Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
File:                     AS23470.roa (raw, json)
Hash identifier:          D7V33K18cuoT2uUbw7UTfs9QnyA8yCiIqbovXGKAJC4=
Subject key identifier:   08:B7:E2:F6:81:D7:54:25:F1:6D:5B:33:A9:5A:5E:6B:73:4B:07:30
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       7AE88A847726013DEA4448E7E7833CC677A002D9
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa
Signing time:             Sun 19 Oct 2025 00:04:44 +0000
ROA not before:           Sat 18 Oct 2025 23:59:44 +0000
ROA not after:            Sun 18 Oct 2026 00:04:44 +0000
asID:                     23470
IP address blocks:        146.103.11.0/24 maxlen: 24
                          150.241.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            7a:e8:8a:84:77:26:01:3d:ea:44:48:e7:e7:83:3c:c6:77:a0:02:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: Oct 18 23:59:44 2025 GMT
            Not After : Oct 18 00:04:44 2026 GMT
        Subject: CN=08B7E2F681D75425F16D5B33A95A5E6B734B0730
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:67:44:ca:1f:c1:55:10:89:e6:28:7d:ad:05:
                    db:f4:b5:b6:a7:fa:f6:bd:b2:b6:30:4e:c9:a9:1e:
                    c9:09:e4:56:da:fb:fe:2c:75:e2:aa:47:8e:d9:19:
                    23:60:e5:ab:c9:b7:d4:88:be:f6:08:02:aa:1a:6c:
                    d1:b2:b8:1c:3f:96:01:3a:f4:1c:e6:de:01:5d:43:
                    3d:d8:9d:d0:f2:46:b9:21:c3:5f:00:b8:ed:dd:b1:
                    cd:89:dc:7c:ed:e6:80:40:a8:0a:3d:74:9d:6a:b2:
                    01:71:b8:80:b6:85:eb:99:22:cc:a6:69:88:ac:fd:
                    7c:3a:c2:52:01:0f:e1:a6:e0:79:cc:7a:ed:26:53:
                    39:f5:30:49:ec:7c:05:5d:e2:7c:0a:b6:d2:ef:06:
                    f0:28:d6:77:fb:86:6f:47:a9:6e:4f:22:de:e5:34:
                    9c:6d:9f:43:ee:88:e7:65:88:d9:90:91:0b:ac:d2:
                    29:5e:81:93:0d:cc:f9:24:43:dd:c7:c4:07:7b:4e:
                    68:c0:1a:38:97:ca:e6:43:81:fa:01:eb:cc:ce:0d:
                    eb:8d:99:f2:8f:93:08:d7:b5:71:dd:9c:4c:8f:79:
                    3a:03:8b:1a:44:6a:23:a0:fc:f0:4a:8d:e9:a6:5d:
                    9d:06:da:26:2c:c5:56:77:90:2c:19:21:f2:4f:3d:
                    39:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:B7:E2:F6:81:D7:54:25:F1:6D:5B:33:A9:5A:5E:6B:73:4B:07:30
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS23470.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.103.11.0/24
                  150.241.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:f8:ef:2c:c3:12:30:fd:bf:5c:53:fd:d2:0d:95:66:0d:9f:
         a8:44:23:94:d4:f4:f1:ee:92:43:73:61:25:9d:3d:13:2f:f3:
         2a:74:bb:ff:92:bb:62:8d:d6:9f:af:a0:c2:c3:06:e5:26:ea:
         d5:b3:41:49:fc:f3:2d:9a:a3:db:ec:23:13:b0:bb:f1:11:f1:
         bd:ba:8e:7e:2a:f9:85:d0:9b:0c:ef:f8:f0:ea:df:ae:e9:35:
         5d:d3:ff:1b:70:03:cf:c2:84:b4:fe:91:2f:fd:1d:bf:e4:ae:
         4c:28:b2:28:27:48:01:3c:05:d0:14:cd:05:5f:60:d5:83:f9:
         82:1d:4c:5a:3a:1b:2d:66:52:95:09:26:a3:82:46:cb:9b:3c:
         f8:41:2f:a7:71:49:54:cc:c0:1b:76:0e:9c:48:79:1b:fe:10:
         b2:47:43:23:62:d9:e3:77:93:17:bf:51:99:62:8a:b0:c3:01:
         11:d0:cf:5b:14:1e:41:22:c7:b8:d5:22:fa:45:9e:f0:ac:0f:
         15:44:45:46:d6:a7:21:fb:2e:7c:25:46:b9:84:e9:21:13:2b:
         44:72:8e:60:d5:81:7e:e4:c0:97:99:31:a6:6c:0b:50:54:f9:
         a4:7a:05:39:76:c1:1c:f2:8b:4f:d4:5c:b7:06:de:64:52:55:
         df:1e:07:76
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUeuiKhHcmAT3qREjn54M8xnegAtkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTEwMTgyMzU5NDRaFw0yNjEwMTgwMDA0NDRaMDMxMTAvBgNV
BAMTKDA4QjdFMkY2ODFENzU0MjVGMTZENUIzM0E5NUE1RTZCNzM0QjA3MzAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIZ0TKH8FVEInmKH2tBdv0tban
+va9srYwTsmpHskJ5Fba+/4sdeKqR47ZGSNg5avJt9SIvvYIAqoabNGyuBw/lgE6
9Bzm3gFdQz3YndDyRrkhw18AuO3dsc2J3Hzt5oBAqAo9dJ1qsgFxuIC2heuZIsym
aYis/Xw6wlIBD+Gm4HnMeu0mUzn1MEnsfAVd4nwKttLvBvAo1nf7hm9HqW5PIt7l
NJxtn0PuiOdliNmQkQus0ilegZMNzPkkQ93HxAd7TmjAGjiXyuZDgfoB68zODeuN
mfKPkwjXtXHdnEyPeToDixpEaiOg/PBKjemmXZ0G2iYsxVZ3kCwZIfJPPTlFAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUCLfi9oHXVCXxbVszqVpea3NLBzAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTMjM0NzAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACSZwsD
BACW8dcwDQYJKoZIhvcNAQELBQADggEBAAn47yzDEjD9v1xT/dINlWYNn6hEI5TU
9PHukkNzYSWdPRMv8yp0u/+Su2KN1p+voMLDBuUm6tWzQUn88y2ao9vsIxOwu/ER
8b26jn4q+YXQmwzv+PDq367pNV3T/xtwA8/ChLT+kS/9Hb/krkwosignSAE8BdAU
zQVfYNWD+YIdTFo6Gy1mUpUJJqOCRsubPPhBL6dxSVTMwBt2DpxIeRv+ELJHQyNi
2eN3kxe/UZliirDDARHQz1sUHkEix7jVIvpFnvCsDxVERUbWpyH7LnwlRrmE6SET
K0RyjmDVgX7kwJeZMaZsC1BU+aR6BTl2wRzyi0/UXLcG3mRSVd8eB3Y=
-----END CERTIFICATE-----