Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa
File:                     AS46450.roa (raw, json)
Hash identifier:          esG4GISUvcfiurkSk8L8xppVXrqdWAlpqZ0I1htRZFs=
Subject key identifier:   02:9A:F5:60:E7:7E:F3:AC:57:5B:A2:4C:67:8B:CA:64:32:4A:CC:7E
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       65016754C2FD912F192E5420DEA91B068CFE80E6
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa
Signing time:             Sun 20 Apr 2025 15:54:02 +0000
ROA not before:           Sun 20 Apr 2025 15:49:02 +0000
ROA not after:            Sun 19 Apr 2026 15:54:02 +0000
asID:                     46450
IP address blocks:        140.150.152.0/21 maxlen: 24
                          140.150.184.0/21 maxlen: 24
                          140.150.228.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 05:53:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            65:01:67:54:c2:fd:91:2f:19:2e:54:20:de:a9:1b:06:8c:fe:80:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 20 15:49:02 2025 GMT
            Not After : Apr 19 15:54:02 2026 GMT
        Subject: CN=029AF560E77EF3AC575BA24C678BCA64324ACC7E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c9:34:61:4b:87:5e:03:3a:15:3b:c8:df:c1:
                    81:53:14:a1:63:f6:45:d3:78:bc:2c:9f:46:96:15:
                    bc:37:9a:c3:e8:4d:44:4d:04:2f:c5:dc:89:d6:b0:
                    f0:b6:97:5e:48:98:ed:ec:9b:07:30:19:81:fc:59:
                    be:f3:10:e5:a6:28:1c:b6:f4:27:14:98:c8:88:18:
                    1e:33:b1:93:5e:f6:95:65:8b:7f:83:4d:2f:b0:8b:
                    58:39:49:68:04:56:03:5a:86:d4:ba:2c:11:af:92:
                    27:66:fe:32:16:73:d5:17:82:6f:ec:c3:89:8b:21:
                    00:2e:87:2f:ca:90:2c:3c:07:40:d7:d9:80:0a:81:
                    c1:b0:c2:35:77:24:2a:e2:c5:87:b7:93:49:36:c6:
                    61:cb:63:8e:ec:db:ed:f0:b2:1f:c6:76:45:e0:01:
                    dd:94:1c:af:65:44:8b:65:c3:cb:99:98:5c:c4:bc:
                    99:cb:28:15:11:77:5a:4a:d3:e4:e4:ec:bf:58:ae:
                    e5:9a:49:b7:15:80:56:04:45:31:e9:bd:9a:6c:8b:
                    49:0c:96:e2:fb:ee:ea:91:8d:60:11:41:36:34:d0:
                    bb:e9:08:ac:62:7b:37:72:3d:61:5c:4c:21:3c:3b:
                    fa:ce:6c:fc:c2:8f:0a:18:80:2b:43:15:00:95:21:
                    fb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:9A:F5:60:E7:7E:F3:AC:57:5B:A2:4C:67:8B:CA:64:32:4A:CC:7E
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS46450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.152.0/21
                  140.150.184.0/21
                  140.150.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:b9:52:b8:3d:34:7c:70:51:6f:78:ac:60:30:4b:e8:75:95:
         7e:c2:fc:1e:b1:be:52:38:02:1d:3f:1a:35:39:91:f4:e5:c3:
         dc:4d:be:a5:46:16:3a:9c:8d:5a:21:f7:50:c1:f6:cc:f7:93:
         7e:82:ae:5c:64:ce:61:84:d8:f6:51:3e:03:65:5e:61:06:e2:
         e1:54:e8:0c:33:1b:ff:58:7f:5a:8d:36:69:69:6c:87:3d:47:
         ff:2e:7f:03:9b:0f:50:85:6f:50:b3:2d:b4:59:24:53:1f:b8:
         1e:04:f2:20:c8:e7:84:5b:37:65:c4:ae:0d:fd:bc:99:da:b0:
         bb:fa:d0:cc:d2:41:73:be:b1:65:84:ba:c6:25:ba:1e:f8:2a:
         1f:4b:f8:3a:1e:7d:5f:0e:28:bb:ac:9d:68:ea:c4:5b:5f:b8:
         cc:61:cd:23:58:e6:f8:b1:d8:fd:ef:ac:9f:dd:24:b4:48:4f:
         79:23:fe:97:8f:a3:b3:96:39:cb:81:c3:65:19:32:52:98:2c:
         b2:de:c2:4d:c8:04:62:09:6a:c7:d8:18:7c:1c:20:61:58:46:
         9e:61:f7:ff:bd:2f:95:af:26:5a:13:7c:74:65:62:06:0a:bd:
         79:e0:59:2f:6b:a1:c8:40:47:ff:c6:dc:7b:5c:dd:f8:93:91:
         f7:36:94:af
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUZQFnVML9kS8ZLlQg3qkbBoz+gOYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjAxNTQ5MDJaFw0yNjA0MTkxNTU0MDJaMDMxMTAvBgNV
BAMTKDAyOUFGNTYwRTc3RUYzQUM1NzVCQTI0QzY3OEJDQTY0MzI0QUNDN0UwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqyTRhS4deAzoVO8jfwYFTFKFj
9kXTeLwsn0aWFbw3msPoTURNBC/F3InWsPC2l15ImO3smwcwGYH8Wb7zEOWmKBy2
9CcUmMiIGB4zsZNe9pVli3+DTS+wi1g5SWgEVgNahtS6LBGvkidm/jIWc9UXgm/s
w4mLIQAuhy/KkCw8B0DX2YAKgcGwwjV3JCrixYe3k0k2xmHLY47s2+3wsh/GdkXg
Ad2UHK9lRItlw8uZmFzEvJnLKBURd1pK0+Tk7L9YruWaSbcVgFYERTHpvZpsi0kM
luL77uqRjWARQTY00LvpCKxiezdyPWFcTCE8O/rObPzCjwoYgCtDFQCVIfuRAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUApr1YOd+86xXW6JMZ4vKZDJKzH4wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDY0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAOMlpgD
BAOMlrgDBAKMluQwDQYJKoZIhvcNAQELBQADggEBAI+5Urg9NHxwUW94rGAwS+h1
lX7C/B6xvlI4Ah0/GjU5kfTlw9xNvqVGFjqcjVoh91DB9sz3k36CrlxkzmGE2PZR
PgNlXmEG4uFU6AwzG/9Yf1qNNmlpbIc9R/8ufwObD1CFb1CzLbRZJFMfuB4E8iDI
54RbN2XErg39vJnasLv60MzSQXO+sWWEusYluh74Kh9L+DoefV8OKLusnWjqxFtf
uMxhzSNY5vix2P3vrJ/dJLRIT3kj/pePo7OWOcuBw2UZMlKYLLLewk3IBGIJasfY
GHwcIGFYRp5h9/+9L5WvJloTfHRlYgYKvXngWS9rochAR//G3Htc3fiTkfc2lK8=
-----END CERTIFICATE-----