Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6079.roa
File:                     AS6079.roa (raw, json)
Hash identifier:          iF6FLV+NBF0m1VJ87XO1rvGqyWprTZJSzgid9YVXiG4=
Subject key identifier:   FA:7D:45:02:58:6C:12:33:B7:BC:03:25:CC:A9:11:50:38:7C:5A:90
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       593E75460FA9C8A20A9449B8BBC7BD8B6B6D8976
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6079.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     6079
IP address blocks:        140.150.160.0/21 maxlen: 24
                          140.150.168.0/21 maxlen: 24
                          140.233.192.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            59:3e:75:46:0f:a9:c8:a2:0a:94:49:b8:bb:c7:bd:8b:6b:6d:89:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=FA7D4502586C1233B7BC0325CCA91150387C5A90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:16:c2:ce:dd:0e:9e:6c:fe:f4:13:8d:d5:3b:
                    c4:74:9b:06:c2:c8:b4:1f:cb:c4:63:da:00:1c:31:
                    f8:85:85:b7:17:ad:d9:64:1c:22:d2:19:bd:b2:0a:
                    84:7d:9e:26:97:f6:73:d7:53:5a:50:67:8b:75:be:
                    52:9f:44:76:74:a2:da:b2:36:8e:1a:be:d9:75:99:
                    54:22:9b:70:1d:29:b2:bc:0a:b8:ef:01:17:66:3b:
                    f0:ca:fc:3f:ce:bc:df:34:38:51:4d:82:d5:99:aa:
                    d8:54:e2:f1:ca:40:e1:3f:66:5f:b6:e2:a3:ae:8d:
                    ba:3c:a1:b5:bc:7b:c5:04:27:56:07:4f:5a:aa:7a:
                    6b:de:c4:b6:65:ea:ca:fa:76:7b:be:71:15:8f:71:
                    66:89:7b:ff:48:d0:12:16:ba:fb:32:f6:57:cb:78:
                    9c:63:92:78:45:cc:b3:e5:1c:e8:dc:c0:45:e8:60:
                    60:98:47:d0:d5:ce:6b:60:57:c0:63:da:6d:21:06:
                    19:7a:41:0b:15:82:3e:32:46:98:ca:5f:b0:25:96:
                    7c:8e:8a:f8:ae:ab:c9:a3:86:ae:e7:2b:ba:8a:7e:
                    5f:48:3b:1a:2e:07:c3:a9:28:20:1c:a9:5f:40:ce:
                    06:7b:5f:0b:40:09:1f:e1:a8:09:02:fe:e2:1a:4e:
                    b5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:7D:45:02:58:6C:12:33:B7:BC:03:25:CC:A9:11:50:38:7C:5A:90
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS6079.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.160.0/20
                  140.233.192.0/18

    Signature Algorithm: sha256WithRSAEncryption
         05:d4:6a:e0:e0:ed:8c:93:ab:f7:02:c7:8e:63:7c:a1:d3:5a:
         ec:39:29:35:0f:36:b1:46:09:cd:f0:9a:b3:3b:4d:53:19:f2:
         c4:79:b9:c7:e3:df:f7:c3:d7:40:ea:4e:bd:36:7d:45:c9:a0:
         e6:a7:5a:f5:b5:f4:5e:4d:a2:e7:52:f2:48:96:64:7c:d8:71:
         e8:0f:70:ee:75:97:52:94:e6:51:17:66:14:f6:82:b0:56:c9:
         28:32:40:2d:85:84:f0:32:27:27:b4:a3:d1:76:5d:73:03:55:
         f3:46:13:10:ba:99:2e:a6:67:d9:8e:ee:fa:66:07:65:24:04:
         2a:f1:56:c6:11:7f:02:a4:96:58:6b:7a:b6:34:41:38:23:18:
         9c:ce:6d:4e:f3:4b:f2:17:4b:8c:b8:29:ea:64:0e:2b:05:cc:
         ff:28:63:9f:1d:a5:1d:74:6f:1d:d4:6f:d2:c1:9b:a5:42:c2:
         f1:14:67:0b:76:d4:9d:4d:b5:13:8d:6d:16:8c:bb:1d:f7:c9:
         7f:31:a4:cc:1c:4f:fc:5d:a2:75:6d:8c:1e:79:48:09:75:9e:
         d6:b4:7f:6b:0a:ad:70:1a:65:fa:df:27:bc:1a:61:59:40:1e:
         13:d9:d1:71:8d:ea:ea:9a:44:7e:b2:ea:eb:d5:d0:66:89:4b:
         68:e3:73:fe
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIUWT51Rg+pyKIKlEm4u8e9i2ttiXYwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKEZBN0Q0NTAyNTg2QzEyMzNCN0JDMDMyNUNDQTkxMTUwMzg3QzVBOTAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClFsLO3Q6ebP70E43VO8R0mwbC
yLQfy8Rj2gAcMfiFhbcXrdlkHCLSGb2yCoR9niaX9nPXU1pQZ4t1vlKfRHZ0otqy
No4avtl1mVQim3AdKbK8CrjvARdmO/DK/D/OvN80OFFNgtWZqthU4vHKQOE/Zl+2
4qOujbo8obW8e8UEJ1YHT1qqemvexLZl6sr6dnu+cRWPcWaJe/9I0BIWuvsy9lfL
eJxjknhFzLPlHOjcwEXoYGCYR9DVzmtgV8Bj2m0hBhl6QQsVgj4yRpjKX7AllnyO
iviuq8mjhq7nK7qKfl9IOxouB8OpKCAcqV9AzgZ7XwtACR/hqAkC/uIaTrWXAgMB
AAGjggIOMIICCjAdBgNVHQ4EFgQU+n1FAlhsEjO3vAMlzKkRUDh8WpAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjA3OS5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBIyWoAME
BozpwDANBgkqhkiG9w0BAQsFAAOCAQEABdRq4ODtjJOr9wLHjmN8odNa7DkpNQ82
sUYJzfCasztNUxnyxHm5x+Pf98PXQOpOvTZ9Rcmg5qda9bX0Xk2i51LySJZkfNhx
6A9w7nWXUpTmURdmFPaCsFbJKDJALYWE8DInJ7Sj0XZdcwNV80YTELqZLqZn2Y7u
+mYHZSQEKvFWxhF/AqSWWGt6tjRBOCMYnM5tTvNL8hdLjLgp6mQOKwXM/yhjnx2l
HXRvHdRv0sGbpULC8RRnC3bUnU21E41tFoy7HffJfzGkzBxP/F2idW2MHnlICXWe
1rR/awqtcBpl+t8nvBphWUAeE9nRcY3q6ppEfrLq69XQZolLaONz/g==
-----END CERTIFICATE-----