Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
File:                     AS57043.roa (raw, json)
Hash identifier:          18RydYmtoPThL7kd4xQJ5HrRZJZy5h6w73unjbBwY7k=
Subject key identifier:   1D:C0:48:86:A0:C7:7C:7A:C0:EB:4E:A0:80:87:EA:0A:0B:B4:B3:A4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       78E7D8BDA3014E19F99C1C58036FC89D4F8B2322
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa
Signing time:             Tue 22 Apr 2025 08:38:05 +0000
ROA not before:           Tue 22 Apr 2025 08:33:05 +0000
ROA not after:            Tue 21 Apr 2026 08:38:05 +0000
asID:                     57043
IP address blocks:        148.135.198.0/23 maxlen: 23
                          148.135.202.0/23 maxlen: 23
                          148.135.206.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            78:e7:d8:bd:a3:01:4e:19:f9:9c:1c:58:03:6f:c8:9d:4f:8b:23:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Apr 22 08:33:05 2025 GMT
            Not After : Apr 21 08:38:05 2026 GMT
        Subject: CN=1DC04886A0C77C7AC0EB4EA08087EA0A0BB4B3A4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:8c:dc:a8:30:50:38:05:55:4d:9a:c0:b0:04:
                    a2:62:00:6f:21:ad:44:f1:c4:d1:ea:dd:41:cf:2d:
                    26:9a:45:61:e1:fb:2a:58:39:95:48:3b:ed:de:7c:
                    8c:45:6e:8c:52:1b:5d:70:bd:34:33:85:a5:0f:47:
                    df:22:cf:cb:4b:94:8d:bc:5e:a8:7d:49:35:21:ef:
                    fb:c4:96:6c:03:8d:df:58:d5:a7:34:e0:ee:cd:8a:
                    56:2c:a8:41:3b:ec:2b:25:28:c9:d9:30:5d:6a:b9:
                    9b:78:1b:19:ea:f6:31:89:39:f4:e4:b6:da:d9:82:
                    17:1e:5e:50:e7:ff:13:0a:35:5e:19:aa:b1:5f:1c:
                    1b:ea:fc:b1:7a:29:ba:c3:ee:78:fc:60:09:ce:3a:
                    40:d5:3e:c5:af:52:4a:93:49:bb:c1:5a:76:1c:0e:
                    30:cf:a7:81:a6:c0:71:f8:f7:ed:f0:bd:bb:05:b4:
                    07:e1:cf:e7:dd:73:26:19:2a:a4:6a:15:84:04:02:
                    02:b3:af:69:e8:a7:68:e8:40:02:65:20:59:5e:2c:
                    6b:db:93:1c:2e:3c:8e:b6:30:43:85:a3:a3:a8:67:
                    f1:c3:77:29:cf:38:6c:10:80:2d:f2:cd:9d:4f:ee:
                    a7:08:72:86:2d:1c:b8:7e:15:73:c0:95:a6:cc:23:
                    7b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:C0:48:86:A0:C7:7C:7A:C0:EB:4E:A0:80:87:EA:0A:0B:B4:B3:A4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS57043.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  148.135.198.0/23
                  148.135.202.0/23
                  148.135.206.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:c0:61:1d:98:8a:d0:35:28:5d:4c:56:93:d7:25:9b:ad:8a:
         cf:2b:44:43:03:e5:b8:44:de:d1:ba:e2:16:86:98:80:7e:1e:
         9e:1f:e1:c2:3c:e5:0d:b5:5b:32:80:0c:19:05:6f:a3:0f:d9:
         4f:12:41:bf:68:13:30:ce:56:98:62:6c:41:6a:cb:79:79:29:
         22:19:a6:f0:14:e1:b0:eb:62:56:82:e6:18:15:27:6f:79:d6:
         a3:fb:23:d3:0d:db:6a:d3:73:e9:4e:1f:9a:86:e0:0d:3f:9e:
         1d:a3:ff:bf:6f:19:4f:52:57:2b:bd:7c:2a:b2:c8:80:63:71:
         15:ab:64:e4:75:f7:88:ce:b6:81:d6:41:31:46:82:ba:0f:d5:
         ec:3c:37:3a:35:8a:8d:1f:5d:ee:cd:be:55:c9:40:8a:75:76:
         16:c8:3d:df:98:5c:f9:e4:9f:31:78:79:12:be:72:0b:e6:8b:
         26:dc:6a:30:8f:41:cb:63:44:e2:8e:e5:57:d7:ed:27:72:68:
         9e:66:00:fb:b7:68:57:1b:05:db:8f:80:7a:d4:17:09:2b:a7:
         23:ee:02:87:2b:e0:af:e3:e9:82:ce:54:78:43:90:62:38:7f:
         cf:8c:52:db:06:db:10:ed:2f:54:aa:43:f6:8f:d1:f4:61:2e:
         e6:1a:3f:fa
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUeOfYvaMBThn5nBxYA2/InU+LIyIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA0MjIwODMzMDVaFw0yNjA0MjEwODM4MDVaMDMxMTAvBgNV
BAMTKDFEQzA0ODg2QTBDNzdDN0FDMEVCNEVBMDgwODdFQTBBMEJCNEIzQTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSjNyoMFA4BVVNmsCwBKJiAG8h
rUTxxNHq3UHPLSaaRWHh+ypYOZVIO+3efIxFboxSG11wvTQzhaUPR98iz8tLlI28
Xqh9STUh7/vElmwDjd9Y1ac04O7NilYsqEE77CslKMnZMF1quZt4Gxnq9jGJOfTk
ttrZghceXlDn/xMKNV4ZqrFfHBvq/LF6KbrD7nj8YAnOOkDVPsWvUkqTSbvBWnYc
DjDPp4GmwHH49+3wvbsFtAfhz+fdcyYZKqRqFYQEAgKzr2nop2joQAJlIFleLGvb
kxwuPI62MEOFo6OoZ/HDdynPOGwQgC3yzZ1P7qcIcoYtHLh+FXPAlabMI3uxAgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUHcBIhqDHfHrA606ggIfqCgu0s6QwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNTcwNDMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBAGUh8YD
BAGUh8oDBAGUh84wDQYJKoZIhvcNAQELBQADggEBAJTAYR2YitA1KF1MVpPXJZut
is8rREMD5bhE3tG64haGmIB+Hp4f4cI85Q21WzKADBkFb6MP2U8SQb9oEzDOVphi
bEFqy3l5KSIZpvAU4bDrYlaC5hgVJ2951qP7I9MN22rTc+lOH5qG4A0/nh2j/79v
GU9SVyu9fCqyyIBjcRWrZOR194jOtoHWQTFGgroP1ew8Nzo1io0fXe7NvlXJQIp1
dhbIPd+YXPnknzF4eRK+cgvmiybcajCPQctjROKO5VfX7SdyaJ5mAPu3aFcbBduP
gHrUFwkrpyPuAocr4K/j6YLOVHhDkGI4f8+MUtsG2xDtL1SqQ/aP0fRhLuYaP/o=
-----END CERTIFICATE-----