Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          vwOR5I1exOXtziunagAJiaMaF6lHyiCHjGUmEBcJfQE=
Subject key identifier:   EF:EA:3F:00:ED:05:78:42:ED:78:37:31:49:BC:E5:7C:63:CB:CA:C7
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       2421FA5376F760DF5539CB4EF9840B9E405174CE
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa
Signing time:             Thu 23 Jan 2025 09:02:00 +0000
ROA not before:           Thu 23 Jan 2025 08:57:00 +0000
ROA not after:            Thu 22 Jan 2026 09:02:00 +0000
asID:                     20473
IP address blocks:        82.23.193.0/24 maxlen: 24
                          82.29.136.0/21 maxlen: 24
                          2a13:9500:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:21:fa:53:76:f7:60:df:55:39:cb:4e:f9:84:0b:9e:40:51:74:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 23 08:57:00 2025 GMT
            Not After : Jan 22 09:02:00 2026 GMT
        Subject: CN=EFEA3F00ED057842ED78373149BCE57C63CBCAC7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f8:34:35:4b:34:98:f7:21:b9:e5:d4:b0:24:
                    cb:d9:56:49:86:db:2e:22:fd:6d:7d:b3:9b:f0:85:
                    14:fb:2a:e6:ad:e3:fc:0c:89:27:38:e7:31:42:ca:
                    19:04:4c:83:cc:51:2d:a1:2b:cc:fd:b6:de:64:3c:
                    2d:ce:56:28:1f:7c:08:b5:8f:65:ba:a9:dc:ef:41:
                    5a:65:5d:9e:8b:c2:30:b7:68:68:13:b9:29:84:15:
                    ac:65:20:e3:d3:b4:5d:49:72:dd:57:85:98:b9:ee:
                    7b:b2:e3:0a:48:5e:87:66:63:ee:c8:e3:1d:b7:1a:
                    fe:32:92:a0:72:b5:25:37:62:a7:68:1d:5c:f6:ac:
                    fb:db:d8:f0:51:48:7c:4e:25:71:c6:b2:99:59:15:
                    ec:04:32:fb:8e:5b:7f:c7:a8:75:d1:74:be:9b:93:
                    e5:0b:91:1c:bb:70:8a:71:0e:bf:56:0c:11:4f:ee:
                    86:24:b1:4e:d2:22:46:7e:9f:94:ef:be:41:5b:49:
                    91:7a:e7:f4:a4:57:09:f4:46:24:f2:d3:5e:c1:99:
                    86:df:94:51:1e:e6:13:b0:ec:25:80:26:fb:56:95:
                    96:41:32:74:6c:eb:91:4a:38:d9:c5:10:7a:8f:e7:
                    c3:de:73:4f:bf:5d:cc:68:00:f8:7e:e8:b2:81:47:
                    d7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:EA:3F:00:ED:05:78:42:ED:78:37:31:49:BC:E5:7C:63:CB:CA:C7
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.23.193.0/24
                  82.29.136.0/21
                IPv6:
                  2a13:9500:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:59:14:10:30:51:1f:2f:a0:ee:53:71:d2:3b:67:97:4f:a2:
         72:6e:e1:c3:15:88:be:d2:17:d6:5f:c9:de:9d:ab:a8:3d:e5:
         c6:7f:0d:9c:3b:26:5c:50:4f:42:4d:6d:d5:52:46:38:8d:6d:
         48:31:62:98:19:38:d7:51:3d:1a:14:3b:84:4e:a4:ef:c7:72:
         1e:32:80:ce:a2:d1:c6:81:72:f1:b4:6b:da:6d:09:b0:ec:40:
         e8:9d:1b:30:74:22:8a:a8:90:b8:02:20:df:46:da:e4:a3:04:
         26:a9:89:6a:b0:24:fc:f3:ff:0d:ba:cd:5a:d9:8a:67:9c:2e:
         7d:db:61:ee:97:2d:91:f6:83:b8:6f:53:84:0c:9a:1c:a2:b6:
         00:05:1b:00:74:24:c1:79:27:dd:4b:f7:fa:a5:89:73:c2:8c:
         dd:51:75:1a:76:ce:cb:0c:58:7d:85:7c:93:83:c0:ab:bc:cb:
         c3:b6:9b:6e:2c:73:97:90:4c:d4:ca:6d:5b:ae:e2:74:fa:df:
         0c:93:46:a7:de:e9:e3:ea:7e:6e:e3:3b:ae:23:b9:6a:1f:58:
         3a:ed:d3:49:9c:24:8e:69:d5:a2:d9:5a:4f:ed:ec:08:e9:a2:
         a0:a2:0d:83:71:f6:81:61:47:03:82:aa:f1:85:39:89:51:51:
         a9:c7:9e:23
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUJCH6U3b3YN9VOctO+YQLnkBRdM4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjMwODU3MDBaFw0yNjAxMjIwOTAyMDBaMDMxMTAvBgNV
BAMTKEVGRUEzRjAwRUQwNTc4NDJFRDc4MzczMTQ5QkNFNTdDNjNDQkNBQzcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA+DQ1SzSY9yG55dSwJMvZVkmG
2y4i/W19s5vwhRT7Kuat4/wMiSc45zFCyhkETIPMUS2hK8z9tt5kPC3OVigffAi1
j2W6qdzvQVplXZ6LwjC3aGgTuSmEFaxlIOPTtF1Jct1XhZi57nuy4wpIXodmY+7I
4x23Gv4ykqBytSU3YqdoHVz2rPvb2PBRSHxOJXHGsplZFewEMvuOW3/HqHXRdL6b
k+ULkRy7cIpxDr9WDBFP7oYksU7SIkZ+n5TvvkFbSZF65/SkVwn0RiTy017BmYbf
lFEe5hOw7CWAJvtWlZZBMnRs65FKONnFEHqP58Pec0+/XcxoAPh+6LKBR9f/AgMB
AAGjggIgMIICHDAdBgNVHQ4EFgQU7+o/AO0FeELteDcxSbzlfGPLyscwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwNgYIKwYBBQUHAQcBAf8EJzAlMBIEAgABMAwDBABSF8ED
BANSHYgwDwQCAAIwCQMHACoTlQAAAjANBgkqhkiG9w0BAQsFAAOCAQEAXFkUEDBR
Hy+g7lNx0jtnl0+icm7hwxWIvtIX1l/J3p2rqD3lxn8NnDsmXFBPQk1t1VJGOI1t
SDFimBk411E9GhQ7hE6k78dyHjKAzqLRxoFy8bRr2m0JsOxA6J0bMHQiiqiQuAIg
30ba5KMEJqmJarAk/PP/DbrNWtmKZ5wufdth7pctkfaDuG9ThAyaHKK2AAUbAHQk
wXkn3Uv3+qWJc8KM3VF1GnbOywxYfYV8k4PAq7zLw7abbixzl5BM1MptW67idPrf
DJNGp97p4+p+buM7riO5ah9YOu3TSZwkjmnVotlaT+3sCOmioKINg3H2gWFHA4Kq
8YU5iVFRqceeIw==
-----END CERTIFICATE-----