Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa
File:                     AS60949.roa (raw, json)
Hash identifier:          Jw3G42dbE7JUHXyWHrum/17wZsrTsPM9VFr41RSlsU0=
Subject key identifier:   EE:94:F3:F2:A9:07:DE:00:A1:C7:35:AF:3B:7C:E0:38:F3:A3:23:D2
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       284BF4996E8F91A71248CFFB6CAC4D73E1635602
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa
Signing time:             Wed 14 Aug 2024 11:44:43 +0000
ROA not before:           Wed 14 Aug 2024 11:39:43 +0000
ROA not after:            Wed 13 Aug 2025 11:44:43 +0000
asID:                     60949
IP address blocks:        147.79.52.0/24 maxlen: 24
                          147.79.53.0/24 maxlen: 24
                          147.79.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            28:4b:f4:99:6e:8f:91:a7:12:48:cf:fb:6c:ac:4d:73:e1:63:56:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Aug 14 11:39:43 2024 GMT
            Not After : Aug 13 11:44:43 2025 GMT
        Subject: CN=EE94F3F2A907DE00A1C735AF3B7CE038F3A323D2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:4d:9f:5c:37:15:79:57:ad:84:31:08:2b:ac:
                    4b:fc:80:ee:77:ea:3a:e8:56:1c:62:14:64:90:9b:
                    36:bd:ed:fa:35:50:dd:00:6f:49:83:d0:9d:ee:3e:
                    29:21:68:38:45:9a:54:2e:63:9e:74:d8:2f:7a:d3:
                    cd:d8:86:1c:f4:04:2d:1a:fb:c4:c2:1a:e9:ac:37:
                    d7:40:e1:f5:26:b9:ae:0a:4d:0e:dc:59:f0:1b:38:
                    62:91:2d:5b:87:fe:a3:ec:38:74:b9:0a:a4:ce:a8:
                    ab:cc:f6:81:e5:bb:b4:8d:9e:eb:f7:d3:2a:55:bf:
                    20:bf:44:99:41:c3:da:15:e3:e6:5a:c5:bc:d8:2a:
                    f8:43:c7:8c:f3:22:51:18:8d:88:3e:f8:2b:ee:61:
                    7a:42:3b:fd:4c:bc:4f:e0:2f:df:04:8a:21:31:8a:
                    55:c7:eb:66:7e:cc:4a:30:25:7a:93:08:4d:97:1b:
                    95:52:c7:da:b2:4c:07:c9:a0:c4:9b:e9:9f:5a:6f:
                    f4:dd:94:6a:ed:6e:b1:09:87:f9:70:71:78:4a:76:
                    ff:d8:05:47:9a:ec:38:e6:e1:1c:9a:c4:1b:c9:94:
                    9c:28:7c:60:da:42:37:6e:0d:d4:61:c0:24:8e:80:
                    9d:49:1a:7f:12:d4:b1:9b:d0:f3:ac:db:3d:20:d3:
                    49:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:94:F3:F2:A9:07:DE:00:A1:C7:35:AF:3B:7C:E0:38:F3:A3:23:D2
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS60949.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.52.0-147.79.54.255

    Signature Algorithm: sha256WithRSAEncryption
         83:36:8e:a9:c9:e8:2e:88:45:fb:dc:fa:89:40:89:63:a2:a1:
         ac:5d:85:d4:48:a1:68:9d:ff:83:07:9e:05:54:fd:d8:56:17:
         80:20:91:d2:ed:b5:c3:9e:de:a4:57:43:0a:a0:e4:c8:56:8c:
         ba:ba:3d:9e:14:46:7d:dc:d2:56:84:1e:ba:47:11:68:f5:83:
         50:53:5d:53:d6:97:b9:3f:8e:58:91:33:40:bc:96:71:e6:ac:
         69:84:ee:8f:9b:7d:20:e1:09:1f:47:bf:c3:1b:41:8a:d3:65:
         41:cc:d8:42:e2:23:85:88:93:ff:ea:b7:1f:bc:4c:6e:d9:3e:
         a9:68:79:a1:fd:b9:b5:41:09:cd:04:35:ff:51:0c:50:a4:b2:
         5b:34:51:8f:93:91:01:f3:9d:ad:8c:2c:d1:68:95:60:5d:c7:
         20:89:98:44:89:49:60:1d:12:76:ae:b5:6f:e8:7f:f1:75:04:
         a6:de:15:68:3c:44:f9:93:f4:0f:45:45:cf:6b:47:8c:a4:5a:
         b5:7a:88:66:e2:2a:2f:c9:48:9e:ce:b7:e5:92:84:93:72:53:
         ea:4a:c6:d6:7f:34:c9:69:e1:da:d4:ea:4d:19:56:cf:a2:eb:
         40:29:4a:da:0a:b2:6f:60:22:3c:ae:2d:b8:95:de:ea:a6:67:
         66:94:04:da
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIUKEv0mW6PkacSSM/7bKxNc+FjVgIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA4MTQxMTM5NDNaFw0yNTA4MTMxMTQ0NDNaMDMxMTAvBgNV
BAMTKEVFOTRGM0YyQTkwN0RFMDBBMUM3MzVBRjNCN0NFMDM4RjNBMzIzRDIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMTZ9cNxV5V62EMQgrrEv8gO53
6jroVhxiFGSQmza97fo1UN0Ab0mD0J3uPikhaDhFmlQuY5502C96083Yhhz0BC0a
+8TCGumsN9dA4fUmua4KTQ7cWfAbOGKRLVuH/qPsOHS5CqTOqKvM9oHlu7SNnuv3
0ypVvyC/RJlBw9oV4+ZaxbzYKvhDx4zzIlEYjYg++CvuYXpCO/1MvE/gL98EiiEx
ilXH62Z+zEowJXqTCE2XG5VSx9qyTAfJoMSb6Z9ab/TdlGrtbrEJh/lwcXhKdv/Y
BUea7Djm4RyaxBvJlJwofGDaQjduDdRhwCSOgJ1JGn8S1LGb0POs2z0g00nBAgMB
AAGjggIRMIICDTAdBgNVHQ4EFgQU7pTz8qkH3gChxzWvO3zgOPOjI9IwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjA5NDkucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJwYIKwYBBQUHAQcBAf8EGDAWMBQEAgABMA4wDAMEApNP
NAMEAJNPNjANBgkqhkiG9w0BAQsFAAOCAQEAgzaOqcnoLohF+9z6iUCJY6KhrF2F
1EihaJ3/gweeBVT92FYXgCCR0u21w57epFdDCqDkyFaMuro9nhRGfdzSVoQeukcR
aPWDUFNdU9aXuT+OWJEzQLyWceasaYTuj5t9IOEJH0e/wxtBitNlQczYQuIjhYiT
/+q3H7xMbtk+qWh5of25tUEJzQQ1/1EMUKSyWzRRj5ORAfOdrYws0WiVYF3HIImY
RIlJYB0Sdq61b+h/8XUEpt4VaDxE+ZP0D0VFz2tHjKRatXqIZuIqL8lIns635ZKE
k3JT6krG1n80yWnh2tTqTRlWz6LrQClK2gqyb2AiPK4tuJXe6qZnZpQE2g==
-----END CERTIFICATE-----