Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
File:                     AS5650.roa (raw, json)
Hash identifier:          NEI+ew70BLFvaqFtyP9i5L9xu7kasH6byOz6SX7sXMU=
Subject key identifier:   1B:B5:03:19:07:99:9E:BE:F7:62:23:E9:D1:58:1B:05:F5:14:66:6B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5849F9C2967A41BEB2E20B241C95EA6177C20154
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
Signing time:             Tue 19 Nov 2024 09:34:53 +0000
ROA not before:           Tue 19 Nov 2024 09:29:53 +0000
ROA not after:            Tue 18 Nov 2025 09:34:53 +0000
asID:                     5650
IP address blocks:        150.241.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            58:49:f9:c2:96:7a:41:be:b2:e2:0b:24:1c:95:ea:61:77:c2:01:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Nov 19 09:29:53 2024 GMT
            Not After : Nov 18 09:34:53 2025 GMT
        Subject: CN=1BB5031907999EBEF76223E9D1581B05F514666B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:68:05:77:16:fc:81:22:2f:d0:7a:e3:a0:7c:
                    ce:b4:8e:63:09:53:cb:d4:91:98:44:1e:33:d0:a5:
                    f0:9d:b4:01:cc:53:03:56:87:9a:16:53:9c:f5:cc:
                    fb:bb:51:33:63:8c:a2:3f:6e:a0:86:a1:4a:da:ea:
                    cd:2b:54:c0:3b:22:d1:0a:44:93:17:20:8b:be:06:
                    5b:1b:9a:c0:2d:d3:7d:be:c1:61:0c:60:2d:89:29:
                    dc:ec:f0:c1:19:35:ec:8d:67:01:8b:32:93:2e:4f:
                    fe:54:f8:b7:9b:8b:86:71:09:d7:a5:ff:8c:f3:ec:
                    71:81:88:79:27:1c:ad:63:c1:b1:f1:d2:64:dd:3f:
                    6f:71:01:a2:79:88:b1:a6:fc:95:ad:36:09:5d:db:
                    33:6f:91:08:18:21:c8:64:74:16:93:f9:97:ca:75:
                    55:4b:eb:97:2b:b4:e1:20:ae:8f:48:ff:46:cd:3e:
                    9c:44:8e:f6:49:29:43:da:30:0b:97:7a:15:b6:30:
                    ac:f4:d7:ae:f4:b1:2e:5a:3c:71:99:fe:31:e0:9e:
                    5b:b1:a0:c6:38:c9:ee:1e:b6:96:71:93:66:e9:f3:
                    1e:0e:2c:cb:97:bd:08:9b:b8:3d:b4:4f:ac:6a:52:
                    d1:80:b3:3c:78:ed:82:17:45:92:bd:16:41:70:92:
                    8c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:B5:03:19:07:99:9E:BE:F7:62:23:E9:D1:58:1B:05:F5:14:66:6B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:82:ca:55:c8:3c:cd:3e:43:99:d2:a6:8e:0c:4c:87:d2:f3:
         21:e0:c7:d4:31:7d:e9:f7:e6:34:98:2c:c9:3c:8d:2e:9e:89:
         a8:3b:0e:86:5d:a7:a2:52:b0:52:67:0d:12:a5:68:54:49:ac:
         ef:43:fb:ad:fb:ec:9a:a9:3a:7e:52:1d:fe:9e:16:bd:4f:5f:
         00:a1:ab:ab:87:a8:02:32:a2:c3:79:0d:a8:f8:c0:59:2c:dd:
         11:d2:9b:6f:73:de:f2:72:f6:d4:f5:48:22:90:0f:67:df:3c:
         cc:f1:f3:3a:52:ce:4a:07:f7:25:55:34:59:fd:a1:11:5f:e2:
         4a:fd:ba:1e:e8:da:76:69:35:3c:34:9c:2f:6b:4c:6f:93:a0:
         2a:61:d9:2b:ba:f5:66:d6:8b:f2:95:3f:6e:91:81:70:4c:c4:
         ab:39:e9:d3:98:34:6e:c5:5e:78:c6:7b:63:1b:55:6b:d8:b7:
         6b:7c:b6:d1:f7:70:fe:24:5f:f9:d5:ff:44:d0:fc:52:43:e1:
         03:a8:a0:7d:c4:54:de:4d:ff:9c:92:1d:f7:5c:ca:d6:98:10:
         90:95:0e:29:e8:a3:b0:39:7f:9f:16:11:d2:ee:83:95:e1:3a:
         2b:4b:dd:70:bd:52:a8:20:9d:77:de:50:ee:93:64:90:6b:f2:
         f3:0b:55:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUWEn5wpZ6Qb6y4gskHJXqYXfCAVQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDExMTkwOTI5NTNaFw0yNTExMTgwOTM0NTNaMDMxMTAvBgNV
BAMTKDFCQjUwMzE5MDc5OTlFQkVGNzYyMjNFOUQxNTgxQjA1RjUxNDY2NkIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCraAV3FvyBIi/QeuOgfM60jmMJ
U8vUkZhEHjPQpfCdtAHMUwNWh5oWU5z1zPu7UTNjjKI/bqCGoUra6s0rVMA7ItEK
RJMXIIu+BlsbmsAt032+wWEMYC2JKdzs8MEZNeyNZwGLMpMuT/5U+Lebi4ZxCdel
/4zz7HGBiHknHK1jwbHx0mTdP29xAaJ5iLGm/JWtNgld2zNvkQgYIchkdBaT+ZfK
dVVL65crtOEgro9I/0bNPpxEjvZJKUPaMAuXehW2MKz01670sS5aPHGZ/jHgnlux
oMY4ye4etpZxk2bp8x4OLMuXvQibuD20T6xqUtGAszx47YIXRZK9FkFwkow3AgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUG7UDGQeZnr73YiPp0VgbBfUUZmswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAJbx/zAN
BgkqhkiG9w0BAQsFAAOCAQEAGoLKVcg8zT5DmdKmjgxMh9LzIeDH1DF96ffmNJgs
yTyNLp6JqDsOhl2nolKwUmcNEqVoVEms70P7rfvsmqk6flId/p4WvU9fAKGrq4eo
AjKiw3kNqPjAWSzdEdKbb3Pe8nL21PVIIpAPZ988zPHzOlLOSgf3JVU0Wf2hEV/i
Sv26Hujadmk1PDScL2tMb5OgKmHZK7r1ZtaL8pU/bpGBcEzEqznp05g0bsVeeMZ7
YxtVa9i3a3y20fdw/iRf+dX/RND8UkPhA6igfcRU3k3/nJId91zK1pgQkJUOKeij
sDl/nxYR0u6DleE6K0vdcL1SqCCdd95Q7pNkkGvy8wtVeg==
-----END CERTIFICATE-----