Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
File:                     AS47436.roa (raw, json)
Hash identifier:          Ie1OJdaqhDxXib7o0kFrheDTcA50vV2VW3NpDCmW/DM=
Subject key identifier:   21:58:1D:9B:94:EE:5D:9C:F7:1D:46:DE:32:6E:62:73:6E:5E:54:36
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       6B98627901A83631A179DD235B3EC523E889F2DB
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
Signing time:             Sun 22 Sep 2024 05:43:19 +0000
ROA not before:           Sun 22 Sep 2024 05:38:19 +0000
ROA not after:            Sun 21 Sep 2025 05:43:19 +0000
asID:                     47436
IP address blocks:        195.206.235.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6b:98:62:79:01:a8:36:31:a1:79:dd:23:5b:3e:c5:23:e8:89:f2:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Sep 22 05:38:19 2024 GMT
            Not After : Sep 21 05:43:19 2025 GMT
        Subject: CN=21581D9B94EE5D9CF71D46DE326E62736E5E5436
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:bb:39:6e:62:07:fc:fa:f1:c3:8c:5e:e0:22:
                    d5:8f:bb:52:fc:16:6a:e7:df:d6:18:10:64:b9:e5:
                    1c:41:6a:78:40:2d:49:ac:00:95:8f:cf:13:04:e7:
                    26:e4:74:2a:48:9f:3b:82:1e:9b:dc:74:88:ab:dd:
                    fa:03:2e:79:34:db:7b:53:40:83:d1:fd:0a:77:1e:
                    e5:e5:63:78:56:53:71:19:af:22:01:7e:36:ba:e6:
                    b2:82:13:4f:69:ab:95:5d:f8:cc:e2:8d:fb:b1:f4:
                    91:5a:0c:24:2f:d8:e6:5e:06:b5:83:65:df:fc:ff:
                    87:40:a7:22:67:4a:a0:f2:26:7e:69:0b:d9:83:5a:
                    17:67:cd:16:86:5c:02:26:3e:bc:34:30:83:e6:44:
                    3a:02:ba:65:29:09:4c:f3:b6:fd:fb:f5:4b:00:2c:
                    71:e3:62:6e:a7:2b:d9:7c:df:99:83:a3:3c:53:68:
                    d1:cf:1c:82:2a:1c:60:f7:db:a0:47:7e:f4:80:28:
                    4b:86:00:ad:29:7a:6a:ba:1c:fe:1e:77:3b:ee:be:
                    b7:46:6b:5d:d7:7c:f0:e0:c7:b4:f1:fc:0c:e3:45:
                    44:43:cc:b2:27:f4:34:b2:d7:cb:45:0b:0b:75:ca:
                    c5:4e:35:cc:ef:35:46:ca:84:4d:f7:82:86:f5:a3:
                    fb:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:58:1D:9B:94:EE:5D:9C:F7:1D:46:DE:32:6E:62:73:6E:5E:54:36
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d1:dc:6f:7d:e9:b6:8a:17:fb:55:0d:f2:4f:44:d3:1f:7a:e6:
         80:6f:63:7b:99:20:18:75:21:cf:4c:37:5c:13:00:17:86:b8:
         ad:85:0b:6f:d9:d4:18:58:9d:78:46:95:09:f7:59:c7:18:9f:
         b3:1c:49:04:d3:ef:0d:bf:07:b5:a5:88:67:ab:82:29:e8:54:
         27:cc:3e:ce:5c:d7:bf:67:c7:de:83:24:ee:ce:6e:75:28:63:
         a8:e1:7b:65:49:2d:89:86:74:82:9b:97:8f:8b:90:c3:82:72:
         62:43:8a:46:b6:bb:39:85:97:1d:13:1b:ed:0e:6d:ad:da:1e:
         0f:bc:4c:6a:e6:af:55:8b:6f:67:45:e8:8c:4b:82:43:5a:3b:
         6a:42:61:f5:e4:a4:46:c3:00:c2:b7:2e:20:56:e3:d6:db:f9:
         62:ba:02:36:fa:6d:fe:6d:73:56:57:19:0f:ec:93:ce:9a:05:
         5b:34:af:fa:d4:c8:da:ad:10:8f:b9:ac:e3:dc:01:ae:46:49:
         8f:02:c4:fa:db:0c:93:6a:89:09:80:a8:ee:ff:b7:4c:d9:3c:
         62:86:ad:ad:a8:a8:65:b1:33:19:0b:8c:f2:95:30:ba:d7:b5:
         2f:9d:dc:6e:4f:6a:72:fb:0c:b5:8e:46:64:f3:1c:70:13:2f:
         3c:0c:4e:2d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUa5hieQGoNjGhed0jWz7FI+iJ8tswDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNDA5MjIwNTM4MTlaFw0yNTA5MjEwNTQzMTlaMDMxMTAvBgNV
BAMTKDIxNTgxRDlCOTRFRTVEOUNGNzFENDZERTMyNkU2MjczNkU1RTU0MzYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDluzluYgf8+vHDjF7gItWPu1L8
Fmrn39YYEGS55RxBanhALUmsAJWPzxME5ybkdCpInzuCHpvcdIir3foDLnk023tT
QIPR/Qp3HuXlY3hWU3EZryIBfja65rKCE09pq5Vd+Mzijfux9JFaDCQv2OZeBrWD
Zd/8/4dApyJnSqDyJn5pC9mDWhdnzRaGXAImPrw0MIPmRDoCumUpCUzztv379UsA
LHHjYm6nK9l835mDozxTaNHPHIIqHGD326BHfvSAKEuGAK0pemq6HP4edzvuvrdG
a13XfPDgx7Tx/AzjRURDzLIn9DSy18tFCwt1ysVONczvNUbKhE33gob1o/tVAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUIVgdm5TuXZz3HUbeMm5ic25eVDYwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDc0MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzusw
DQYJKoZIhvcNAQELBQADggEBANHcb33ptooX+1UN8k9E0x965oBvY3uZIBh1Ic9M
N1wTABeGuK2FC2/Z1BhYnXhGlQn3WccYn7McSQTT7w2/B7WliGerginoVCfMPs5c
179nx96DJO7ObnUoY6jhe2VJLYmGdIKbl4+LkMOCcmJDika2uzmFlx0TG+0Oba3a
Hg+8TGrmr1WLb2dF6IxLgkNaO2pCYfXkpEbDAMK3LiBW49bb+WK6Ajb6bf5tc1ZX
GQ/sk86aBVs0r/rUyNqtEI+5rOPcAa5GSY8CxPrbDJNqiQmAqO7/t0zZPGKGra2o
qGWxMxkLjPKVMLrXtS+d3G5PanL7DLWORmTzHHATLzwMTi0=
-----END CERTIFICATE-----