Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS50338.roa
File:                     AS50338.roa (raw, json)
Hash identifier:          y6OeF7eig3UMCjZe7MQK1OH+FCnPf+SqlkIlQqMl284=
Subject key identifier:   29:B5:AB:4D:88:57:55:E2:37:0F:A5:33:DF:8D:AF:F7:F1:03:83:86
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0B85445C01F37C05170952881BB462D118F8F70C
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS50338.roa
Signing time:             Tue 16 Jul 2024 14:49:12 +0000
ROA not before:           Tue 16 Jul 2024 14:44:12 +0000
ROA not after:            Tue 15 Jul 2025 14:49:12 +0000
asID:                     50338
IP address blocks:        147.79.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:85:44:5c:01:f3:7c:05:17:09:52:88:1b:b4:62:d1:18:f8:f7:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 16 14:44:12 2024 GMT
            Not After : Jul 15 14:49:12 2025 GMT
        Subject: CN=29B5AB4D885755E2370FA533DF8DAFF7F1038386
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:6d:b1:ca:c9:2f:f4:48:da:3f:dc:bf:25:47:
                    71:30:73:6c:9a:c8:78:3a:90:af:7d:b2:c4:bf:ed:
                    7c:63:52:74:f6:64:15:e4:41:06:bd:09:f0:22:3f:
                    84:fc:2b:23:66:b2:9d:d5:a4:49:ef:2a:68:38:70:
                    3b:04:5e:5b:42:3b:0a:c4:9a:c0:0c:69:62:74:d9:
                    f4:84:20:3a:dc:51:06:7e:08:4d:1f:7f:01:8c:59:
                    e1:8e:12:e4:66:44:49:3a:6b:3e:7e:22:b4:b8:ba:
                    da:f4:2e:64:ca:27:a3:60:21:a9:62:36:eb:ce:93:
                    bc:3b:d1:11:34:ba:e3:8a:68:41:79:83:20:9d:e3:
                    47:29:2e:24:f3:72:6f:87:e4:42:84:00:df:ca:cb:
                    2f:67:de:09:ed:9d:8b:df:3f:29:45:c8:4e:98:40:
                    f9:7b:97:db:a8:e3:f1:7c:e3:8b:cd:f4:a6:9e:9a:
                    af:9c:3e:89:eb:10:86:5e:ef:e2:b2:3c:c1:b7:57:
                    31:7e:d0:7b:35:8c:84:b8:24:2f:58:4f:21:83:9f:
                    c5:33:7d:88:d6:87:a8:e2:6a:3f:21:92:eb:5c:68:
                    12:88:d9:e1:41:57:91:25:ec:d4:55:05:f5:9c:ee:
                    8f:d2:57:10:e3:b7:3f:c3:ef:67:e0:19:c5:89:26:
                    02:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:B5:AB:4D:88:57:55:E2:37:0F:A5:33:DF:8D:AF:F7:F1:03:83:86
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS50338.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:4a:dd:7c:08:c0:20:b0:5b:e3:65:eb:58:1d:0a:1e:5f:6f:
         0f:02:cd:16:26:2c:91:3d:59:07:19:00:3b:48:3d:a5:28:02:
         24:96:6d:85:02:0d:3c:9d:44:c1:8e:7a:9c:9e:c6:38:f1:b8:
         6b:00:de:1b:7d:f2:99:2a:45:4d:fe:80:b3:d9:03:8b:d5:7e:
         b7:a9:94:50:c6:2e:66:2c:3a:76:63:23:86:27:a9:44:67:7f:
         80:18:54:4e:88:49:3a:4c:4f:01:cc:6e:8b:35:1d:02:f6:5f:
         df:86:31:23:37:f5:b9:ed:e4:0d:7a:33:e9:b9:cd:f0:97:0e:
         85:6b:a8:ba:70:cf:cc:88:02:4b:29:72:22:9c:e9:11:79:ed:
         09:42:02:7b:45:86:6c:51:ce:6e:75:89:bd:51:dd:11:db:f5:
         05:68:6e:cb:73:0d:08:38:35:15:26:21:ea:02:b3:94:84:b7:
         52:8f:79:cb:95:83:d4:f5:0e:b3:06:d6:1d:e3:c0:57:0b:39:
         d9:4d:92:1c:21:05:ce:bc:45:d1:1e:6f:7a:ea:e9:fb:68:bf:
         ce:2c:0d:20:e1:4c:e5:cc:58:2b:e4:f8:ee:c0:39:ec:ab:8d:
         07:7c:97:f4:c7:8e:fc:92:e1:cf:ba:f3:65:b0:23:9e:64:93:
         74:0a:a3:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUC4VEXAHzfAUXCVKIG7Ri0Rj49wwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MTYxNDQ0MTJaFw0yNTA3MTUxNDQ5MTJaMDMxMTAvBgNV
BAMTKDI5QjVBQjREODg1NzU1RTIzNzBGQTUzM0RGOERBRkY3RjEwMzgzODYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCTbbHKyS/0SNo/3L8lR3Ewc2ya
yHg6kK99ssS/7XxjUnT2ZBXkQQa9CfAiP4T8KyNmsp3VpEnvKmg4cDsEXltCOwrE
msAMaWJ02fSEIDrcUQZ+CE0ffwGMWeGOEuRmREk6az5+IrS4utr0LmTKJ6NgIali
NuvOk7w70RE0uuOKaEF5gyCd40cpLiTzcm+H5EKEAN/Kyy9n3gntnYvfPylFyE6Y
QPl7l9uo4/F844vN9Kaemq+cPonrEIZe7+KyPMG3VzF+0Hs1jIS4JC9YTyGDn8Uz
fYjWh6jiaj8hkutcaBKI2eFBV5El7NRVBfWc7o/SVxDjtz/D72fgGcWJJgIDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUKbWrTYhXVeI3D6Uz342v9/EDg4YwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTAzMzgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACTTzow
DQYJKoZIhvcNAQELBQADggEBAA1K3XwIwCCwW+Nl61gdCh5fbw8CzRYmLJE9WQcZ
ADtIPaUoAiSWbYUCDTydRMGOepyexjjxuGsA3ht98pkqRU3+gLPZA4vVfreplFDG
LmYsOnZjI4YnqURnf4AYVE6ISTpMTwHMbos1HQL2X9+GMSM39bnt5A16M+m5zfCX
DoVrqLpwz8yIAkspciKc6RF57QlCAntFhmxRzm51ib1R3RHb9QVobstzDQg4NRUm
IeoCs5SEt1KPecuVg9T1DrMG1h3jwFcLOdlNkhwhBc68RdEeb3rq6ftov84sDSDh
TOXMWCvk+O7AOeyrjQd8l/THjvyS4c+682WwI55kk3QKo5c=
-----END CERTIFICATE-----