Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
File:                     AS5650.roa (raw, json)
Hash identifier:          1cZyPW9VSrNwiPiV9IsgSZ9YukofEQpOyAOz3Tg0Tq0=
Subject key identifier:   2B:9C:CF:00:8B:52:1B:B2:A9:88:E2:18:DD:8C:AA:88:A4:91:0B:B8
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       05492A8EBD54F2768A9A222F340313B98E92B103
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
Signing time:             Fri 10 May 2024 03:47:06 +0000
ROA not before:           Fri 10 May 2024 03:42:06 +0000
ROA not after:            Fri 09 May 2025 03:47:06 +0000
asID:                     5650
IP address blocks:        147.79.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            05:49:2a:8e:bd:54:f2:76:8a:9a:22:2f:34:03:13:b9:8e:92:b1:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May 10 03:42:06 2024 GMT
            Not After : May  9 03:47:06 2025 GMT
        Subject: CN=2B9CCF008B521BB2A988E218DD8CAA88A4910BB8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:16:fb:75:21:28:b9:ca:ce:7f:ee:cb:ab:d9:
                    91:e9:a9:49:eb:2a:3d:de:e2:b9:4e:21:55:8e:c7:
                    de:78:00:19:c7:28:67:ae:51:58:57:6a:e4:15:89:
                    b6:c5:0a:be:ef:92:5c:fb:ea:12:d4:69:94:5e:10:
                    3c:82:67:d6:71:f8:15:31:34:aa:50:2e:e5:fc:b2:
                    70:d5:ec:bb:37:f6:60:f5:4e:70:7d:79:0b:81:16:
                    0f:5f:42:52:c9:de:ad:33:f8:64:1f:12:53:dc:36:
                    de:e6:5f:5c:5e:93:ca:96:1b:5e:25:75:c5:7a:ec:
                    ea:ab:77:a3:3d:64:9e:63:b9:6d:d8:29:da:68:2c:
                    e7:4d:4b:e0:09:b7:e2:ce:d6:2b:77:8c:f4:cb:05:
                    9f:94:18:38:cd:eb:fa:82:1a:33:8b:09:a5:b1:64:
                    7a:50:5d:6c:1b:26:ed:89:23:c2:2b:6c:6b:f5:45:
                    87:a4:83:1a:a6:19:cb:26:36:b8:10:21:22:17:4f:
                    9f:50:92:7b:a7:9f:7a:db:a4:28:5f:05:94:63:68:
                    58:dd:23:54:33:b6:ca:b6:d6:83:4b:9f:23:2b:d3:
                    d5:d5:2b:19:ba:c5:48:ae:1a:eb:5f:9f:c9:33:fd:
                    34:48:e2:47:e8:36:6a:e4:3f:b5:af:43:77:cf:ed:
                    f9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:9C:CF:00:8B:52:1B:B2:A9:88:E2:18:DD:8C:AA:88:A4:91:0B:B8
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:00:b2:06:77:cf:35:0d:8b:07:be:3c:93:4d:6f:a4:47:03:
         85:ab:fc:ea:2e:80:da:1b:a1:ff:3b:3f:68:c7:06:58:ce:30:
         85:b7:d1:c3:b9:0f:da:e8:ae:fb:6e:b5:f2:ff:e8:26:f6:84:
         f3:91:30:d9:ee:00:24:1e:99:96:a7:cc:05:1e:7a:0f:9d:e1:
         92:a7:0b:97:4e:09:2c:f3:77:21:f4:1a:96:9c:cd:6a:a7:57:
         29:28:34:2e:2c:fc:19:44:7a:be:c5:d5:62:1c:d6:f2:0c:07:
         12:5c:99:27:9a:3d:79:7d:62:98:be:29:11:73:7a:f5:0d:e3:
         0c:67:a5:ad:b0:f3:2c:5c:b9:8b:dd:23:3a:24:fc:c6:9f:a9:
         2a:d3:89:33:59:36:bc:9a:19:97:5e:cf:99:12:16:7f:fc:7d:
         4f:d9:f3:67:24:f0:a4:cb:f9:fc:3a:14:1e:24:f3:ff:c6:43:
         c1:cb:4b:aa:28:9b:ac:2a:b3:1a:e1:ce:41:1e:0c:9c:8c:af:
         0e:f0:0c:d1:87:b2:5c:86:a3:86:27:0a:9b:b2:90:7d:09:13:
         3b:ae:25:59:c4:ac:9e:30:4c:67:a1:12:58:1e:ff:cc:f8:80:
         d7:6e:56:82:a8:85:61:0c:61:9a:d6:ab:db:cb:1b:24:7e:20:
         5e:4a:78:ee
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUBUkqjr1U8naKmiIvNAMTuY6SsQMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA1MTAwMzQyMDZaFw0yNTA1MDkwMzQ3MDZaMDMxMTAvBgNV
BAMTKDJCOUNDRjAwOEI1MjFCQjJBOTg4RTIxOEREOENBQTg4QTQ5MTBCQjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbFvt1ISi5ys5/7sur2ZHpqUnr
Kj3e4rlOIVWOx954ABnHKGeuUVhXauQVibbFCr7vklz76hLUaZReEDyCZ9Zx+BUx
NKpQLuX8snDV7Ls39mD1TnB9eQuBFg9fQlLJ3q0z+GQfElPcNt7mX1xek8qWG14l
dcV67Oqrd6M9ZJ5juW3YKdpoLOdNS+AJt+LO1it3jPTLBZ+UGDjN6/qCGjOLCaWx
ZHpQXWwbJu2JI8IrbGv1RYekgxqmGcsmNrgQISIXT59Qknunn3rbpChfBZRjaFjd
I1Qztsq21oNLnyMr09XVKxm6xUiuGutfn8kz/TRI4kfoNmrkP7WvQ3fP7flzAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUK5zPAItSG7KpiOIY3YyqiKSRC7gwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJNPHzAN
BgkqhkiG9w0BAQsFAAOCAQEAtgCyBnfPNQ2LB748k01vpEcDhav86i6A2huh/zs/
aMcGWM4whbfRw7kP2uiu+2618v/oJvaE85Ew2e4AJB6ZlqfMBR56D53hkqcLl04J
LPN3IfQalpzNaqdXKSg0Liz8GUR6vsXVYhzW8gwHElyZJ5o9eX1imL4pEXN69Q3j
DGelrbDzLFy5i90jOiT8xp+pKtOJM1k2vJoZl17PmRIWf/x9T9nzZyTwpMv5/DoU
HiTz/8ZDwctLqiibrCqzGuHOQR4MnIyvDvAM0YeyXIajhicKm7KQfQkTO64lWcSs
njBMZ6ESWB7/zPiA125WgqiFYQxhmtar28sbJH4gXkp47g==
-----END CERTIFICATE-----