Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          pSg/DCvU4v8tbsoH4LOBHRHNaW0l9TySq2K1CJg/x00=
Subject key identifier:   9A:FC:28:91:6E:C1:6A:1E:44:B5:B5:9D:F7:6A:A6:8A:78:4C:31:F5
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       4E19D047C5BEF84158754653C92DCF85CF0347FB
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
Signing time:             Thu 27 Mar 2025 03:48:06 +0000
ROA not before:           Thu 27 Mar 2025 03:43:06 +0000
ROA not after:            Thu 26 Mar 2026 03:48:06 +0000
asID:                     20473
IP address blocks:        2a0f:85c1:393::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            4e:19:d0:47:c5:be:f8:41:58:75:46:53:c9:2d:cf:85:cf:03:47:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Mar 27 03:43:06 2025 GMT
            Not After : Mar 26 03:48:06 2026 GMT
        Subject: CN=9AFC28916EC16A1E44B5B59DF76AA68A784C31F5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b9:03:00:c8:09:a0:6b:75:83:d3:12:0e:5b:
                    83:ec:c1:00:80:9e:2d:1e:c5:4c:da:c1:96:79:de:
                    92:06:a9:a8:00:6d:2c:ee:b8:2a:34:5c:66:b7:e1:
                    6f:78:e2:f9:c0:75:1e:94:53:68:84:a3:5e:81:10:
                    68:1f:34:5d:92:96:59:2e:ae:2e:ad:d5:c2:dc:d5:
                    46:d9:66:20:03:9b:ae:3b:f1:49:ee:56:73:d5:52:
                    cb:2d:88:38:ac:f9:b1:d4:79:46:d7:67:b0:3e:f3:
                    73:4c:82:6e:90:83:d3:60:bf:8a:7d:5c:ea:12:50:
                    c4:4a:13:67:93:ce:91:2f:f6:31:9a:f9:f4:7c:41:
                    9b:c5:16:c1:8a:01:ed:da:d5:65:04:a1:c8:6c:70:
                    07:ad:57:b3:09:c1:fc:45:eb:70:9b:71:1f:33:b8:
                    44:d8:e1:9d:db:92:a2:3d:40:da:34:ab:db:f7:52:
                    a7:4c:bc:ed:a7:f4:aa:d6:c6:b1:2a:5f:6b:af:18:
                    90:6d:8f:4e:3f:e4:df:07:64:28:e8:8d:08:a5:77:
                    05:83:03:18:30:38:6c:da:76:35:eb:92:1e:f5:ee:
                    eb:1b:06:bc:d9:96:a4:75:ac:95:80:0e:41:cc:c4:
                    7a:5f:70:1a:b4:56:df:f6:fa:52:ad:1e:8a:46:cf:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:FC:28:91:6E:C1:6A:1E:44:B5:B5:9D:F7:6A:A6:8A:78:4C:31:F5
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:393::/48

    Signature Algorithm: sha256WithRSAEncryption
         5f:ca:fc:41:6a:4a:bd:1b:ee:4b:e5:ba:25:65:a1:01:47:b9:
         46:fc:94:c3:89:87:98:30:a6:aa:55:b7:f4:ef:19:3c:42:8e:
         86:24:3c:92:79:95:cc:11:44:4a:06:fd:38:5b:00:aa:14:43:
         09:66:09:cc:b1:60:67:0f:75:e5:c7:c2:87:c9:38:f6:14:ea:
         4e:5e:d8:56:e6:9e:6a:86:3e:a7:a2:5b:03:05:08:1e:c3:b4:
         a1:77:d8:f6:b6:d9:fb:7b:44:3a:07:71:ef:72:ea:d3:23:09:
         a3:34:3e:f1:ee:f0:e9:74:2f:a0:3d:2d:20:85:c0:2e:72:d1:
         df:bd:e7:3d:3b:57:bf:d5:7b:9b:11:9a:05:a1:3f:ea:80:73:
         d9:e1:3f:33:97:ab:04:9b:5a:d4:ed:2f:58:ca:60:f2:f9:51:
         3d:8e:eb:99:0b:34:1f:9c:b9:f2:9e:21:1b:97:14:06:d9:01:
         43:1a:b3:b6:02:6b:18:21:c9:5a:5e:3f:ce:db:c3:b8:ef:ad:
         bf:ea:3d:23:6d:72:d9:4c:1e:3c:c2:e4:c4:6f:f6:76:da:1b:
         6e:e7:1b:3f:8e:e8:cf:f0:05:2a:e9:8b:c0:e9:a1:1d:c4:c8:
         15:1b:a7:93:d1:4d:be:52:48:2e:80:df:51:79:8b:48:fd:db:
         c7:c5:11:32
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgIUThnQR8W++EFYdUZTyS3Phc8DR/swDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTAzMjcwMzQzMDZaFw0yNjAzMjYwMzQ4MDZaMDMxMTAvBgNV
BAMTKDlBRkMyODkxNkVDMTZBMUU0NEI1QjU5REY3NkFBNjhBNzg0QzMxRjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC5uQMAyAmga3WD0xIOW4PswQCA
ni0exUzawZZ53pIGqagAbSzuuCo0XGa34W944vnAdR6UU2iEo16BEGgfNF2Sllku
ri6t1cLc1UbZZiADm6478UnuVnPVUsstiDis+bHUeUbXZ7A+83NMgm6Qg9Ngv4p9
XOoSUMRKE2eTzpEv9jGa+fR8QZvFFsGKAe3a1WUEochscAetV7MJwfxF63CbcR8z
uETY4Z3bkqI9QNo0q9v3UqdMvO2n9KrWxrEqX2uvGJBtj04/5N8HZCjojQildwWD
AxgwOGzadjXrkh717usbBrzZlqR1rJWADkHMxHpfcBq0Vt/2+lKtHopGz7ptAgMB
AAGjggIMMIICCDAdBgNVHQ4EFgQUmvwokW7Bah5EtbWd92qminhMMfUwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwAqD4XB
A5MwDQYJKoZIhvcNAQELBQADggEBAF/K/EFqSr0b7kvluiVloQFHuUb8lMOJh5gw
pqpVt/TvGTxCjoYkPJJ5lcwRREoG/ThbAKoUQwlmCcyxYGcPdeXHwofJOPYU6k5e
2FbmnmqGPqeiWwMFCB7DtKF32Pa22ft7RDoHce9y6tMjCaM0PvHu8Ol0L6A9LSCF
wC5y0d+95z07V7/Ve5sRmgWhP+qAc9nhPzOXqwSbWtTtL1jKYPL5UT2O65kLNB+c
ufKeIRuXFAbZAUMas7YCaxghyVpeP87bw7jvrb/qPSNtctlMHjzC5MRv9nbaG27n
Gz+O6M/wBSrpi8DpoR3EyBUbp5PRTb5SSC6A31F5i0j928fFETI=
-----END CERTIFICATE-----