Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa
File:                     AS63440.roa (raw, json)
Hash identifier:          dpAKbVJpir7vZH4A4rXCDNvcW28QfkcDigLinpuY5FM=
Subject key identifier:   AF:7B:C2:52:6A:68:7A:62:D1:DB:C8:55:0F:8D:53:DC:30:AD:5F:60
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6227ED32AC489BEF0FEF79B739895D5169910DCC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa
Signing time:             Thu 25 Jul 2024 19:21:03 +0000
ROA not before:           Thu 25 Jul 2024 19:16:03 +0000
ROA not after:            Thu 24 Jul 2025 19:21:03 +0000
asID:                     63440
IP address blocks:        146.103.12.0/24 maxlen: 24
                          146.103.13.0/24 maxlen: 24
                          146.103.14.0/24 maxlen: 24
                          146.103.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            62:27:ed:32:ac:48:9b:ef:0f:ef:79:b7:39:89:5d:51:69:91:0d:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jul 25 19:16:03 2024 GMT
            Not After : Jul 24 19:21:03 2025 GMT
        Subject: CN=AF7BC2526A687A62D1DBC8550F8D53DC30AD5F60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b6:d8:ae:30:90:3e:e2:bc:08:c0:7e:37:ce:
                    b6:1a:f6:8f:53:51:86:9e:c8:a1:84:62:d7:42:7c:
                    3c:26:9b:71:c4:9e:52:4e:b2:6c:33:52:6e:40:5b:
                    fa:f4:a1:6d:f7:71:4f:c8:1d:ca:e0:67:18:a0:37:
                    66:ff:a8:8a:b2:e8:3a:62:25:bb:8c:35:4b:e6:e3:
                    bb:a8:ab:2c:94:ef:bf:2b:7d:8b:70:d7:7a:75:69:
                    c1:33:2e:fc:c5:77:58:16:60:6e:ad:5a:02:15:6b:
                    a3:45:67:3b:77:69:7d:d6:92:fd:71:93:5b:30:0a:
                    5f:e1:6b:b9:83:62:30:06:26:8d:2b:e2:53:c7:d6:
                    aa:3f:43:bb:a7:a9:b8:e9:e3:42:69:57:9e:33:05:
                    87:38:1b:ac:bf:18:28:e4:5b:89:83:ad:cc:29:f8:
                    f1:6e:af:6c:65:98:6e:ce:0d:0e:18:a6:97:d2:b7:
                    e2:f6:ad:ff:d1:6c:04:a4:b0:f9:cd:e2:86:56:28:
                    cc:f6:9e:fa:9c:0c:be:6c:24:28:c8:86:9c:5e:e4:
                    e1:30:10:0b:c3:fa:67:8f:77:e7:5c:c9:6e:32:24:
                    6a:1a:b8:f5:1c:35:7c:31:10:3c:9d:7d:25:73:61:
                    26:55:24:e4:3a:a7:0b:83:a9:49:0c:85:a5:40:75:
                    6e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:7B:C2:52:6A:68:7A:62:D1:DB:C8:55:0F:8D:53:DC:30:AD:5F:60
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS63440.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:e4:02:b2:b8:52:99:39:42:08:54:31:48:ab:ce:71:c8:4b:
         62:c1:c0:b6:f9:33:6b:39:04:a9:16:6c:ee:3a:9e:40:ad:45:
         a7:33:3f:86:18:8e:ec:ce:76:cb:23:47:e3:9f:58:1d:44:92:
         88:55:8b:6d:65:dd:e2:38:1c:3d:df:78:db:3d:11:b3:32:08:
         cf:47:a9:36:41:05:25:d2:01:62:66:5b:75:05:5c:74:cc:2c:
         52:5d:01:51:61:02:da:f9:28:77:09:0c:37:2a:07:a8:95:9f:
         a6:97:95:21:fc:71:9c:8a:94:7d:91:92:f5:08:ac:ff:9c:80:
         ef:d6:18:9f:2b:e4:40:bd:51:f0:65:c5:8b:7e:5d:e2:1e:0c:
         5a:1f:d3:72:ff:90:05:c9:36:e9:8c:f1:14:17:0c:e6:ad:30:
         8b:64:b1:f5:b4:1d:26:91:f0:b6:d8:70:19:9f:b6:87:2a:d4:
         05:f5:53:05:94:24:4a:c0:fe:d2:c2:46:d5:48:d9:b0:bf:28:
         7e:ed:ff:b2:21:c6:56:47:dc:0e:58:c7:fd:4c:08:56:e4:72:
         f8:40:e5:2a:df:59:a9:21:43:3a:74:71:45:0c:ec:81:e4:48:
         05:a6:60:ab:2b:37:e8:4d:f6:c1:06:26:e2:a2:a1:d3:9e:f1:
         0d:35:2e:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUYiftMqxIm+8P73m3OYldUWmRDcwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA3MjUxOTE2MDNaFw0yNTA3MjQxOTIxMDNaMDMxMTAvBgNV
BAMTKEFGN0JDMjUyNkE2ODdBNjJEMURCQzg1NTBGOEQ1M0RDMzBBRDVGNjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPttiuMJA+4rwIwH43zrYa9o9T
UYaeyKGEYtdCfDwmm3HEnlJOsmwzUm5AW/r0oW33cU/IHcrgZxigN2b/qIqy6Dpi
JbuMNUvm47uoqyyU778rfYtw13p1acEzLvzFd1gWYG6tWgIVa6NFZzt3aX3Wkv1x
k1swCl/ha7mDYjAGJo0r4lPH1qo/Q7unqbjp40JpV54zBYc4G6y/GCjkW4mDrcwp
+PFur2xlmG7ODQ4YppfSt+L2rf/RbASksPnN4oZWKMz2nvqcDL5sJCjIhpxe5OEw
EAvD+mePd+dcyW4yJGoauPUcNXwxEDydfSVzYSZVJOQ6pwuDqUkMhaVAdW6tAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUr3vCUmpoemLR28hVD41T3DCtX2AwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNjM0NDAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAKSZwww
DQYJKoZIhvcNAQELBQADggEBADDkArK4Upk5QghUMUirznHIS2LBwLb5M2s5BKkW
bO46nkCtRaczP4YYjuzOdssjR+OfWB1EkohVi21l3eI4HD3feNs9EbMyCM9HqTZB
BSXSAWJmW3UFXHTMLFJdAVFhAtr5KHcJDDcqB6iVn6aXlSH8cZyKlH2RkvUIrP+c
gO/WGJ8r5EC9UfBlxYt+XeIeDFof03L/kAXJNumM8RQXDOatMItksfW0HSaR8LbY
cBmftocq1AX1UwWUJErA/tLCRtVI2bC/KH7t/7IhxlZH3A5Yx/1MCFbkcvhA5Srf
WakhQzp0cUUM7IHkSAWmYKsrN+hN9sEGJuKiodOe8Q01Lik=
-----END CERTIFICATE-----