Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
File:                     AS47436.roa (raw, json)
Hash identifier:          3rlcEsZyoJuAzRyzlXQ5Uyxsi8SzimtXitFukrxPcoM=
Subject key identifier:   CB:B5:A5:C5:50:AE:D8:52:84:97:8A:01:08:8A:31:E7:10:B2:7A:F0
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       3EDBAA292C2855579C806F376CA7E0371F6A0215
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa
Signing time:             Mon 03 Mar 2025 17:14:55 +0000
ROA not before:           Mon 03 Mar 2025 17:09:55 +0000
ROA not after:            Mon 02 Mar 2026 17:14:55 +0000
asID:                     47436
IP address blocks:        195.206.235.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 16:49:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:db:aa:29:2c:28:55:57:9c:80:6f:37:6c:a7:e0:37:1f:6a:02:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Mar  3 17:09:55 2025 GMT
            Not After : Mar  2 17:14:55 2026 GMT
        Subject: CN=CBB5A5C550AED85284978A01088A31E710B27AF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:39:34:e0:e7:ba:67:42:85:4b:91:a0:0e:c3:
                    c0:0c:63:34:0c:7d:3b:b4:c2:3a:bf:eb:c2:55:37:
                    e9:45:16:c5:13:a8:25:fd:01:8e:6e:ac:e7:bc:2a:
                    a4:34:4e:e9:c2:99:cb:83:fd:b5:64:31:00:ce:3b:
                    01:f4:00:48:ba:54:ad:33:f8:9f:7e:d6:7a:7e:9e:
                    50:56:b7:23:4d:65:26:48:37:18:1f:6a:30:f3:4d:
                    95:02:94:5e:cb:f3:f4:ef:4b:41:c2:e4:a5:32:56:
                    6f:ec:a0:9d:cf:01:6f:16:3e:07:61:2d:a2:e7:e9:
                    9a:2e:8a:71:d8:e2:70:0e:4b:e4:63:c0:54:17:73:
                    a6:a5:2a:62:0b:21:ff:08:6d:27:ff:56:f3:8c:c5:
                    4b:4b:c2:54:9b:fe:f4:8a:b0:de:b6:f6:19:41:64:
                    66:62:7e:75:87:70:f4:c7:7a:d9:b3:eb:d3:ae:19:
                    01:e0:c7:c9:2e:a7:c1:f2:d9:eb:5c:13:dc:ea:4e:
                    88:48:d7:d7:b2:93:d3:76:85:91:f5:eb:59:b9:6a:
                    c8:7f:48:c5:29:b3:00:a4:cf:35:bf:f0:6a:52:a3:
                    39:68:fd:e0:8d:58:df:25:a6:c0:bb:11:79:50:e9:
                    de:6a:12:34:c0:cb:bc:75:cb:6f:83:8d:6a:7e:45:
                    bb:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:B5:A5:C5:50:AE:D8:52:84:97:8A:01:08:8A:31:E7:10:B2:7A:F0
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS47436.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.206.235.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:e7:d0:04:8c:29:e8:f7:d6:c5:fc:72:a5:01:48:2b:90:65:
         52:e0:7c:48:f5:ab:05:bd:13:68:4a:ec:95:bc:8d:71:34:0d:
         8e:1a:63:a6:af:d5:d7:99:cd:bf:18:77:17:f7:2e:a5:51:e5:
         88:8d:ff:47:c3:3c:1d:b2:d1:53:7f:d7:23:83:26:41:0a:2f:
         ab:83:93:60:85:42:34:f5:58:6c:f6:ba:4d:c6:5d:aa:b2:f3:
         7b:71:40:17:62:53:f1:3a:a5:19:a8:b7:b9:a5:10:8a:fd:90:
         89:90:52:cd:67:09:a3:b8:2c:4c:68:0d:5f:e2:a8:7b:66:88:
         f6:95:98:46:a6:48:83:c8:93:e6:19:d1:a4:45:32:f2:85:e6:
         06:23:08:0d:fe:4a:69:41:7b:77:38:67:e9:3f:7d:b3:7d:b9:
         72:9c:82:0c:e5:66:e0:ca:2f:6f:5c:7d:86:4e:b0:98:67:86:
         3d:2f:b8:0a:4a:0e:5e:c3:ab:29:18:cf:de:91:e8:2a:98:c3:
         d6:6a:a1:f4:70:d0:99:16:5f:21:04:e4:7d:e0:24:21:82:b9:
         45:a3:0c:dc:61:81:83:f9:92:ed:aa:10:2d:5f:13:7f:3f:ca:
         58:fb:d2:04:67:dd:b3:44:80:e1:47:83:1b:58:9a:c1:c7:7f:
         3c:f3:3a:ec
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPtuqKSwoVVecgG83bKfgNx9qAhUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTAzMDMxNzA5NTVaFw0yNjAzMDIxNzE0NTVaMDMxMTAvBgNV
BAMTKENCQjVBNUM1NTBBRUQ4NTI4NDk3OEEwMTA4OEEzMUU3MTBCMjdBRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOTTg57pnQoVLkaAOw8AMYzQM
fTu0wjq/68JVN+lFFsUTqCX9AY5urOe8KqQ0TunCmcuD/bVkMQDOOwH0AEi6VK0z
+J9+1np+nlBWtyNNZSZINxgfajDzTZUClF7L8/TvS0HC5KUyVm/soJ3PAW8WPgdh
LaLn6ZouinHY4nAOS+RjwFQXc6alKmILIf8IbSf/VvOMxUtLwlSb/vSKsN629hlB
ZGZifnWHcPTHetmz69OuGQHgx8kup8Hy2etcE9zqTohI19eyk9N2hZH161m5ash/
SMUpswCkzzW/8GpSozlo/eCNWN8lpsC7EXlQ6d5qEjTAy7x1y2+DjWp+Rbt3AgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUy7WlxVCu2FKEl4oBCIox5xCyevAwHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDc0MzYucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBADDzusw
DQYJKoZIhvcNAQELBQADggEBAMnn0ASMKej31sX8cqUBSCuQZVLgfEj1qwW9E2hK
7JW8jXE0DY4aY6av1deZzb8Ydxf3LqVR5YiN/0fDPB2y0VN/1yODJkEKL6uDk2CF
QjT1WGz2uk3GXaqy83txQBdiU/E6pRmot7mlEIr9kImQUs1nCaO4LExoDV/iqHtm
iPaVmEamSIPIk+YZ0aRFMvKF5gYjCA3+SmlBe3c4Z+k/fbN9uXKcggzlZuDKL29c
fYZOsJhnhj0vuApKDl7DqykYz96R6CqYw9ZqofRw0JkWXyEE5H3gJCGCuUWjDNxh
gYP5ku2qEC1fE38/ylj70gRn3bNEgOFHgxtYmsHHfzzzOuw=
-----END CERTIFICATE-----