Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
File:                     AS22427.roa (raw, json)
Hash identifier:          6TFlIxVaA1nPqGFVJCudSFE0z77ANvHTs3I7KJCys4o=
Subject key identifier:   04:81:01:1D:86:77:63:71:DF:83:EF:23:4A:F2:52:3C:FB:97:39:E1
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       2793E677A7A92E0ED9E7C0C27C1DB15FCF4DE376
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa
Signing time:             Tue 06 May 2025 11:31:13 +0000
ROA not before:           Tue 06 May 2025 11:26:13 +0000
ROA not after:            Tue 05 May 2026 11:31:13 +0000
asID:                     22427
IP address blocks:        143.14.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 10 May 2025 16:09:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:93:e6:77:a7:a9:2e:0e:d9:e7:c0:c2:7c:1d:b1:5f:cf:4d:e3:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  6 11:26:13 2025 GMT
            Not After : May  5 11:31:13 2026 GMT
        Subject: CN=0481011D86776371DF83EF234AF2523CFB9739E1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:e0:de:54:6d:7e:c6:b7:b3:83:60:65:fa:ef:
                    97:a9:a6:fd:39:cb:30:dd:fe:c7:96:be:8e:f5:fc:
                    c8:38:eb:00:33:ad:2a:e9:35:43:0a:f3:d2:0b:ee:
                    32:6e:c4:12:df:5a:28:82:93:ee:64:ea:58:1e:7b:
                    2b:7d:b0:01:2b:bd:1d:2b:fd:58:38:5f:cd:f3:17:
                    33:85:cc:da:26:75:e7:cc:4f:a9:8b:f1:34:88:d1:
                    b5:0f:89:e8:a2:df:ee:02:e6:a9:ac:38:a8:5d:d9:
                    df:1d:24:ca:d0:74:c5:a9:16:30:12:c7:17:33:e3:
                    0b:d8:ef:1c:a7:27:b4:29:af:1c:02:70:82:65:06:
                    c9:0c:0f:cc:05:44:e6:33:a0:cc:07:de:74:12:fd:
                    70:b4:fc:28:53:01:4a:d9:fe:ce:90:2b:7d:a3:19:
                    2a:ca:f7:97:70:cc:32:5e:46:76:b0:a2:04:9f:d1:
                    35:88:7a:c6:0d:02:b4:0c:af:7c:36:8f:cf:9f:d5:
                    fe:90:8c:52:f0:5c:6b:6f:21:c0:2c:74:75:ae:30:
                    60:d7:c8:43:ad:57:62:a4:bc:24:29:12:41:c3:8f:
                    bd:67:25:07:77:8c:52:6c:5f:67:41:bd:be:1f:fe:
                    3b:7b:9d:53:1b:80:1a:ae:11:69:85:a6:e0:13:14:
                    66:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:81:01:1D:86:77:63:71:DF:83:EF:23:4A:F2:52:3C:FB:97:39:E1
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS22427.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.14.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:10:99:31:3a:c4:09:23:25:29:ed:8a:b1:7d:ce:da:79:e7:
         0d:3e:44:79:6a:8c:fc:80:ad:42:b9:19:92:ee:ab:18:5f:82:
         a2:10:f2:9b:ff:59:83:f1:87:ad:39:03:6f:3c:b6:4b:c6:1d:
         81:fa:7f:06:11:5c:a3:b5:49:71:83:cc:3a:47:87:2f:23:8d:
         b5:72:a4:34:60:7b:de:6a:0c:c6:69:b4:7c:b4:32:6d:7b:ea:
         5b:f9:05:93:cc:bf:20:8e:a1:47:8e:00:cb:bb:a6:d1:c7:54:
         6d:33:da:99:b7:97:88:10:9f:c5:11:c5:79:e2:75:7e:6e:45:
         2d:e7:ff:81:a7:95:b9:bc:b6:ff:0d:90:b8:f9:62:95:2a:32:
         b0:ed:36:74:29:50:57:18:71:e9:ae:9c:e7:50:a6:70:e6:07:
         78:7f:55:8c:00:09:8e:9a:a9:88:0e:37:ad:27:8f:ad:28:3e:
         18:bf:87:c9:44:02:51:c3:a8:b0:1d:b3:f1:67:40:36:e2:67:
         6c:46:4a:2a:d6:68:8e:de:26:5e:b1:30:9a:56:bc:9e:d1:f9:
         31:ab:84:cf:d1:bb:fe:76:69:ac:65:20:e3:ee:2d:db:16:57:
         c5:38:a3:3d:bf:26:ce:95:dd:42:d8:b7:c2:74:03:ab:f6:8d:
         0d:f9:bc:f7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUJ5Pmd6epLg7Z58DCfB2xX89N43YwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDYxMTI2MTNaFw0yNjA1MDUxMTMxMTNaMDMxMTAvBgNV
BAMTKDA0ODEwMTFEODY3NzYzNzFERjgzRUYyMzRBRjI1MjNDRkI5NzM5RTEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs4N5UbX7Gt7ODYGX675eppv05
yzDd/seWvo71/Mg46wAzrSrpNUMK89IL7jJuxBLfWiiCk+5k6lgeeyt9sAErvR0r
/Vg4X83zFzOFzNomdefMT6mL8TSI0bUPieii3+4C5qmsOKhd2d8dJMrQdMWpFjAS
xxcz4wvY7xynJ7QprxwCcIJlBskMD8wFROYzoMwH3nQS/XC0/ChTAUrZ/s6QK32j
GSrK95dwzDJeRnawogSf0TWIesYNArQMr3w2j8+f1f6QjFLwXGtvIcAsdHWuMGDX
yEOtV2KkvCQpEkHDj71nJQd3jFJsX2dBvb4f/jt7nVMbgBquEWmFpuATFGaNAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUBIEBHYZ3Y3Hfg+8jSvJSPPuXOeEwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjI0Mjcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACPDoMw
DQYJKoZIhvcNAQELBQADggEBAAsQmTE6xAkjJSntirF9ztp55w0+RHlqjPyArUK5
GZLuqxhfgqIQ8pv/WYPxh605A288tkvGHYH6fwYRXKO1SXGDzDpHhy8jjbVypDRg
e95qDMZptHy0Mm176lv5BZPMvyCOoUeOAMu7ptHHVG0z2pm3l4gQn8URxXnidX5u
RS3n/4Gnlbm8tv8NkLj5YpUqMrDtNnQpUFcYcemunOdQpnDmB3h/VYwACY6aqYgO
N60nj60oPhi/h8lEAlHDqLAds/FnQDbiZ2xGSirWaI7eJl6xMJpWvJ7R+TGrhM/R
u/52aaxlIOPuLdsWV8U4oz2/Js6V3ULYt8J0A6v2jQ35vPc=
-----END CERTIFICATE-----