Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          0YgupJEaT9UiAX65EYDncB76ZxsrLE+cCJCVBHx9aG8=
Subject key identifier:   43:46:AC:7E:C8:9A:F4:DB:7B:E8:57:0A:62:5E:B0:FC:21:85:15:C9
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       11376BE5E181AF3F496417C444BCFBB8DD6D89DA
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
Signing time:             Tue 17 Sep 2024 04:24:11 +0000
ROA not before:           Tue 17 Sep 2024 04:19:11 +0000
ROA not after:            Tue 16 Sep 2025 04:24:11 +0000
asID:                     20473
IP address blocks:        2a0f:85c1:393::/48 maxlen: 48
                          2a0f:85c1:3c8::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:37:6b:e5:e1:81:af:3f:49:64:17:c4:44:bc:fb:b8:dd:6d:89:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Sep 17 04:19:11 2024 GMT
            Not After : Sep 16 04:24:11 2025 GMT
        Subject: CN=4346AC7EC89AF4DB7BE8570A625EB0FC218515C9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:d4:f9:a6:88:db:a5:09:27:8d:c4:ad:44:d9:
                    03:ad:3b:00:9b:91:27:48:51:8d:9b:09:df:79:c4:
                    df:23:9b:f8:2f:1b:7f:1f:28:ea:e4:26:b1:cb:8c:
                    7f:73:1a:d9:34:ef:36:21:b9:30:a2:3a:45:39:72:
                    e1:81:c6:25:45:d8:34:ea:6f:7b:62:d6:d3:bf:b7:
                    f9:f3:17:4c:1a:53:d5:c6:aa:77:c4:fc:35:32:eb:
                    6b:63:37:97:b8:11:9b:2e:6e:84:4e:3f:81:2b:47:
                    63:07:d6:66:bb:7a:20:45:81:01:5b:4f:64:7c:e8:
                    ad:b0:97:59:4e:5e:9a:ba:e0:33:9c:49:f5:b4:8e:
                    0d:a3:40:f4:45:b5:2d:f2:1d:3a:b5:ab:50:c0:62:
                    eb:e3:9c:1f:0d:76:3d:aa:0f:bc:cd:56:21:64:46:
                    56:93:35:9e:d7:cc:46:1f:82:ab:ff:3a:66:79:dd:
                    6c:69:67:0e:14:bf:a2:2d:03:f4:e5:85:15:db:fe:
                    fe:4a:50:33:bb:16:6a:a8:15:de:1c:45:9b:dc:12:
                    41:92:5d:69:c2:58:01:17:b0:ec:51:fa:65:7d:db:
                    d8:b0:12:97:64:e4:ac:24:a2:c5:de:e4:60:45:7d:
                    ce:86:0a:1b:78:8a:1d:ec:35:86:4f:71:fc:d3:51:
                    4f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:46:AC:7E:C8:9A:F4:DB:7B:E8:57:0A:62:5E:B0:FC:21:85:15:C9
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:393::/48
                  2a0f:85c1:3c8::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:31:93:d2:4b:12:9b:b7:cb:05:8d:41:78:b1:df:92:87:ee:
         ec:b1:8f:3b:bd:f2:07:72:09:a2:d7:3c:fc:c0:03:03:02:6f:
         20:60:a6:fc:9f:07:43:a8:86:b0:7b:35:34:96:04:bc:76:ee:
         c3:2c:35:07:3b:07:69:97:00:18:7c:38:cf:a3:a6:20:1c:71:
         6a:8a:4b:b2:62:fe:10:e8:fb:a6:9c:42:dd:dc:bc:2d:cc:eb:
         40:e7:ec:17:68:7b:94:ed:87:20:24:bf:38:b5:09:86:7c:3e:
         6e:9c:52:a1:8b:43:ef:f8:42:b6:4d:57:99:0c:9f:15:c2:e1:
         0c:2a:1f:26:72:77:e7:a8:76:5f:36:10:af:96:1b:1d:16:e9:
         63:a1:96:0e:ac:64:b9:7e:7a:78:62:0b:28:62:37:14:7c:62:
         53:15:36:80:98:d0:41:69:98:89:34:e3:ad:a9:75:62:49:84:
         04:38:3c:32:16:75:e3:a2:e5:99:1d:1e:6d:68:81:07:89:d4:
         3e:1f:8a:c2:b7:1d:5e:51:48:4d:7e:21:9e:18:20:d3:69:a7:
         6c:14:3c:a7:b2:d2:52:62:cb:75:bf:07:d7:43:2c:c5:02:f3:
         7b:0f:5f:01:74:61:bb:a5:1f:70:9b:75:97:4b:f3:19:81:e7:
         5b:7f:85:6f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUETdr5eGBrz9JZBfERLz7uN1tidowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNDA5MTcwNDE5MTFaFw0yNTA5MTYwNDI0MTFaMDMxMTAvBgNV
BAMTKDQzNDZBQzdFQzg5QUY0REI3QkU4NTcwQTYyNUVCMEZDMjE4NTE1QzkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZ1PmmiNulCSeNxK1E2QOtOwCb
kSdIUY2bCd95xN8jm/gvG38fKOrkJrHLjH9zGtk07zYhuTCiOkU5cuGBxiVF2DTq
b3ti1tO/t/nzF0waU9XGqnfE/DUy62tjN5e4EZsuboROP4ErR2MH1ma7eiBFgQFb
T2R86K2wl1lOXpq64DOcSfW0jg2jQPRFtS3yHTq1q1DAYuvjnB8Ndj2qD7zNViFk
RlaTNZ7XzEYfgqv/OmZ53WxpZw4Uv6ItA/TlhRXb/v5KUDO7FmqoFd4cRZvcEkGS
XWnCWAEXsOxR+mV929iwEpdk5KwkosXe5GBFfc6GCht4ih3sNYZPcfzTUU9TAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUQ0asfsia9Nt76FcKYl6w/CGFFckwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
A5MDBwAqD4XBA8gwDQYJKoZIhvcNAQELBQADggEBAGYxk9JLEpu3ywWNQXix35KH
7uyxjzu98gdyCaLXPPzAAwMCbyBgpvyfB0OohrB7NTSWBLx27sMsNQc7B2mXABh8
OM+jpiAccWqKS7Ji/hDo+6acQt3cvC3M60Dn7Bdoe5TthyAkvzi1CYZ8Pm6cUqGL
Q+/4QrZNV5kMnxXC4QwqHyZyd+eodl82EK+WGx0W6WOhlg6sZLl+enhiCyhiNxR8
YlMVNoCY0EFpmIk0462pdWJJhAQ4PDIWdeOi5ZkdHm1ogQeJ1D4fisK3HV5RSE1+
IZ4YINNpp2wUPKey0lJiy3W/B9dDLMUC83sPXwF0YbulH3CbdZdL8xmB51t/hW8=
-----END CERTIFICATE-----