sltulAi6WHYuhYmTtmZG8FZS5CLGyGiF
dZR2zE4yBxVicytSbUCiHFLUlrI3g3UYL6YdW5j1UVHTxYd2zlr0pEmGrR83AgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUDpclBYK+EEFqAUo3U9v3xqjKGnUwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMzU5MTYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTTwcD
BAeUhwAwDQYJKoZIhvcNAQELBQADggEBAFBYFSx31/evhy9YEXDnKz3LfpkHTIKi
rI0t317vI2RRv8MCFG3a0JMZNMLJbvgsXpNXCnvsHAIlxhmN7kRKqukn9M7PVQYF
nXO1SCGqrCU5W7drBo/GtyieKrogloPoDY2O4xVvfdREGjLNLFLYFKHYMYl94sQc
+7fm3cUq6IsCpjWH+Re97q42eL4mgNchRBAG+biZPOgLQ/ETrRv79Lz6O5VrMPbq
42M5el9IadZEF6bnKSUHq7S2/k9Gl650egulKauj+7Xqm5d/YflRim9sq7jMioBm
ezDypQhw0em5eYE6TN85je1x4LrFeXfqhR9Xbjsgse5S7PHtAfFmCQo=
-----END CERTIFICATE-----