Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa
File:                     AS199707.roa (raw, json)
Hash identifier:          5IhKDNj5FUPoHRofVcRBVEfFOkoPVRKPosfokeHZ1Eo=
Subject key identifier:   B6:2E:62:6E:19:B5:C1:29:84:D2:A1:AB:4C:E8:24:03:26:84:EA:EB
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       3E218A1F3D5AE55FBB367B7C03790F879B7B3E31
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa
Signing time:             Sun 27 Apr 2025 01:54:04 +0000
ROA not before:           Sun 27 Apr 2025 01:49:04 +0000
ROA not after:            Sun 26 Apr 2026 01:54:04 +0000
asID:                     199707
IP address blocks:        147.79.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 03:08:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3e:21:8a:1f:3d:5a:e5:5f:bb:36:7b:7c:03:79:0f:87:9b:7b:3e:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 27 01:49:04 2025 GMT
            Not After : Apr 26 01:54:04 2026 GMT
        Subject: CN=B62E626E19B5C12984D2A1AB4CE824032684EAEB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:fa:d2:7b:88:9a:8d:f7:9b:bd:b1:8e:db:19:
                    dd:f2:e2:b4:3d:cd:c3:37:04:b0:16:17:4e:0e:11:
                    8a:16:7e:58:eb:0e:a6:9e:f1:30:a0:21:73:43:55:
                    9b:05:59:b1:5b:4d:c7:ab:ba:cd:42:9d:8b:86:e2:
                    f9:05:92:c3:b5:3f:71:3d:69:4a:d8:d8:15:07:bb:
                    e8:2b:a9:f1:80:60:df:c8:02:53:fe:88:30:45:60:
                    ca:57:1b:ed:75:d6:df:90:5f:6b:2d:f6:88:dd:34:
                    78:0c:7a:1c:a9:36:90:84:bb:82:52:d0:36:71:91:
                    5e:f9:ad:83:7a:c4:d0:ff:12:6c:1d:1d:6c:6a:b9:
                    76:82:6d:cc:67:9c:d4:63:34:ea:fb:dc:42:72:9f:
                    7a:a2:03:95:8e:92:2f:a2:1d:17:8a:26:b9:be:2f:
                    ed:91:cd:6a:96:a9:0b:d3:6c:3f:1a:8a:7d:02:51:
                    22:0a:6f:6c:31:62:cd:10:69:79:85:45:ad:cd:9f:
                    db:12:74:39:b0:fc:78:f3:be:38:b0:c3:37:15:c2:
                    53:82:3e:87:7a:a7:b5:3e:39:fc:d0:1e:1f:47:88:
                    e6:67:6d:b8:92:48:30:2c:f2:ff:3e:75:b4:b6:72:
                    cd:40:05:13:6d:cb:18:2e:f5:6f:f4:e8:bd:02:ab:
                    a4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:2E:62:6E:19:B5:C1:29:84:D2:A1:AB:4C:E8:24:03:26:84:EA:EB
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:00:a7:1e:fd:e6:0f:bd:78:9c:e4:19:86:ba:bc:d2:d4:b5:
         34:36:94:dc:7a:5a:de:33:74:32:6c:0e:8d:5d:88:1d:d0:dc:
         e9:ae:33:83:1e:dd:20:b4:ce:9d:fb:d1:a0:60:56:6e:7b:79:
         22:2b:47:47:e8:d5:11:ec:e3:8a:39:1a:07:d0:09:a3:ab:65:
         7f:49:0e:27:f9:16:c8:3d:66:7a:b7:39:58:9c:d2:79:0c:1f:
         f4:4f:44:81:db:05:43:92:25:7d:28:09:6f:78:74:5d:0c:b2:
         77:4e:73:58:f7:76:02:96:04:99:f0:2f:8c:71:25:00:6a:0e:
         7d:16:44:c7:d9:97:8f:fb:1b:fb:61:8b:4a:68:4c:e1:e7:f4:
         4a:bb:2c:9b:2f:0c:e2:18:6d:28:06:ba:13:13:05:31:f1:be:
         13:2a:74:c7:8d:0b:56:d7:35:35:fb:a9:0b:04:39:eb:fd:4d:
         0f:ad:7e:58:c6:a7:67:95:ef:5f:0d:68:dc:f7:62:69:d1:6a:
         ee:34:ad:d0:f0:b1:7f:a9:76:0c:91:fe:6c:70:cf:ee:68:ca:
         90:b5:cb:f8:14:7b:5d:6a:12:3b:58:8f:fc:eb:64:a2:31:43:
         85:f9:30:dc:fc:70:ff:eb:83:9f:12:39:6e:22:6f:ff:be:6e:
         30:46:f9:93
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUPiGKHz1a5V+7Nnt8A3kPh5t7PjEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjcwMTQ5MDRaFw0yNjA0MjYwMTU0MDRaMDMxMTAvBgNV
BAMTKEI2MkU2MjZFMTlCNUMxMjk4NEQyQTFBQjRDRTgyNDAzMjY4NEVBRUIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi+tJ7iJqN95u9sY7bGd3y4rQ9
zcM3BLAWF04OEYoWfljrDqae8TCgIXNDVZsFWbFbTcerus1CnYuG4vkFksO1P3E9
aUrY2BUHu+grqfGAYN/IAlP+iDBFYMpXG+111t+QX2st9ojdNHgMehypNpCEu4JS
0DZxkV75rYN6xND/EmwdHWxquXaCbcxnnNRjNOr73EJyn3qiA5WOki+iHReKJrm+
L+2RzWqWqQvTbD8ain0CUSIKb2wxYs0QaXmFRa3Nn9sSdDmw/HjzvjiwwzcVwlOC
Pod6p7U+OfzQHh9HiOZnbbiSSDAs8v8+dbS2cs1ABRNtyxgu9W/06L0Cq6StAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQUti5ibhm1wSmE0qGrTOgkAyaE6uswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5NzA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk08U
MA0GCSqGSIb3DQEBCwUAA4IBAQAGAKce/eYPvXic5BmGurzS1LU0NpTcelreM3Qy
bA6NXYgd0NzprjODHt0gtM6d+9GgYFZue3kiK0dH6NUR7OOKORoH0Amjq2V/SQ4n
+RbIPWZ6tzlYnNJ5DB/0T0SB2wVDkiV9KAlveHRdDLJ3TnNY93YClgSZ8C+McSUA
ag59FkTH2ZeP+xv7YYtKaEzh5/RKuyybLwziGG0oBroTEwUx8b4TKnTHjQtW1zU1
+6kLBDnr/U0PrX5Yxqdnle9fDWjc92Jp0WruNK3Q8LF/qXYMkf5scM/uaMqQtcv4
FHtdahI7WI/862SiMUOF+TDc/HD/64OfEjluIm//vm4wRvmT
-----END CERTIFICATE-----