Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa
File:                     AS7393.roa (raw, json)
Hash identifier:          KXLXAKDcwR0bCoTHPhB8HMRkl2/GlagOMyItrIbxQc8=
Subject key identifier:   60:27:16:FF:53:74:68:2C:12:37:D1:DE:87:E3:22:53:D7:34:E2:30
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       5B5C4A2A0524D6E366E3C431F1AD919F9BA9ED6D
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa
Signing time:             Sat 06 Apr 2024 11:09:30 +0000
ROA not before:           Sat 06 Apr 2024 11:04:30 +0000
ROA not after:            Sat 05 Apr 2025 11:09:30 +0000
asID:                     7393
IP address blocks:        140.150.192.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:5c:4a:2a:05:24:d6:e3:66:e3:c4:31:f1:ad:91:9f:9b:a9:ed:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:30 2024 GMT
            Not After : Apr  5 11:09:30 2025 GMT
        Subject: CN=602716FF5374682C1237D1DE87E32253D734E230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:67:cd:e8:7f:34:42:c9:79:a8:5d:48:d5:a6:
                    6f:54:fe:2f:f4:2c:a7:f4:0a:3d:4e:10:b3:9a:bd:
                    47:27:d6:55:b9:6a:2c:31:9c:a0:da:49:94:0c:f3:
                    88:9a:6a:0b:76:e3:a0:bd:10:9b:41:2e:f8:b2:15:
                    f1:64:5c:8f:29:7d:c2:9d:e6:8d:23:91:12:9f:27:
                    ba:00:4d:00:08:76:8e:66:8f:49:3a:2e:c3:b6:7b:
                    d7:8a:08:29:0e:f3:1e:99:1f:29:4c:86:a4:54:31:
                    88:4d:9d:67:8f:68:e8:69:0a:82:5f:0c:ad:e8:65:
                    ca:c6:1f:33:5c:c7:c9:37:31:2d:fe:27:80:87:96:
                    66:4b:60:2a:e1:6e:4e:f5:a8:00:b5:5f:1a:a7:d1:
                    4f:52:95:a6:bb:be:aa:bc:b3:45:96:87:1b:88:f7:
                    14:dc:7d:72:fc:b4:31:f6:ec:c2:49:61:69:0a:2a:
                    45:72:44:ad:63:63:a3:ff:59:8c:eb:01:8b:55:ee:
                    7a:3f:f7:e8:86:7d:49:70:39:e3:3c:d7:72:e8:3f:
                    81:68:38:c0:39:b5:83:ae:44:cc:9d:02:30:eb:65:
                    77:ae:f3:30:6b:29:e1:75:8b:e3:a8:04:a2:75:31:
                    91:0b:1e:c3:b2:7f:60:13:37:b1:9c:e1:a8:64:85:
                    32:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:27:16:FF:53:74:68:2C:12:37:D1:DE:87:E3:22:53:D7:34:E2:30
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS7393.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  140.150.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         98:27:68:42:0b:04:a2:a8:fd:bb:e4:1b:d1:30:72:65:cb:bb:
         c6:31:b6:8c:a5:f1:0c:03:92:37:62:b3:48:07:0a:13:e1:58:
         14:3b:14:20:e8:5a:6f:68:86:8c:33:52:04:cc:c2:f8:0a:76:
         21:55:dd:e0:b7:d8:70:5d:ab:46:83:ad:37:4e:b6:bc:03:6e:
         c9:6d:22:12:4a:79:46:9e:99:86:8e:8c:86:1b:c0:ea:ef:d4:
         a4:4c:0f:f9:1d:3c:b0:e5:75:f8:25:e5:0d:49:2c:92:8e:26:
         82:26:5c:4b:c3:cc:59:29:c8:87:38:cd:f8:38:3d:05:df:f3:
         19:e8:0b:67:3b:2e:e1:c7:51:40:42:8d:d1:04:3f:a2:ab:cf:
         aa:14:40:58:c5:9e:8f:42:9b:a6:5d:5b:43:20:54:af:a1:33:
         63:92:a8:bd:97:f6:bf:21:48:4e:eb:48:80:90:91:2f:b8:7a:
         a8:a0:18:ea:7a:1b:b3:6f:ec:3c:e6:ed:33:1b:d5:ea:83:fa:
         fd:18:bf:ca:2a:a6:51:0a:4d:61:2c:84:2c:d7:7f:bc:9e:29:
         76:b3:d2:ca:a1:69:7d:4e:c8:33:8d:94:97:bd:38:8a:e0:8e:
         11:e2:58:f8:b8:cc:6a:25:7d:59:69:2f:05:a0:be:aa:e3:fb:
         cc:2c:5e:5f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgIUW1xKKgUk1uNm48Qx8a2Rn5up7W0wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzBaFw0yNTA0MDUxMTA5MzBaMDMxMTAvBgNV
BAMTKDYwMjcxNkZGNTM3NDY4MkMxMjM3RDFERTg3RTMyMjUzRDczNEUyMzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxZ83ofzRCyXmoXUjVpm9U/i/0
LKf0Cj1OELOavUcn1lW5aiwxnKDaSZQM84iaagt246C9EJtBLviyFfFkXI8pfcKd
5o0jkRKfJ7oATQAIdo5mj0k6LsO2e9eKCCkO8x6ZHylMhqRUMYhNnWePaOhpCoJf
DK3oZcrGHzNcx8k3MS3+J4CHlmZLYCrhbk71qAC1Xxqn0U9Slaa7vqq8s0WWhxuI
9xTcfXL8tDH27MJJYWkKKkVyRK1jY6P/WYzrAYtV7no/9+iGfUlwOeM813LoP4Fo
OMA5tYOuRMydAjDrZXeu8zBrKeF1i+OoBKJ1MZELHsOyf2ATN7Gc4ahkhTKBAgMB
AAGjggIIMIICBDAdBgNVHQ4EFgQUYCcW/1N0aCwSN9Heh+MiU9c04jAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNzM5My5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEBYyWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAmCdoQgsEoqj9u+Qb0TByZcu7xjG2jKXxDAOSN2Kz
SAcKE+FYFDsUIOhab2iGjDNSBMzC+Ap2IVXd4LfYcF2rRoOtN062vANuyW0iEkp5
Rp6Zho6MhhvA6u/UpEwP+R08sOV1+CXlDUksko4mgiZcS8PMWSnIhzjN+Dg9Bd/z
GegLZzsu4cdRQEKN0QQ/oqvPqhRAWMWej0Kbpl1bQyBUr6EzY5KovZf2vyFITutI
gJCRL7h6qKAY6nobs2/sPObtMxvV6oP6/Ri/yiqmUQpNYSyELNd/vJ4pdrPSyqFp
fU7IM42Ul704iuCOEeJY+LjMaiV9WWkvBaC+quP7zCxeXw==
-----END CERTIFICATE-----