Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
File:                     AS49608.roa (raw, json)
Hash identifier:          +DLD53yXJAZxxL6eLy8tOFGQXV0aEjUVaInc789vZCQ=
Subject key identifier:   8C:DC:B8:7C:2D:C7:98:63:CF:51:51:CC:42:7F:D1:E9:E0:B4:98:04
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       58B87F567BC0E33DF36B03440313F924CFCF745E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa
Signing time:             Sun 30 Jun 2024 00:00:20 +0000
ROA not before:           Sat 29 Jun 2024 23:55:20 +0000
ROA not after:            Sun 29 Jun 2025 00:00:20 +0000
asID:                     49608
IP address blocks:        146.103.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:b8:7f:56:7b:c0:e3:3d:f3:6b:03:44:03:13:f9:24:cf:cf:74:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun 29 23:55:20 2024 GMT
            Not After : Jun 29 00:00:20 2025 GMT
        Subject: CN=8CDCB87C2DC79863CF5151CC427FD1E9E0B49804
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:3f:c6:32:99:e5:d5:67:3e:af:3b:b7:98:46:
                    42:54:a7:4c:b1:33:9d:f0:25:c7:25:15:36:a8:ce:
                    2a:c6:72:f2:96:4e:97:5a:d1:50:e9:62:04:21:95:
                    7a:c1:ed:d6:5f:39:b3:46:27:c3:0d:22:f1:32:e2:
                    2d:3d:ab:11:b6:ac:b0:0d:1b:49:9d:83:cf:85:35:
                    0d:ab:53:e9:0f:4f:85:8d:d7:09:db:43:9f:8c:99:
                    11:77:d8:34:ea:b8:6c:48:11:6e:8b:ad:27:43:cf:
                    95:4f:53:75:68:ba:61:78:77:c6:b0:af:68:27:cc:
                    9e:74:e5:57:ff:79:28:10:b1:41:d6:b4:43:01:e8:
                    94:02:16:14:db:f3:e3:d2:24:d0:ef:89:29:6a:84:
                    39:51:03:76:92:1d:a0:ab:62:98:31:f7:91:70:bf:
                    73:23:f3:43:bb:5f:60:4b:39:87:2e:44:cb:62:98:
                    b8:26:07:26:1f:87:d8:c1:b0:8f:13:92:2d:43:fc:
                    ca:c5:3e:52:bc:b0:a3:7a:7e:89:8b:67:df:d7:1b:
                    08:05:5b:7e:35:25:69:46:d0:09:d7:70:1b:7d:78:
                    1a:44:49:92:bc:eb:be:32:18:89:ac:ec:6d:d3:ea:
                    f8:c8:10:1d:c8:b2:4b:71:37:29:21:dc:cb:af:59:
                    e3:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:DC:B8:7C:2D:C7:98:63:CF:51:51:CC:42:7F:D1:E9:E0:B4:98:04
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS49608.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:eb:5b:19:1c:96:d7:84:f1:c4:8a:23:d4:e6:31:26:bf:b5:
         b9:32:d4:7a:39:1e:c8:87:e3:2a:28:c2:7e:e6:81:7c:9f:e5:
         8b:32:cd:a8:80:dd:3c:d0:51:41:e1:16:fe:ad:3d:6a:ee:37:
         15:14:26:af:1e:a2:07:59:cb:2c:f1:54:97:27:c0:54:fc:c2:
         7f:d4:c3:1e:13:ee:8c:63:08:8a:c2:6e:e6:85:e9:9f:13:7e:
         b7:ab:8b:8e:a1:e1:91:c5:86:92:48:34:14:b6:d2:58:00:76:
         83:d6:19:5e:9d:a2:27:42:26:6d:4a:e6:7e:c7:03:2a:4b:5d:
         78:f1:5a:70:13:b1:1e:8e:3b:b6:d7:b4:2b:d1:d4:00:e9:35:
         ab:13:6f:ec:88:84:ef:00:ee:3f:85:e1:4c:45:5a:17:ed:da:
         d9:75:6a:a8:94:4e:76:f5:ce:82:d6:26:5b:f3:fd:0b:98:ee:
         04:88:6e:85:9d:98:d1:19:17:c0:6f:44:a3:b3:e4:f8:a6:e0:
         e7:eb:0f:3e:76:bb:f7:fa:c5:8f:82:36:22:0e:17:ff:15:e2:
         df:18:a4:38:8a:99:2e:48:7c:d7:95:93:b4:aa:3d:44:43:cb:
         1a:9b:15:af:72:c0:bd:d5:f6:1f:1d:e8:b6:70:a4:75:1a:f4:
         f0:2d:67:8f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUWLh/VnvA4z3zawNEAxP5JM/PdF4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA2MjkyMzU1MjBaFw0yNTA2MjkwMDAwMjBaMDMxMTAvBgNV
BAMTKDhDRENCODdDMkRDNzk4NjNDRjUxNTFDQzQyN0ZEMUU5RTBCNDk4MDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGP8YymeXVZz6vO7eYRkJUp0yx
M53wJcclFTaozirGcvKWTpda0VDpYgQhlXrB7dZfObNGJ8MNIvEy4i09qxG2rLAN
G0mdg8+FNQ2rU+kPT4WN1wnbQ5+MmRF32DTquGxIEW6LrSdDz5VPU3VoumF4d8aw
r2gnzJ505Vf/eSgQsUHWtEMB6JQCFhTb8+PSJNDviSlqhDlRA3aSHaCrYpgx95Fw
v3Mj80O7X2BLOYcuRMtimLgmByYfh9jBsI8Tki1D/MrFPlK8sKN6fomLZ9/XGwgF
W341JWlG0AnXcBt9eBpESZK8674yGIms7G3T6vjIEB3IsktxNykh3MuvWeP/AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUjNy4fC3HmGPPUVHMQn/R6eC0mAQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDk2MDgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACSZxsw
DQYJKoZIhvcNAQELBQADggEBAIbrWxkclteE8cSKI9TmMSa/tbky1Ho5HsiH4yoo
wn7mgXyf5YsyzaiA3TzQUUHhFv6tPWruNxUUJq8eogdZyyzxVJcnwFT8wn/Uwx4T
7oxjCIrCbuaF6Z8Tfreri46h4ZHFhpJINBS20lgAdoPWGV6doidCJm1K5n7HAypL
XXjxWnATsR6OO7bXtCvR1ADpNasTb+yIhO8A7j+F4UxFWhft2tl1aqiUTnb1zoLW
Jlvz/QuY7gSIboWdmNEZF8BvRKOz5Pim4OfrDz52u/f6xY+CNiIOF/8V4t8YpDiK
mS5IfNeVk7SqPURDyxqbFa9ywL3V9h8d6LZwpHUa9PAtZ48=
-----END CERTIFICATE-----