Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa
File:                     AS199707.roa (raw, json)
Hash identifier:          Ha4EDBGhGmDYrK8xoKreTBxjooZkA6dtE3gybM+qYig=
Subject key identifier:   BE:75:CC:E4:99:3C:7F:97:28:9C:D3:5C:86:70:2C:CC:32:12:72:9C
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       1AAAEB1099CB871201CC6708A23ACBD77EEEE64F
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa
Signing time:             Mon 28 Apr 2025 12:26:25 +0000
ROA not before:           Mon 28 Apr 2025 12:21:25 +0000
ROA not after:            Mon 27 Apr 2026 12:26:25 +0000
asID:                     199707
IP address blocks:        147.79.20.0/24 maxlen: 24
                          155.117.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 13:25:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1a:aa:eb:10:99:cb:87:12:01:cc:67:08:a2:3a:cb:d7:7e:ee:e6:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 28 12:21:25 2025 GMT
            Not After : Apr 27 12:26:25 2026 GMT
        Subject: CN=BE75CCE4993C7F97289CD35C86702CCC3212729C
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8e:98:16:ce:06:5d:8f:59:0c:73:80:68:a0:
                    6e:99:82:6e:52:f9:45:cf:35:4b:cb:32:d3:07:75:
                    d9:fe:58:08:4b:aa:f0:59:80:ed:86:60:f6:88:74:
                    7c:00:9f:4a:ed:59:b5:1e:99:e2:ab:b7:f8:3d:46:
                    0f:ba:96:3f:22:d1:90:07:71:a0:ae:45:74:5f:fd:
                    75:26:ae:a2:fa:36:35:25:a9:5d:c1:24:14:10:32:
                    c7:16:ea:61:2b:a4:0e:5a:cc:5a:7e:59:fc:9f:d0:
                    bb:0b:2d:6b:6f:32:f5:57:9b:db:f0:1f:3d:86:d4:
                    8f:b6:4e:f9:fd:74:1c:71:1e:15:1d:70:d2:a8:17:
                    24:5f:9a:5a:e6:72:9f:2d:b4:92:1c:31:e7:cc:01:
                    9e:ac:b8:2e:e2:ff:0c:4d:0f:c8:4b:52:4a:f0:48:
                    12:de:9d:72:01:ad:52:be:a7:1a:2b:0c:97:2c:20:
                    ee:7c:41:33:56:b3:dc:42:b2:37:c8:b9:15:b6:22:
                    ab:85:8e:b8:da:ad:98:2b:1c:6b:c7:b9:8a:78:2c:
                    f1:ad:3e:90:20:96:df:4e:b5:d8:e8:f9:09:89:d2:
                    66:e2:df:c1:81:de:81:65:72:67:b1:59:f9:45:c3:
                    d1:26:4c:6f:68:f1:a9:52:6e:71:d3:ff:65:68:1d:
                    ff:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:75:CC:E4:99:3C:7F:97:28:9C:D3:5C:86:70:2C:CC:32:12:72:9C
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS199707.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.20.0/24
                  155.117.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:ae:90:d7:c9:b9:e2:70:13:da:1d:b5:a2:98:4d:4e:59:a6:
         a1:7b:c4:a1:71:97:33:97:f2:77:5a:f2:ac:5c:75:d2:dd:b3:
         34:c3:d1:ef:6f:fa:ad:29:d9:75:d4:c5:a8:f1:f3:a1:89:14:
         b2:d8:79:b1:2f:b8:a1:35:b6:ee:4d:c2:e8:20:5a:1c:3e:59:
         34:44:60:3a:7d:02:b5:59:70:7d:ba:88:8a:88:95:01:95:55:
         62:f4:33:fb:d2:55:e4:d0:33:63:ea:8b:f2:21:9c:56:b9:57:
         28:80:ea:c6:8d:06:74:f8:a9:5f:41:c8:42:28:fa:f2:dc:df:
         d1:40:bf:77:79:b8:f6:0a:6c:4d:d2:7b:32:00:aa:3d:36:e2:
         f3:fb:26:ed:ba:2d:73:14:e2:4c:34:23:50:4c:11:7a:fa:34:
         c8:8e:d9:3a:4c:e9:65:d2:a9:14:48:2a:13:5c:30:33:6e:56:
         98:a4:25:38:80:dc:18:c5:76:1e:6c:e2:60:e9:23:92:4d:ba:
         de:64:21:89:bc:db:a1:30:8c:21:75:0c:20:97:59:de:d0:de:
         fa:fc:b8:77:27:e0:44:a7:16:51:97:f6:ee:ca:ad:a4:a9:e6:
         2b:52:54:7d:be:4f:2c:a3:7f:4d:70:d8:4a:f5:b2:b4:10:98:
         6d:9e:97:28
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgIUGqrrEJnLhxIBzGcIojrL137u5k8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjgxMjIxMjVaFw0yNjA0MjcxMjI2MjVaMDMxMTAvBgNV
BAMTKEJFNzVDQ0U0OTkzQzdGOTcyODlDRDM1Qzg2NzAyQ0NDMzIxMjcyOUMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7jpgWzgZdj1kMc4BooG6Zgm5S
+UXPNUvLMtMHddn+WAhLqvBZgO2GYPaIdHwAn0rtWbUemeKrt/g9Rg+6lj8i0ZAH
caCuRXRf/XUmrqL6NjUlqV3BJBQQMscW6mErpA5azFp+Wfyf0LsLLWtvMvVXm9vw
Hz2G1I+2Tvn9dBxxHhUdcNKoFyRfmlrmcp8ttJIcMefMAZ6suC7i/wxND8hLUkrw
SBLenXIBrVK+pxorDJcsIO58QTNWs9xCsjfIuRW2IquFjrjarZgrHGvHuYp4LPGt
PpAglt9Otdjo+QmJ0mbi38GB3oFlcmexWflFw9EmTG9o8alSbnHT/2VoHf+/AgMB
AAGjggIQMIICDDAdBgNVHQ4EFgQUvnXM5Jk8f5conNNchnAszDIScpwwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMTk5NzA3LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAk08U
AwQAm3WbMA0GCSqGSIb3DQEBCwUAA4IBAQC3rpDXybnicBPaHbWimE1OWaahe8Sh
cZczl/J3WvKsXHXS3bM0w9Hvb/qtKdl11MWo8fOhiRSy2HmxL7ihNbbuTcLoIFoc
Plk0RGA6fQK1WXB9uoiKiJUBlVVi9DP70lXk0DNj6ovyIZxWuVcogOrGjQZ0+Klf
QchCKPry3N/RQL93ebj2CmxN0nsyAKo9NuLz+ybtui1zFOJMNCNQTBF6+jTIjtk6
TOll0qkUSCoTXDAzblaYpCU4gNwYxXYebOJg6SOSTbreZCGJvNuhMIwhdQwgl1ne
0N76/Lh3J+BEpxZRl/buyq2kqeYrUlR9vk8so39NcNhK9bK0EJhtnpco
-----END CERTIFICATE-----