Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          gyQfak3B1J2N5epccQcdZAuE0xjtradNGSwAPaUiWTs=
Subject key identifier:   50:F3:B5:29:53:57:DA:14:DA:9C:60:ED:64:AE:A0:8D:C9:16:3C:D3
Certificate issuer:       /CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
Certificate serial:       1B44BFF8C81269B24E9DB3EEC2A171BB9BB314E5
Authority key identifier: C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa
Signing time:             Wed 23 Apr 2025 02:16:22 +0000
ROA not before:           Wed 23 Apr 2025 02:11:22 +0000
ROA not after:            Wed 22 Apr 2026 02:16:22 +0000
asID:                     20473
IP address blocks:        2a0f:85c1:393::/48 maxlen: 48
                          2a0f:85c1:c18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1b:44:bf:f8:c8:12:69:b2:4e:9d:b3:ee:c2:a1:71:bb:9b:b3:14:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4ce7d8902405ba4598f84b6a41c27d722834b1c
        Validity
            Not Before: Apr 23 02:11:22 2025 GMT
            Not After : Apr 22 02:16:22 2026 GMT
        Subject: CN=50F3B5295357DA14DA9C60ED64AEA08DC9163CD3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:10:a6:7b:4e:4d:9b:af:1e:8c:02:54:d9:a1:
                    b6:7c:45:aa:b6:f6:dd:fe:20:2b:33:7a:10:14:92:
                    8d:67:75:60:8c:0f:54:67:30:d4:63:06:d4:d8:82:
                    3c:b4:94:f1:03:a2:48:f0:f6:58:f7:7a:7d:65:8d:
                    ab:cb:f4:5d:4c:04:bb:61:69:f7:5b:7c:d1:1e:16:
                    fb:6f:be:49:cf:42:79:02:58:6d:1f:76:3f:31:c1:
                    a5:5b:7b:7a:d0:52:b9:d9:09:b3:b0:08:b4:8b:26:
                    bb:2b:c1:42:62:9a:06:e2:f6:46:71:b6:9d:b8:fb:
                    c9:d9:0e:a5:1a:79:bb:f7:b5:6e:77:d6:e1:18:7c:
                    0c:05:8d:a1:58:e0:bd:93:00:33:1d:bf:30:a9:34:
                    c6:26:6a:0c:94:a3:2f:99:74:03:dd:c3:01:ff:18:
                    a9:f8:1e:be:31:af:b7:0c:6e:39:04:01:14:19:e7:
                    04:ca:9e:22:52:01:2f:41:a7:6e:26:56:3e:d0:3e:
                    8e:33:f0:33:97:b8:99:92:5d:cd:b2:22:77:8d:26:
                    78:d3:33:4c:c3:0a:47:ca:16:ad:15:87:8c:8a:62:
                    43:c5:4a:e3:35:30:d7:58:78:05:e4:2f:8b:5e:ad:
                    3b:60:c9:ee:20:96:9b:6d:d3:e9:36:e9:94:70:65:
                    a5:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:F3:B5:29:53:57:DA:14:DA:9C:60:ED:64:AE:A0:8D:C9:16:3C:D3
            X509v3 Authority Key Identifier:
                keyid:C4:CE:7D:89:02:40:5B:A4:59:8F:84:B6:A4:1C:27:D7:22:83:4B:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/C4CE7D8902405BA4598F84B6A41C27D722834B1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xM59iQJAW6RZj4S2pBwn1yKDSxw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/84d51810-1987-4701-8f1f-8425111964f4/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:85c1:393::/48
