Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          6AedrtifEp2eNZKUcEXK4gsNG7lHRYbK2nngO4mG55o=
Subject key identifier:   C9:4D:31:6C:0A:E6:8A:36:EF:85:D0:CF:C7:86:5A:C1:AB:C7:46:5A
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       24E558AC2D164A23CAE00CB80843BB183F0B46E3
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
Signing time:             Tue 09 Jun 2026 20:07:31 +0000
ROA not before:           Tue 09 Jun 2026 20:02:31 +0000
ROA not after:            Tue 08 Jun 2027 20:07:31 +0000
asID:                     23470
IP address blocks:        150.241.215.0/24 maxlen: 24
                          167.148.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 19:43:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            24:e5:58:ac:2d:16:4a:23:ca:e0:0c:b8:08:43:bb:18:3f:0b:46:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Jun  9 20:02:31 2026 GMT
            Not After : Jun  8 20:07:31 2027 GMT
        Subject: CN=C94D316C0AE68A36EF85D0CFC7865AC1ABC7465A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:06:94:41:2c:5c:a7:f2:4f:b9:e7:0c:70:0b:
                    d7:ce:ac:46:2c:61:79:38:9e:33:ed:05:01:71:da:
                    62:ba:71:59:86:7a:31:58:f6:75:d6:27:af:d3:cc:
                    c6:c0:31:b9:53:95:1b:6a:8b:74:32:42:a9:59:9a:
                    97:13:bd:db:27:68:5c:79:60:8d:ae:c3:09:64:36:
                    13:59:98:a3:4c:a8:e0:46:ac:9b:d0:0a:df:ba:be:
                    5a:1c:8e:8c:d1:eb:9c:4d:79:ce:5e:f7:5a:10:42:
                    9b:b8:a7:8b:5d:ef:bc:04:51:a2:6a:08:e5:4f:3f:
                    13:23:be:94:3c:73:16:a5:0d:c1:0b:6c:54:d0:04:
                    36:8b:d0:94:d1:9c:02:63:72:43:15:ad:92:e7:f9:
                    f1:05:89:d2:76:41:4d:fd:be:5b:9c:a7:1f:6e:56:
                    b5:0a:15:b8:3b:5d:b4:f0:d3:9c:5c:9e:33:be:8e:
                    6a:54:15:3d:19:41:69:b3:2b:8e:89:3f:3b:c6:a7:
                    19:d4:e5:33:a8:89:2b:e9:51:96:e1:0a:1f:5e:3a:
                    71:83:75:bf:dd:5a:7c:03:4b:75:4d:86:9a:6b:99:
                    fe:89:70:7e:8b:3d:0e:4f:42:09:a8:3a:10:fd:2d:
                    d9:62:f0:58:c7:36:43:bf:b0:5d:ac:d4:4e:d8:88:
                    76:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4D:31:6C:0A:E6:8A:36:EF:85:D0:CF:C7:86:5A:C1:AB:C7:46:5A
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.215.0/24
                  167.148.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:bc:38:e2:40:ca:10:97:f8:3d:a5:f1:b4:0a:19:20:f3:cc:
         d4:f5:e2:97:0b:52:27:d7:6c:0a:8f:be:17:98:04:44:19:ef:
         95:04:8b:7b:20:33:d4:79:c0:b5:71:28:6f:9b:2c:a6:a7:ac:
         97:8a:c3:d9:85:b4:7c:80:33:d8:fa:29:3e:3d:39:50:69:81:
         85:0d:20:d8:1a:9b:65:80:25:ab:c1:53:69:93:ef:6c:c1:49:
         cf:89:9e:d2:4a:ab:a5:78:25:f6:65:bf:0f:72:d8:8a:b8:67:
         10:41:75:a1:a7:01:1c:27:59:18:2b:76:ff:25:95:3a:42:59:
         29:a9:a5:99:aa:2c:28:7f:85:4c:b8:ae:f6:d6:8c:35:b4:85:
         73:56:8c:42:4b:33:7d:d7:94:be:2b:a4:8d:6f:93:ea:93:ce:
         13:19:6d:4b:d3:0e:fd:af:61:3d:23:d6:41:a5:de:a8:d1:b6:
         17:a9:71:4d:27:18:9d:9c:80:6e:b3:f6:ba:bf:5b:e9:6e:0d:
         a2:5e:a8:d8:ed:0d:38:8f:a6:eb:92:fa:9d:a3:7b:1d:a3:4b:
         ba:72:77:bd:ec:cc:be:7b:47:3d:79:cb:36:7d:47:cc:7f:04:
         ad:20:f8:c2:83:d6:13:05:ff:fa:7c:65:ac:a8:50:4a:40:87:
         32:a9:e0:f8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUJOVYrC0WSiPK4Ay4CEO7GD8LRuMwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjA2MDkyMDAyMzFaFw0yNzA2MDgyMDA3MzFaMDMxMTAvBgNV
BAMTKEM5NEQzMTZDMEFFNjhBMzZFRjg1RDBDRkM3ODY1QUMxQUJDNzQ2NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCRBpRBLFyn8k+55wxwC9fOrEYs
YXk4njPtBQFx2mK6cVmGejFY9nXWJ6/TzMbAMblTlRtqi3QyQqlZmpcTvdsnaFx5
YI2uwwlkNhNZmKNMqOBGrJvQCt+6vlocjozR65xNec5e91oQQpu4p4td77wEUaJq
COVPPxMjvpQ8cxalDcELbFTQBDaL0JTRnAJjckMVrZLn+fEFidJ2QU39vlucpx9u
VrUKFbg7XbTw05xcnjO+jmpUFT0ZQWmzK46JPzvGpxnU5TOoiSvpUZbhCh9eOnGD
db/dWnwDS3VNhpprmf6JcH6LPQ5PQgmoOhD9Ldli8FjHNkO/sF2s1E7YiHapAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUyU0xbArmijbvhdDPx4ZawavHRlowHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACW8dcD
BACnlCEwDQYJKoZIhvcNAQELBQADggEBAEm8OOJAyhCX+D2l8bQKGSDzzNT14pcL
UifXbAqPvheYBEQZ75UEi3sgM9R5wLVxKG+bLKanrJeKw9mFtHyAM9j6KT49OVBp
gYUNINgam2WAJavBU2mT72zBSc+JntJKq6V4JfZlvw9y2Iq4ZxBBdaGnARwnWRgr
dv8llTpCWSmppZmqLCh/hUy4rvbWjDW0hXNWjEJLM33XlL4rpI1vk+qTzhMZbUvT
Dv2vYT0j1kGl3qjRthepcU0nGJ2cgG6z9rq/W+luDaJeqNjtDTiPpuuS+p2jex2j
S7pyd73szL57Rz15yzZ9R8x/BK0g+MKD1hMF//p8ZayoUEpAhzKp4Pg=
-----END CERTIFICATE-----