Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS918.roa
File:                     AS918.roa (raw, json)
Hash identifier:          YnZq254O9vbd85Q93uJtCGkb1pj6qdzJTb+8nNxdRAY=
Subject key identifier:   3D:EE:BD:58:B0:04:A7:CA:C6:F7:0A:8D:2E:E5:51:C3:DF:5C:25:37
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3354C331C577229B63019D6F4AAE963048B7D55E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS918.roa
Signing time:             Sat 06 Apr 2024 11:09:31 +0000
ROA not before:           Sat 06 Apr 2024 11:04:31 +0000
ROA not after:            Sat 05 Apr 2025 11:09:31 +0000
asID:                     918
IP address blocks:        146.103.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            33:54:c3:31:c5:77:22:9b:63:01:9d:6f:4a:ae:96:30:48:b7:d5:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr  6 11:04:31 2024 GMT
            Not After : Apr  5 11:09:31 2025 GMT
        Subject: CN=3DEEBD58B004A7CAC6F70A8D2EE551C3DF5C2537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:0e:d5:0c:8c:df:2e:27:8e:aa:25:65:a4:
                    b9:15:a7:3a:88:f2:ff:5c:99:a5:54:b3:4f:b9:e0:
                    97:4c:45:c9:fb:46:a1:38:22:1a:8f:13:56:22:9a:
                    0d:ec:93:cc:5c:e7:16:70:57:d7:26:8d:08:14:6f:
                    75:a5:8a:88:1f:04:e4:7b:09:84:f4:96:02:b4:d8:
                    c4:e6:f5:d2:2a:41:99:42:b7:1f:33:4c:2a:d3:11:
                    14:8c:7b:b9:c2:9c:af:5c:c3:e7:0a:eb:9a:a6:85:
                    80:72:3f:33:b0:cb:3f:eb:0e:7d:40:a7:01:8b:3f:
                    15:45:33:50:2b:4f:77:3c:a7:48:9e:e1:c7:bb:d5:
                    e5:be:c1:80:3e:40:fe:32:e0:55:b4:e9:5c:ac:ac:
                    7b:2f:2a:46:e5:0f:34:e1:78:50:44:3a:3f:56:f1:
                    d3:a4:d1:29:91:f2:ae:01:2c:90:2c:3a:32:f2:3d:
                    74:cd:76:ba:b1:b4:54:a3:92:77:3d:8d:18:96:c0:
                    dd:6e:dc:df:52:7e:d3:06:99:c0:70:72:52:56:c1:
                    60:72:58:50:43:f3:34:e5:69:13:c3:c6:c5:27:48:
                    75:73:22:fd:28:bb:93:a1:0c:cb:b0:b1:51:33:2d:
                    f4:fd:fc:94:34:3b:4e:9c:f0:91:01:3b:83:bd:72:
                    ea:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:EE:BD:58:B0:04:A7:CA:C6:F7:0A:8D:2E:E5:51:C3:DF:5C:25:37
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS918.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:c5:ee:7b:12:41:51:69:29:48:17:36:0d:16:31:f0:ce:55:
         36:a7:bd:8f:97:55:78:23:f6:95:c1:5f:7e:9d:56:1c:1b:36:
         50:4a:1a:2e:7a:8a:23:4c:97:25:ee:be:94:94:75:13:13:c7:
         41:3c:67:ac:bb:9e:29:15:b6:2b:bd:c5:e8:bc:ab:18:bd:cd:
         f2:bc:a8:49:ec:0a:66:9d:ff:eb:04:1e:8d:53:d8:f8:23:47:
         09:54:8a:8e:87:a6:a0:e2:c9:4b:14:33:9a:b8:f5:6c:a4:a1:
         5b:72:40:19:2e:27:b3:74:c7:94:dc:7e:19:1b:37:8e:3d:db:
         1c:c3:e1:7f:36:1f:5d:df:f1:a2:e2:86:33:10:85:dc:da:c8:
         b2:19:4f:00:41:28:6f:8c:2c:f1:73:f4:a3:e7:8b:37:1c:85:
         79:fd:c0:d5:bf:ce:3f:3d:8c:ac:dc:f4:42:43:d2:33:c7:6e:
         59:e9:4c:3b:ba:61:bd:d8:92:f1:38:5e:99:aa:6b:82:85:32:
         a3:af:02:b8:6b:91:4d:57:f7:2d:c1:cb:38:5b:cb:31:ab:5d:
         a5:3c:57:c1:fa:bc:56:3c:01:70:63:30:18:12:a1:f3:c4:75:
         3f:e3:36:71:2b:06:66:63:fa:dc:d3:7b:94:59:8e:74:87:52:
         e3:f7:ce:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgIUM1TDMcV3IptjAZ1vSq6WMEi31V4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNDA0MDYxMTA0MzFaFw0yNTA0MDUxMTA5MzFaMDMxMTAvBgNV
BAMTKDNERUVCRDU4QjAwNEE3Q0FDNkY3MEE4RDJFRTU1MUMzREY1QzI1MzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/bg7VDIzfLieOqiVlpLkVpzqI
8v9cmaVUs0+54JdMRcn7RqE4IhqPE1Yimg3sk8xc5xZwV9cmjQgUb3WliogfBOR7
CYT0lgK02MTm9dIqQZlCtx8zTCrTERSMe7nCnK9cw+cK65qmhYByPzOwyz/rDn1A
pwGLPxVFM1ArT3c8p0ie4ce71eW+wYA+QP4y4FW06VysrHsvKkblDzTheFBEOj9W
8dOk0SmR8q4BLJAsOjLyPXTNdrqxtFSjknc9jRiWwN1u3N9SftMGmcBwclJWwWBy
WFBD8zTlaRPDxsUnSHVzIv0ou5OhDMuwsVEzLfT9/JQ0O06c8JEBO4O9cur9AgMB
AAGjggIHMIICAzAdBgNVHQ4EFgQUPe69WLAEp8rG9wqNLuVRw99cJTcwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIweAYIKwYBBQUHAQsEbDBqMGgGCCsGAQUFBzALhlxyc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTOTE4LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkmcWMA0G
CSqGSIb3DQEBCwUAA4IBAQBWxe57EkFRaSlIFzYNFjHwzlU2p72Pl1V4I/aVwV9+
nVYcGzZQShoueoojTJcl7r6UlHUTE8dBPGesu54pFbYrvcXovKsYvc3yvKhJ7Apm
nf/rBB6NU9j4I0cJVIqOh6ag4slLFDOauPVspKFbckAZLiezdMeU3H4ZGzeOPdsc
w+F/Nh9d3/Gi4oYzEIXc2siyGU8AQShvjCzxc/Sj54s3HIV5/cDVv84/PYys3PRC
Q9Izx25Z6Uw7umG92JLxOF6ZqmuChTKjrwK4a5FNV/ctwcs4W8sxq12lPFfB+rxW
PAFwYzAYEqHzxHU/4zZxKwZmY/rc03uUWY50h1Lj984S
-----END CERTIFICATE-----