Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
File:                     AS23532.roa (raw, json)
Hash identifier:          KXsi8xpyF2WtXCasDSuiCJy3gsz9BIBT0JpfNsbR5P8=
Subject key identifier:   32:17:6B:55:7D:89:51:D3:8D:B5:C6:60:7D:DD:68:94:09:8D:0D:8B
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       476188722CDF643DAC624AFE0CA7AE8B2D9EB087
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa
Signing time:             Fri 25 Apr 2025 10:20:13 +0000
ROA not before:           Fri 25 Apr 2025 10:15:13 +0000
ROA not after:            Fri 24 Apr 2026 10:20:13 +0000
asID:                     23532
IP address blocks:        96.62.0.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:61:88:72:2c:df:64:3d:ac:62:4a:fe:0c:a7:ae:8b:2d:9e:b0:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 25 10:15:13 2025 GMT
            Not After : Apr 24 10:20:13 2026 GMT
        Subject: CN=32176B557D8951D38DB5C6607DDD6894098D0D8B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:6a:af:a9:3e:5e:76:cb:37:16:fa:18:9c:22:
                    e6:d9:8f:97:4c:d8:88:11:7b:d4:a7:79:67:84:1a:
                    45:f5:b0:8e:54:e8:c1:37:c7:82:e4:d0:52:e0:77:
                    2e:9c:5c:ff:46:e1:cc:78:9e:60:1d:83:9b:ae:4c:
                    34:e5:5d:59:8f:cb:42:cb:be:0d:fd:fe:2a:bd:00:
                    65:1a:74:90:11:21:c1:ad:6d:c7:22:af:a2:04:c1:
                    e5:2d:a3:f3:3b:7b:58:0c:3b:09:f3:41:ae:90:6e:
                    7f:af:b6:e9:13:b9:16:f7:ca:64:2a:4b:45:e2:01:
                    a6:c6:3c:52:2a:11:6c:e9:54:73:09:96:35:9f:c2:
                    75:40:e5:ff:10:c2:e7:8d:63:74:51:91:d5:0c:74:
                    d7:04:ac:8b:a9:a1:77:18:ce:8a:1c:7a:6f:ad:8e:
                    73:aa:eb:a7:b7:45:c8:a8:e6:8e:a1:2e:49:d5:c2:
                    df:3e:2d:d7:dc:06:4c:dd:74:bd:1b:75:1e:8c:c0:
                    73:f6:82:11:8b:4a:df:7d:b1:76:11:bb:99:46:ad:
                    64:42:87:ef:df:41:5f:1b:5c:25:30:e0:0c:7a:12:
                    61:e5:bb:3b:73:a7:62:88:03:4d:f7:b9:4b:01:bf:
                    f0:ef:32:35:fe:38:f2:67:c2:e6:fb:ca:96:6b:5d:
                    07:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:17:6B:55:7D:89:51:D3:8D:B5:C6:60:7D:DD:68:94:09:8D:0D:8B
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23532.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.62.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         39:e1:42:0d:3d:d4:0c:d8:41:46:b4:6c:b4:65:e2:31:4e:b9:
         0a:06:3f:7e:2d:28:b3:95:fb:b7:6a:6c:6f:63:c4:b4:b1:69:
         94:9c:d0:09:28:e8:e7:23:d4:09:55:98:7f:7b:4d:42:85:30:
         73:0c:db:80:97:a3:5f:ab:fa:08:31:a3:b1:a2:d5:41:54:df:
         49:6d:b7:e9:80:41:89:af:d9:31:5e:d8:f4:fd:84:a6:06:68:
         ee:a3:3c:21:fe:36:98:f9:75:b6:26:91:07:dd:51:8d:23:57:
         1e:86:e6:fd:3f:78:eb:c5:5b:44:1b:59:f6:b5:78:88:01:46:
         71:b1:4b:30:d1:f7:f1:30:04:9f:c8:78:b4:71:dc:20:66:7a:
         5e:17:69:27:3d:c6:8a:06:08:3f:73:8d:1a:7a:3f:6d:1c:be:
         9a:5d:d0:da:3d:a2:4e:af:e7:a0:d4:f8:9e:06:0c:fc:90:b3:
         a5:8c:d2:4f:2f:70:91:79:01:4c:46:d7:8a:08:fe:1d:92:a8:
         18:07:2f:b0:d3:59:a4:1a:0d:46:9d:e1:2c:3c:8e:fb:ab:72:
         38:82:c7:bd:8c:ec:da:98:0b:db:1a:6a:90:40:e2:96:35:bd:
         a9:ad:3b:54:a7:20:54:17:1c:18:51:41:29:b5:45:4e:fd:3d:
         ba:70:2e:f1
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUR2GIcizfZD2sYkr+DKeuiy2esIcwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjUxMDE1MTNaFw0yNjA0MjQxMDIwMTNaMDMxMTAvBgNV
BAMTKDMyMTc2QjU1N0Q4OTUxRDM4REI1QzY2MDdEREQ2ODk0MDk4RDBEOEIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDyaq+pPl52yzcW+hicIubZj5dM
2IgRe9SneWeEGkX1sI5U6ME3x4Lk0FLgdy6cXP9G4cx4nmAdg5uuTDTlXVmPy0LL
vg39/iq9AGUadJARIcGtbccir6IEweUto/M7e1gMOwnzQa6Qbn+vtukTuRb3ymQq
S0XiAabGPFIqEWzpVHMJljWfwnVA5f8QwueNY3RRkdUMdNcErIupoXcYzoocem+t
jnOq66e3Rcio5o6hLknVwt8+LdfcBkzddL0bdR6MwHP2ghGLSt99sXYRu5lGrWRC
h+/fQV8bXCUw4Ax6EmHluztzp2KIA033uUsBv/DvMjX+OPJnwub7ypZrXQfRAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUMhdrVX2JUdONtcZgfd1olAmNDYswHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM1MzIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAVgPgAw
DQYJKoZIhvcNAQELBQADggEBADnhQg091AzYQUa0bLRl4jFOuQoGP34tKLOV+7dq
bG9jxLSxaZSc0Ako6Ocj1AlVmH97TUKFMHMM24CXo1+r+ggxo7Gi1UFU30ltt+mA
QYmv2TFe2PT9hKYGaO6jPCH+Npj5dbYmkQfdUY0jVx6G5v0/eOvFW0QbWfa1eIgB
RnGxSzDR9/EwBJ/IeLRx3CBmel4XaSc9xooGCD9zjRp6P20cvppd0No9ok6v56DU
+J4GDPyQs6WM0k8vcJF5AUxG14oI/h2SqBgHL7DTWaQaDUad4Sw8jvurcjiCx72M
7NqYC9saapBA4pY1vamtO1SnIFQXHBhRQSm1RU79PbpwLvE=
-----END CERTIFICATE-----