Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          OrnUNKHM0bUNV81+EPAoudUx1+1wxhSJsCYd609hDCc=
Subject key identifier:   82:9B:22:B9:CD:80:13:8E:3D:91:25:CF:08:B7:2A:04:DC:69:62:E4
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       0CFC9D7FB8DA47AB8D1EDC54046B50019B42CDFC
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
Signing time:             Wed 11 Mar 2026 05:13:47 +0000
ROA not before:           Wed 11 Mar 2026 05:08:47 +0000
ROA not after:            Wed 10 Mar 2027 05:13:47 +0000
asID:                     23470
IP address blocks:        150.241.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0c:fc:9d:7f:b8:da:47:ab:8d:1e:dc:54:04:6b:50:01:9b:42:cd:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Mar 11 05:08:47 2026 GMT
            Not After : Mar 10 05:13:47 2027 GMT
        Subject: CN=829B22B9CD80138E3D9125CF08B72A04DC6962E4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:44:cd:44:90:d6:be:24:20:15:c3:5a:9b:bb:
                    68:98:13:58:e1:06:4c:43:1e:e7:3b:39:2a:74:36:
                    5f:63:be:75:eb:c0:76:27:67:52:07:f2:68:27:15:
                    43:01:df:f6:20:2e:f1:14:f2:3f:f1:40:1c:b2:76:
                    6d:fd:88:b7:da:8e:a7:89:29:d0:12:75:a3:33:24:
                    49:61:b2:d3:d7:1a:c2:2f:b1:89:ed:6d:62:56:b4:
                    a9:2f:c9:8c:f4:6a:07:55:d6:3c:34:4f:ea:64:6b:
                    ab:26:95:9a:08:c6:32:ad:6e:ca:88:b6:a2:cb:8b:
                    9f:7a:8d:2b:d7:c2:19:73:cd:ce:49:59:1c:58:15:
                    62:11:9b:16:0d:6a:6e:59:d7:dd:eb:6c:74:12:c8:
                    b4:ec:93:89:30:d8:b7:5b:17:68:c2:c1:fb:f5:6b:
                    c1:4b:b4:a8:31:bc:a7:86:01:79:72:bb:9c:f0:a3:
                    d1:04:13:62:3f:8c:28:b8:bd:a0:67:e3:6c:27:86:
                    88:3a:97:00:06:db:c3:de:51:b7:48:e2:cf:00:95:
                    6a:cd:28:30:69:fd:c2:5d:b2:5f:c3:77:5e:37:4b:
                    2d:2e:11:10:00:6a:58:fc:2d:e0:02:51:01:94:df:
                    d1:be:1d:e2:50:a7:2d:b9:d2:ba:61:8b:5e:c5:16:
                    45:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:9B:22:B9:CD:80:13:8E:3D:91:25:CF:08:B7:2A:04:DC:69:62:E4
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  150.241.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:64:b3:0f:84:53:85:7c:88:15:73:0e:02:db:59:78:33:62:
         ea:82:69:51:38:ba:7f:09:28:39:d2:4f:89:9a:e6:9f:53:b8:
         73:11:20:ba:4a:a2:f2:8b:b7:34:43:9a:24:7f:9e:80:22:1e:
         0a:6a:a7:d6:a7:3d:cc:29:c8:26:c6:8f:13:41:e7:96:9e:d7:
         76:e8:b9:cd:38:6d:8a:0a:4c:0e:9f:97:70:87:29:37:c4:de:
         03:3d:03:a1:24:1e:00:f5:26:66:aa:7c:38:82:f3:6d:07:e9:
         fd:fe:ab:50:64:4b:6d:68:1e:8e:86:92:97:46:d3:aa:01:80:
         32:80:78:d8:fe:b7:7c:b4:ba:31:20:21:4c:2d:0a:b9:3b:6c:
         b7:91:74:e5:6d:ff:05:36:43:0c:0f:03:20:51:bc:ef:81:a2:
         72:09:68:58:09:be:e7:6e:35:ba:c0:0f:f4:dc:93:f0:33:5f:
         ce:16:59:f2:3c:00:71:79:53:ce:2a:22:14:cf:5a:f1:46:c1:
         06:8f:d6:a4:67:c4:2c:c8:ad:c6:21:c2:9f:54:f4:80:85:12:
         43:82:12:a2:c6:9f:58:06:7b:b6:ee:28:66:ac:46:87:52:5c:
         39:cc:00:b8:ae:08:e0:18:d2:fc:21:34:20:05:9b:90:11:5d:
         7f:11:77:3a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUDPydf7jaR6uNHtxUBGtQAZtCzfwwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNjAzMTEwNTA4NDdaFw0yNzAzMTAwNTEzNDdaMDMxMTAvBgNV
BAMTKDgyOUIyMkI5Q0Q4MDEzOEUzRDkxMjVDRjA4QjcyQTA0REM2OTYyRTQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIRM1EkNa+JCAVw1qbu2iYE1jh
BkxDHuc7OSp0Nl9jvnXrwHYnZ1IH8mgnFUMB3/YgLvEU8j/xQByydm39iLfajqeJ
KdASdaMzJElhstPXGsIvsYntbWJWtKkvyYz0agdV1jw0T+pka6smlZoIxjKtbsqI
tqLLi596jSvXwhlzzc5JWRxYFWIRmxYNam5Z193rbHQSyLTsk4kw2LdbF2jCwfv1
a8FLtKgxvKeGAXlyu5zwo9EEE2I/jCi4vaBn42wnhog6lwAG28PeUbdI4s8AlWrN
KDBp/cJdsl/Dd143Sy0uERAAalj8LeACUQGU39G+HeJQpy250rphi17FFkWxAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUgpsiuc2AE449kSXPCLcqBNxpYuQwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBACW8dcw
DQYJKoZIhvcNAQELBQADggEBAFlksw+EU4V8iBVzDgLbWXgzYuqCaVE4un8JKDnS
T4ma5p9TuHMRILpKovKLtzRDmiR/noAiHgpqp9anPcwpyCbGjxNB55ae13bouc04
bYoKTA6fl3CHKTfE3gM9A6EkHgD1JmaqfDiC820H6f3+q1BkS21oHo6GkpdG06oB
gDKAeNj+t3y0ujEgIUwtCrk7bLeRdOVt/wU2QwwPAyBRvO+BonIJaFgJvuduNbrA
D/Tck/AzX84WWfI8AHF5U84qIhTPWvFGwQaP1qRnxCzIrcYhwp9U9ICFEkOCEqLG
n1gGe7buKGasRodSXDnMALiuCOAY0vwhNCAFm5ARXX8Rdzo=
-----END CERTIFICATE-----