Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa
File:                     AS5065.roa (raw, json)
Hash identifier:          mXYW/y2qdANlJHBnkfAFz1dSbROWWS3K0r/MtrrmEpE=
Subject key identifier:   CF:23:FD:8C:88:06:CC:60:97:EC:D3:18:65:80:3C:06:E8:29:A4:0D
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       298D4CC80E1E838745F09996EA235E81286FA3E2
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa
Signing time:             Fri 26 Apr 2024 00:01:56 +0000
ROA not before:           Thu 25 Apr 2024 23:56:56 +0000
ROA not after:            Fri 25 Apr 2025 00:01:56 +0000
asID:                     5065
IP address blocks:        140.233.165.0/24 maxlen: 24
                          146.103.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            29:8d:4c:c8:0e:1e:83:87:45:f0:99:96:ea:23:5e:81:28:6f:a3:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 25 23:56:56 2024 GMT
            Not After : Apr 25 00:01:56 2025 GMT
        Subject: CN=CF23FD8C8806CC6097ECD31865803C06E829A40D
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a6:96:05:8b:89:93:54:cd:55:c4:70:2f:dd:
                    aa:3a:28:18:b2:5d:b8:2f:68:68:9d:81:39:10:3c:
                    90:ac:70:8e:f5:bb:0c:e9:36:00:08:0a:b8:90:75:
                    c4:13:ae:a9:e9:09:74:b3:d3:f7:c0:5f:19:b5:6e:
                    a5:98:9d:f1:34:d4:1b:f8:fa:c0:d4:21:a1:02:1a:
                    a5:c1:02:0c:d3:94:4b:64:be:94:0c:fe:d4:c9:cf:
                    66:a1:85:48:d0:b0:25:89:76:e5:13:4e:ec:28:26:
                    40:5b:0b:82:41:95:42:7a:92:d2:26:03:cb:80:4c:
                    39:21:61:ee:5a:6d:48:c7:6e:c8:76:da:de:0d:53:
                    bc:1a:33:fc:cb:89:f2:1b:a6:33:c8:a2:ab:31:b8:
                    b4:8d:16:66:4c:95:b7:93:a0:ff:a8:a3:aa:63:01:
                    b6:aa:a5:e7:59:20:20:e2:9e:6b:ac:e5:99:9d:50:
                    6c:7b:ae:f6:71:b4:dd:fe:29:ba:7c:fe:c7:4b:37:
                    11:83:b4:81:fd:d0:80:0a:0b:fb:33:b2:41:e6:2f:
                    b5:8f:dc:a7:95:1a:04:da:40:8f:66:09:16:fb:d9:
                    27:67:f5:64:58:47:1e:45:24:d5:93:95:98:0f:85:
                    83:e3:be:74:d1:6e:fe:9e:51:8c:52:bc:5e:84:26:
                    4f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:23:FD:8C:88:06:CC:60:97:EC:D3:18:65:80:3C:06:E8:29:A4:0D
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.165.0/24
                  146.103.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:58:52:3b:08:e2:71:30:03:70:72:5d:09:ce:c1:67:b7:1e:
         6f:fd:04:b2:48:ce:a2:7d:1a:99:31:c3:9a:9f:fc:46:17:50:
         77:88:0b:17:7a:a0:22:da:b0:4c:de:7b:72:f2:78:32:0a:79:
         fc:97:15:cf:bc:cc:f4:5d:f7:2c:6e:3b:43:07:94:34:13:18:
         a8:b0:95:1f:b8:13:e6:32:e7:a4:f2:50:11:10:c9:8f:0d:a9:
         d3:f5:e3:40:cf:93:73:f9:c1:0a:1e:44:82:e1:53:43:20:d7:
         82:5f:b3:51:b7:75:66:2b:b5:17:c1:88:df:e4:4f:05:1b:a9:
         18:54:11:26:70:fd:e1:6c:c2:47:13:97:6f:42:62:bc:bb:15:
         7f:da:cd:31:8e:6e:8b:e3:eb:51:59:98:29:c7:79:e5:4d:60:
         00:23:12:9e:94:30:94:a6:bb:59:b1:f9:3d:d6:03:42:94:95:
         8e:a8:d5:5b:67:0a:8f:71:e1:23:f4:d2:67:0c:0d:1d:38:35:
         e0:7d:6b:8f:b2:ef:4a:a6:7b:07:47:30:d5:bd:a6:cf:97:86:
         ed:f3:9c:1e:d9:49:b9:c4:05:90:90:c4:b2:32:18:b3:2d:48:
         e8:18:0a:b5:cb:1b:6f:e0:9f:11:d8:85:d3:05:a8:f5:8f:ee:
         80:6e:46:89
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUKY1MyA4eg4dF8JmW6iNegShvo+IwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MjUyMzU2NTZaFw0yNTA0MjUwMDAxNTZaMDMxMTAvBgNV
BAMTKENGMjNGRDhDODgwNkNDNjA5N0VDRDMxODY1ODAzQzA2RTgyOUE0MEQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXppYFi4mTVM1VxHAv3ao6KBiy
XbgvaGidgTkQPJCscI71uwzpNgAICriQdcQTrqnpCXSz0/fAXxm1bqWYnfE01Bv4
+sDUIaECGqXBAgzTlEtkvpQM/tTJz2ahhUjQsCWJduUTTuwoJkBbC4JBlUJ6ktIm
A8uATDkhYe5abUjHbsh22t4NU7waM/zLifIbpjPIoqsxuLSNFmZMlbeToP+oo6pj
AbaqpedZICDinmus5ZmdUGx7rvZxtN3+Kbp8/sdLNxGDtIH90IAKC/szskHmL7WP
3KeVGgTaQI9mCRb72Sdn9WRYRx5FJNWTlZgPhYPjvnTRbv6eUYxSvF6EJk+rAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQUzyP9jIgGzGCX7NMYZYA8BugppA0wHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTA2NS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAIzppQME
AJJnJTANBgkqhkiG9w0BAQsFAAOCAQEAPVhSOwjicTADcHJdCc7BZ7ceb/0EskjO
on0amTHDmp/8RhdQd4gLF3qgItqwTN57cvJ4Mgp5/JcVz7zM9F33LG47QweUNBMY
qLCVH7gT5jLnpPJQERDJjw2p0/XjQM+Tc/nBCh5EguFTQyDXgl+zUbd1Ziu1F8GI
3+RPBRupGFQRJnD94WzCRxOXb0JivLsVf9rNMY5ui+PrUVmYKcd55U1gACMSnpQw
lKa7WbH5PdYDQpSVjqjVW2cKj3HhI/TSZwwNHTg14H1rj7LvSqZ7B0cw1b2mz5eG
7fOcHtlJucQFkJDEsjIYsy1I6BgKtcsbb+CfEdiF0wWo9Y/ugG5GiQ==
-----END CERTIFICATE-----