Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
File:                     AS5650.roa (raw, json)
Hash identifier:          pG4GMKFpq4DBAqOVImEAwEfgCbSv6V0lb5Rpj6fOcMA=
Subject key identifier:   4B:4E:34:98:A7:DA:3F:7D:46:EE:6B:EB:68:E4:18:DC:32:54:92:E4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5089D14798B2EDF4D8E3884BE3B686D6220AB3A3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
Signing time:             Wed 28 May 2025 04:02:21 +0000
ROA not before:           Wed 28 May 2025 03:57:21 +0000
ROA not after:            Wed 27 May 2026 04:02:21 +0000
asID:                     5650
IP address blocks:        150.241.255.0/24 maxlen: 24
                          162.141.124.0/22 maxlen: 24
                          167.148.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:89:d1:47:98:b2:ed:f4:d8:e3:88:4b:e3:b6:86:d6:22:0a:b3:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 28 03:57:21 2025 GMT
            Not After : May 27 04:02:21 2026 GMT
        Subject: CN=4B4E3498A7DA3F7D46EE6BEB68E418DC325492E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:fe:b9:a9:3d:36:e6:17:71:b5:d2:38:32:ed:
                    ff:03:e3:79:3a:1a:51:0e:c1:84:77:a5:cc:94:08:
                    f1:2b:b9:bf:1a:bc:c7:3e:fb:ea:3e:0f:3c:be:7d:
                    48:c8:c0:62:f9:31:de:43:75:5b:52:4f:44:39:a8:
                    e7:50:72:e5:4b:c1:70:4e:49:91:ae:b0:14:bc:5a:
                    66:14:4d:5b:1e:1f:82:55:e8:00:ff:20:45:fc:d2:
                    f2:77:e3:d1:d6:06:71:62:cd:5c:35:11:71:38:51:
                    4d:8f:63:2b:40:a0:c5:b4:29:cd:7e:ac:c3:8e:ff:
                    7b:35:eb:c1:89:ef:f8:fd:1d:4c:20:2e:8b:d3:52:
                    19:43:88:7b:5f:15:19:38:00:15:d6:fe:7c:df:1c:
                    76:17:77:b7:d0:43:ae:eb:30:b7:af:96:2d:ae:26:
                    d0:8a:f7:5b:eb:6e:21:81:33:64:57:6e:3a:6f:d8:
                    c6:ae:dd:a1:da:83:fa:dc:f3:31:b2:c1:a8:ba:4e:
                    2f:87:f0:b7:9f:17:1f:1a:08:48:59:55:be:01:3d:
                    a8:9f:e6:a3:7a:98:2a:34:d3:99:ec:fa:b5:1f:9b:
                    89:9b:c5:8f:4d:0d:d1:b5:36:bb:df:16:d8:63:03:
                    2f:a1:05:4e:7b:c3:b9:eb:71:db:9e:1c:22:78:a4:
                    f4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:4E:34:98:A7:DA:3F:7D:46:EE:6B:EB:68:E4:18:DC:32:54:92:E4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.255.0/24
                  162.141.124.0/22
                  167.148.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:f5:5f:67:93:97:a3:81:6f:62:92:bc:43:7b:f7:82:f3:6a:
         9e:98:2c:a9:d1:bb:58:ad:ae:0c:4f:f0:b9:c9:61:e7:af:8d:
         32:91:b1:96:96:30:62:d5:fd:77:cb:8c:3a:4d:77:1e:74:03:
         92:cb:94:64:d3:d3:22:69:fd:c0:d0:1e:4d:46:ab:b8:11:04:
         37:18:1c:dd:d7:e3:c1:87:97:35:e7:81:d6:e3:3c:c2:37:15:
         27:0f:01:c9:f5:a4:67:2b:c2:8e:59:5b:2b:cb:05:cf:65:2e:
         8f:66:15:79:14:05:7f:db:3b:f3:4f:27:a6:4c:1a:d9:16:7f:
         a7:c3:e2:86:2c:63:51:74:45:cd:27:75:06:ce:94:c2:68:d8:
         2e:96:86:96:3c:be:b0:84:30:70:fa:f0:99:58:28:03:6d:cd:
         ce:87:0e:75:9a:c8:23:e7:46:97:7f:8d:8d:24:7f:5f:70:48:
         86:30:b7:5e:9f:3b:8d:32:2f:1d:91:aa:9c:87:46:03:99:f0:
         1f:90:51:04:dd:d3:59:87:11:d3:89:8e:32:4d:9c:34:f7:b9:
         44:6c:3b:ae:2a:a4:2c:1a:fb:b5:fc:d8:4c:5e:a6:41:d0:b2:
         fa:9b:92:df:f9:61:50:93:d7:b0:90:1c:9e:74:53:8b:9e:72:
         3e:7f:d3:35
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUUInRR5iy7fTY44hL47aG1iIKs6MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MjgwMzU3MjFaFw0yNjA1MjcwNDAyMjFaMDMxMTAvBgNV
BAMTKDRCNEUzNDk4QTdEQTNGN0Q0NkVFNkJFQjY4RTQxOERDMzI1NDkyRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2/rmpPTbmF3G10jgy7f8D43k6
GlEOwYR3pcyUCPErub8avMc+++o+Dzy+fUjIwGL5Md5DdVtST0Q5qOdQcuVLwXBO
SZGusBS8WmYUTVseH4JV6AD/IEX80vJ349HWBnFizVw1EXE4UU2PYytAoMW0Kc1+
rMOO/3s168GJ7/j9HUwgLovTUhlDiHtfFRk4ABXW/nzfHHYXd7fQQ67rMLevli2u
JtCK91vrbiGBM2RXbjpv2Mau3aHag/rc8zGywai6Ti+H8LefFx8aCEhZVb4BPaif
5qN6mCo005ns+rUfm4mbxY9NDdG1NrvfFthjAy+hBU57w7nrcdueHCJ4pPT7AgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUS040mKfaP31G7mvraOQY3DJUkuQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAJbx/wME
AqKNfAMEAqeU2DANBgkqhkiG9w0BAQsFAAOCAQEAGPVfZ5OXo4FvYpK8Q3v3gvNq
npgsqdG7WK2uDE/wuclh56+NMpGxlpYwYtX9d8uMOk13HnQDksuUZNPTImn9wNAe
TUaruBEENxgc3dfjwYeXNeeB1uM8wjcVJw8ByfWkZyvCjllbK8sFz2Uuj2YVeRQF
f9s7808npkwa2RZ/p8PihixjUXRFzSd1Bs6UwmjYLpaGljy+sIQwcPrwmVgoA23N
zocOdZrII+dGl3+NjSR/X3BIhjC3Xp87jTIvHZGqnIdGA5nwH5BRBN3TWYcR04mO
Mk2cNPe5RGw7riqkLBr7tfzYTF6mQdCy+puS3/lhUJPXsJAcnnRTi55yPn/TNQ==
-----END CERTIFICATE-----