Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
File:                     AS5650.roa (raw, json)
Hash identifier:          4gLoEaEZ6sHvNpopRUjl6VRVtxIEoqltWw0X9krn+c4=
Subject key identifier:   72:05:6C:1C:C4:9A:77:4F:4A:27:E6:AA:1C:43:59:08:21:D7:0D:A7
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       4FE83CA0963F483886B65998A30731C4F0F3E451
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa
Signing time:             Fri 26 Sep 2025 00:06:45 +0000
ROA not before:           Fri 26 Sep 2025 00:01:45 +0000
ROA not after:            Fri 25 Sep 2026 00:06:45 +0000
asID:                     5650
IP address blocks:        150.241.255.0/24 maxlen: 24
                          162.141.124.0/22 maxlen: 24
                          167.148.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4f:e8:3c:a0:96:3f:48:38:86:b6:59:98:a3:07:31:c4:f0:f3:e4:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Sep 26 00:01:45 2025 GMT
            Not After : Sep 25 00:06:45 2026 GMT
        Subject: CN=72056C1CC49A774F4A27E6AA1C43590821D70DA7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:11:31:8b:f0:cb:1b:c7:9d:b2:d2:01:32:30:
                    61:51:4a:ca:69:cd:d5:18:cb:47:5a:61:f5:69:b0:
                    a0:89:96:91:7c:36:93:e6:3d:3e:51:a7:71:49:88:
                    9a:2c:e8:e1:28:52:66:f6:d8:2c:5b:72:71:6a:21:
                    14:7c:79:73:36:31:30:5e:39:4b:bf:eb:6a:ea:f0:
                    b6:60:6d:5a:0f:9e:62:d6:6c:dd:0c:d6:d7:a8:da:
                    ea:fd:e3:02:c0:a9:b0:bb:dd:00:a9:2c:3d:3f:a1:
                    27:73:45:95:5b:db:5e:fc:b8:f5:52:65:e0:ac:1c:
                    01:61:55:3e:e9:41:94:f8:3f:8f:cd:e4:27:cb:91:
                    62:71:81:68:1f:59:38:b3:dd:f3:9c:f6:03:90:0a:
                    9a:b8:45:22:cb:fd:74:41:82:1e:97:ee:74:8a:fc:
                    d3:1c:20:02:69:5c:81:5b:31:9d:bd:a7:64:56:97:
                    ee:8d:9f:41:ea:7d:b5:60:a8:06:79:fb:b7:be:6f:
                    a3:27:1d:65:58:a7:3d:ed:5e:0b:70:60:d3:dc:17:
                    d3:02:50:80:71:1c:f9:a7:68:5c:71:bb:08:d0:df:
                    af:63:cb:49:64:fd:a7:88:1b:b6:36:19:2c:5a:7b:
                    f8:b3:9c:71:5f:26:14:f8:4b:af:89:a2:7b:44:37:
                    e1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:05:6C:1C:C4:9A:77:4F:4A:27:E6:AA:1C:43:59:08:21:D7:0D:A7
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS5650.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.255.0/24
                  162.141.124.0/22
                  167.148.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:4f:9b:c8:22:c2:ef:4d:95:50:cf:15:cd:74:2b:77:e1:cb:
         72:a3:a6:d3:c6:85:52:14:2a:08:da:b5:41:21:db:bc:d6:53:
         b0:90:b7:26:5d:52:74:7e:e4:ac:28:66:97:db:f7:17:09:be:
         a3:22:35:e8:03:64:ee:b8:56:93:00:75:5d:3c:5a:03:89:36:
         9b:6d:c0:2d:54:b3:21:16:c4:0d:29:f2:2a:60:67:6d:b2:e5:
         be:a6:3b:85:65:0a:48:63:c2:ae:c0:ce:51:62:70:e3:84:73:
         a4:6c:4f:a8:70:5e:ca:7b:f5:05:b9:c7:0a:3f:16:69:47:5c:
         a8:46:fa:63:fa:a9:a6:d7:4d:09:75:66:c1:50:02:d3:d8:e7:
         f9:5f:fc:ff:6f:d4:80:3e:bf:bb:61:75:f1:46:a2:3e:8c:68:
         5d:b3:27:00:df:07:fe:d6:8d:62:ab:75:27:be:ee:55:b1:96:
         06:ac:93:7b:33:28:3f:09:f6:df:df:4f:52:8e:6b:8e:c3:02:
         2b:b1:8d:0b:19:e5:fd:aa:ba:96:b9:81:6f:10:43:c7:2c:90:
         3a:d1:ae:2e:52:c9:b2:f2:64:57:dd:56:46:3e:cf:42:87:b3:
         45:b5:61:39:af:ae:50:a7:61:b8:22:dc:2d:f2:9c:c9:55:d0:
         3c:41:2c:cc
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUT+g8oJY/SDiGtlmYowcxxPDz5FEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA5MjYwMDAxNDVaFw0yNjA5MjUwMDA2NDVaMDMxMTAvBgNV
BAMTKDcyMDU2QzFDQzQ5QTc3NEY0QTI3RTZBQTFDNDM1OTA4MjFENzBEQTcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5ETGL8Msbx52y0gEyMGFRSspp
zdUYy0daYfVpsKCJlpF8NpPmPT5Rp3FJiJos6OEoUmb22CxbcnFqIRR8eXM2MTBe
OUu/62rq8LZgbVoPnmLWbN0M1teo2ur94wLAqbC73QCpLD0/oSdzRZVb2178uPVS
ZeCsHAFhVT7pQZT4P4/N5CfLkWJxgWgfWTiz3fOc9gOQCpq4RSLL/XRBgh6X7nSK
/NMcIAJpXIFbMZ29p2RWl+6Nn0HqfbVgqAZ5+7e+b6MnHWVYpz3tXgtwYNPcF9MC
UIBxHPmnaFxxuwjQ369jy0lk/aeIG7Y2GSxae/iznHFfJhT4S6+JontEN+E7AgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUcgVsHMSad09KJ+aqHENZCCHXDacwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTY1MC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAJbx/wME
AqKNfAMEAqeU2DANBgkqhkiG9w0BAQsFAAOCAQEAsE+byCLC702VUM8VzXQrd+HL
cqOm08aFUhQqCNq1QSHbvNZTsJC3Jl1SdH7krChml9v3Fwm+oyI16ANk7rhWkwB1
XTxaA4k2m23ALVSzIRbEDSnyKmBnbbLlvqY7hWUKSGPCrsDOUWJw44RzpGxPqHBe
ynv1BbnHCj8WaUdcqEb6Y/qpptdNCXVmwVAC09jn+V/8/2/UgD6/u2F18UaiPoxo
XbMnAN8H/taNYqt1J77uVbGWBqyTezMoPwn2399PUo5rjsMCK7GNCxnl/aq6lrmB
bxBDxyyQOtGuLlLJsvJkV91WRj7PQoezRbVhOa+uUKdhuCLcLfKcyVXQPEEszA==
-----END CERTIFICATE-----