Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa
File:                     AS5065.roa (raw, json)
Hash identifier:          VeSzD5EvDZcZRdHj9zrNzjzTVRFkZpG0h7afug1aChw=
Subject key identifier:   9F:40:D1:3D:F0:A6:E8:00:CE:1A:F5:59:5E:F2:38:A6:F9:26:F2:11
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4CD44DE4080BB3E5565173419D924B69A1AF0C80
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa
Signing time:             Wed 09 Oct 2024 09:16:52 +0000
ROA not before:           Wed 09 Oct 2024 09:11:52 +0000
ROA not after:            Wed 08 Oct 2025 09:16:52 +0000
asID:                     5065
IP address blocks:        140.233.165.0/24 maxlen: 24
                          146.103.37.0/24 maxlen: 24
                          148.135.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4c:d4:4d:e4:08:0b:b3:e5:56:51:73:41:9d:92:4b:69:a1:af:0c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct  9 09:11:52 2024 GMT
            Not After : Oct  8 09:16:52 2025 GMT
        Subject: CN=9F40D13DF0A6E800CE1AF5595EF238A6F926F211
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:72:f2:3d:f3:6e:49:04:06:fc:33:01:79:90:
                    62:da:6e:5c:17:9a:40:14:fc:d6:70:ca:db:10:b1:
                    84:9c:6a:86:a6:ec:5f:36:e4:46:e7:35:b1:18:c0:
                    ee:80:89:0c:e7:6e:d3:b0:06:4a:dd:e8:38:5e:f6:
                    15:bf:50:b5:e1:58:a8:33:21:bc:4d:c0:d4:e2:86:
                    dd:e9:58:c8:99:64:a3:88:ae:33:92:99:1b:06:e3:
                    b0:31:81:4b:6f:a5:8e:c5:be:c8:7e:d0:47:8d:85:
                    58:03:eb:b7:23:a4:a0:0b:75:09:4c:ad:7c:89:c6:
                    6b:38:13:54:ff:c3:33:7f:c4:a3:d3:c1:88:7d:bc:
                    36:1d:b3:7f:64:fa:72:69:2f:33:9a:c6:29:9a:83:
                    65:40:d9:8e:5d:92:38:f5:1e:6d:1e:a8:2e:d8:15:
                    2f:02:dd:a4:92:eb:c1:42:ee:b4:0a:34:d6:4f:bb:
                    50:95:25:aa:6c:88:94:c7:d9:26:f6:05:44:18:6c:
                    33:45:6f:c2:a8:8e:b0:a9:6c:e6:d0:f4:c3:59:ae:
                    44:27:f8:c7:cb:e3:a1:b2:d4:1e:5b:26:fa:77:0f:
                    9b:fb:11:8e:55:53:52:e0:7f:ce:e5:6b:f5:6e:68:
                    6f:70:0b:24:91:42:7d:18:ec:1d:24:d0:3a:f2:d0:
                    9f:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:40:D1:3D:F0:A6:E8:00:CE:1A:F5:59:5E:F2:38:A6:F9:26:F2:11
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5065.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.233.165.0/24
                  146.103.37.0/24
                  148.135.171.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:a8:79:2a:04:58:8c:64:4b:a2:25:6e:7e:c2:36:cc:c2:19:
         97:e7:60:e0:c9:ef:eb:ac:65:87:e2:7a:96:3c:e4:26:e0:58:
         e3:4b:49:47:d0:54:db:99:85:53:64:ce:2c:67:6f:6e:b1:09:
         69:87:88:07:16:ba:2b:9c:35:94:e8:41:df:3b:ea:8b:34:27:
         6d:c1:2b:d4:60:81:2a:a1:a5:e1:c2:68:76:ea:a4:71:c5:19:
         1d:12:a0:8b:e1:8a:6f:a4:20:7e:7d:a6:4b:0a:84:5b:c8:3a:
         32:f8:f6:d5:a5:82:43:a9:b7:2f:68:9a:8c:94:38:a3:6c:25:
         67:a3:b2:1d:d4:2a:62:ea:76:db:ac:ac:a3:c7:05:34:99:4a:
         38:24:60:b1:30:20:81:25:af:1c:4f:65:7a:6c:a2:d6:a1:7d:
         56:8f:95:c6:0e:f4:d7:58:27:0c:96:5e:30:cc:db:c7:c5:f1:
         1a:d6:b8:e1:c0:5d:74:0f:bf:c9:a9:b9:95:bb:30:2c:e9:96:
         61:dd:c4:f3:52:fe:3c:54:2d:27:ff:8f:3a:b9:19:e5:cd:1e:
         db:b2:3f:00:80:3a:d2:dc:48:af:59:a3:b3:0e:06:2b:f1:a9:
         3b:50:2a:3f:eb:00:de:09:0b:5d:29:75:ea:5e:af:6c:98:36:
         39:01:25:78
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUTNRN5AgLs+VWUXNBnZJLaaGvDIAwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDEwMDkwOTExNTJaFw0yNTEwMDgwOTE2NTJaMDMxMTAvBgNV
BAMTKDlGNDBEMTNERjBBNkU4MDBDRTFBRjU1OTVFRjIzOEE2RjkyNkYyMTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDcvI9825JBAb8MwF5kGLablwX
mkAU/NZwytsQsYScaoam7F825EbnNbEYwO6AiQznbtOwBkrd6Dhe9hW/ULXhWKgz
IbxNwNTiht3pWMiZZKOIrjOSmRsG47AxgUtvpY7Fvsh+0EeNhVgD67cjpKALdQlM
rXyJxms4E1T/wzN/xKPTwYh9vDYds39k+nJpLzOaximag2VA2Y5dkjj1Hm0eqC7Y
FS8C3aSS68FC7rQKNNZPu1CVJapsiJTH2Sb2BUQYbDNFb8KojrCpbObQ9MNZrkQn
+MfL46Gy1B5bJvp3D5v7EY5VU1Lgf87la/VuaG9wCySRQn0Y7B0k0Dry0J9zAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUn0DRPfCm6ADOGvVZXvI4pvkm8hEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTA2NS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAIzppQME
AJJnJQMEAJSHqzANBgkqhkiG9w0BAQsFAAOCAQEAnah5KgRYjGRLoiVufsI2zMIZ
l+dg4Mnv66xlh+J6ljzkJuBY40tJR9BU25mFU2TOLGdvbrEJaYeIBxa6K5w1lOhB
3zvqizQnbcEr1GCBKqGl4cJoduqkccUZHRKgi+GKb6Qgfn2mSwqEW8g6Mvj21aWC
Q6m3L2iajJQ4o2wlZ6OyHdQqYup226yso8cFNJlKOCRgsTAggSWvHE9lemyi1qF9
Vo+Vxg7011gnDJZeMMzbx8XxGta44cBddA+/yam5lbswLOmWYd3E81L+PFQtJ/+P
OrkZ5c0e27I/AIA60txIr1mjsw4GK/GpO1AqP+sA3gkLXSl16l6vbJg2OQEleA==
-----END CERTIFICATE-----