                  2a0f:85c1:c18::/48

    Signature Algorithm: sha256WithRSAEncryption
         ec:85:da:0b:a7:ce:45:02:2e:83:03:76:df:1d:29:aa:db:ba:
         e2:30:76:ef:e9:24:cc:5f:b1:a2:5f:f8:3d:79:cc:29:87:d8:
         fd:cb:86:27:fb:87:6c:70:2a:dd:1e:79:99:93:b9:1e:89:09:
         f3:22:32:e2:6c:dc:76:18:6d:a8:b3:66:ff:3f:67:b5:ab:59:
         4a:f5:16:e2:84:4a:32:c6:ac:f2:9d:2e:4a:ae:60:2e:0e:cf:
         00:a1:fa:35:b1:21:f3:af:d9:26:6c:bd:bb:ec:7e:4f:8a:de:
         27:68:86:a7:82:2b:f9:40:7f:a7:0a:2a:84:12:56:06:6d:7e:
         e4:00:a1:f0:b5:88:3b:7b:1e:c8:19:53:05:5f:91:a0:8e:01:
         c7:04:d1:53:1f:01:4e:ff:c8:1a:ec:d7:3c:c2:e3:db:ef:06:
         c0:55:cf:60:40:ac:6b:a8:2d:13:87:fa:89:b8:25:18:08:cc:
         23:e2:50:b4:cf:94:b7:3e:86:af:0a:67:a2:39:4c:41:0b:8c:
         8b:fc:c8:6c:7b:b1:8a:f9:25:21:3e:62:1e:99:1f:de:f4:ae:
         0d:01:31:62:17:ae:46:23:4a:26:05:34:5a:a7:5f:67:35:17:
         c7:b7:c0:0c:0d:90:13:15:6a:3d:21:9d:5a:7a:59:14:56:fa:
         2c:73:a8:41
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIUG0S/+MgSabJOnbPuwqFxu5uzFOUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYzRjZTdkODkwMjQwNWJhNDU5OGY4NGI2YTQxYzI3ZDcy
MjgzNGIxYzAeFw0yNTA0MjMwMjExMjJaFw0yNjA0MjIwMjE2MjJaMDMxMTAvBgNV
BAMTKDUwRjNCNTI5NTM1N0RBMTREQTlDNjBFRDY0QUVBMDhEQzkxNjNDRDMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxEKZ7Tk2brx6MAlTZobZ8Raq2
9t3+ICszehAUko1ndWCMD1RnMNRjBtTYgjy0lPEDokjw9lj3en1ljavL9F1MBLth
afdbfNEeFvtvvknPQnkCWG0fdj8xwaVbe3rQUrnZCbOwCLSLJrsrwUJimgbi9kZx
tp24+8nZDqUaebv3tW531uEYfAwFjaFY4L2TADMdvzCpNMYmagyUoy+ZdAPdwwH/
GKn4Hr4xr7cMbjkEARQZ5wTKniJSAS9Bp24mVj7QPo4z8DOXuJmSXc2yIneNJnjT
M0zDCkfKFq0Vh4yKYkPFSuM1MNdYeAXkL4terTtgye4glptt0+k26ZRwZaW5AgMB
AAGjggIVMIICETAdBgNVHQ4EFgQUUPO1KVNX2hTanGDtZK6gjckWPNMwHwYDVR0j
BBgwFoAUxM59iQJAW6RZj4S2pBwn1yKDSxwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODRkNTE4MTAtMTk4Ny00NzAxLThmMWYtODQyNTExMTk2
NGY0LzAvQzRDRTdEODkwMjQwNUJBNDU5OEY4NEI2QTQxQzI3RDcyMjgzNEIxQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3hNNTlpUUpBVzZSWmo0UzJwQnduMXlL
RFN4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg0ZDUxODEwLTE5ODct
NDcwMS04ZjFmLTg0MjUxMTE5NjRmNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgACMBIDBwAqD4XB
A5MDBwAqD4XBDBgwDQYJKoZIhvcNAQELBQADggEBAOyF2gunzkUCLoMDdt8dKarb
uuIwdu/pJMxfsaJf+D15zCmH2P3Lhif7h2xwKt0eeZmTuR6JCfMiMuJs3HYYbaiz
Zv8/Z7WrWUr1FuKESjLGrPKdLkquYC4OzwCh+jWxIfOv2SZsvbvsfk+K3idohqeC
K/lAf6cKKoQSVgZtfuQAofC1iDt7HsgZUwVfkaCOAccE0VMfAU7/yBrs1zzC49vv
BsBVz2BArGuoLROH+om4JRgIzCPiULTPlLc+hq8KZ6I5TEELjIv8yGx7sYr5JSE+
Yh6ZH970rg0BMWIXrkYjSiYFNFqnX2c1F8e3wAwNkBMVaj0hnVp6WRRW+ixzqEE=
-----END CERTIFICATE-----