Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS44592.roa
File:                     AS44592.roa (raw, json)
Hash identifier:          ysas8F4EebT2OOPSNZEppz/MfMtGZEVBroXpoDCReSY=
Subject key identifier:   20:29:C4:37:99:8D:E0:01:00:17:AC:2A:3C:46:A7:B6:40:B4:4C:D0
Certificate issuer:       /CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
Certificate serial:       6D3D1ED1BD53DD6326B38AAA9D6FC0B57869231E
Authority key identifier: 4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS44592.roa
Signing time:             Sat 03 May 2025 12:22:51 +0000
ROA not before:           Sat 03 May 2025 12:17:51 +0000
ROA not after:            Sat 02 May 2026 12:22:51 +0000
asID:                     44592
IP address blocks:        147.79.27.0/24 maxlen: 24
                          155.117.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6d:3d:1e:d1:bd:53:dd:63:26:b3:8a:aa:9d:6f:c0:b5:78:69:23:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4fc336bf9f3de5ce41414bd1971945f4b246bfcc
        Validity
            Not Before: May  3 12:17:51 2025 GMT
            Not After : May  2 12:22:51 2026 GMT
        Subject: CN=2029C437998DE0010017AC2A3C46A7B640B44CD0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9a:b4:31:be:43:c7:86:86:a5:78:99:6f:a0:
                    40:07:38:92:b9:1d:1c:63:8c:d0:99:a6:3d:46:92:
                    6e:b5:61:1b:c4:14:d0:cf:46:c5:c9:22:d0:4f:68:
                    fc:01:e7:00:d7:7e:0a:1a:10:a7:ad:c5:57:03:71:
                    48:bc:11:cb:81:14:45:14:83:41:9b:3b:9e:0f:8c:
                    07:e9:5b:65:25:27:b8:c9:1a:ea:da:19:9f:71:c1:
                    01:7b:07:76:a5:28:c1:63:0e:c2:7d:08:2d:c3:c4:
                    e3:f4:cf:d1:c8:63:ec:e5:ea:71:37:68:2a:38:03:
                    ae:0f:0a:71:37:f6:cd:41:0d:0b:a5:83:c6:30:38:
                    2d:45:cf:a2:3e:67:16:0d:ba:7b:94:36:44:23:66:
                    1d:56:d1:8d:2c:9b:e6:60:f7:34:1b:ac:6d:a7:ec:
                    1e:a7:a7:07:46:2c:97:25:dc:83:8c:76:25:a0:57:
                    e4:12:89:e7:a1:36:f2:db:29:8f:11:3a:cf:b9:4a:
                    87:c9:af:a8:84:ab:5d:8b:b1:b9:85:f0:f7:47:c7:
                    b8:77:66:23:fc:22:5d:f9:64:66:37:d9:1c:46:fc:
                    bc:15:86:26:ce:4b:91:23:34:0a:2b:d8:b0:44:da:
                    c2:71:33:0f:8f:8f:56:bb:b5:6c:48:00:1d:0d:9c:
                    3f:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:29:C4:37:99:8D:E0:01:00:17:AC:2A:3C:46:A7:B6:40:B4:4C:D0
            X509v3 Authority Key Identifier:
                keyid:4F:C3:36:BF:9F:3D:E5:CE:41:41:4B:D1:97:19:45:F4:B2:46:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/4FC336BF9F3DE5CE41414BD1971945F4B246BFCC.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T8M2v5895c5BQUvRlxlF9LJGv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/09be3aae-aea1-41dc-b1b9-95ac5918244d/0/AS44592.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.79.27.0/24
                  155.117.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:cf:12:79:c7:86:3f:dc:bf:3b:2c:29:16:da:e7:c4:c3:99:
         23:53:5f:f0:30:20:f2:a4:ed:a1:55:02:16:b8:88:08:a0:11:
         e0:62:6d:bf:fb:58:e8:5e:df:20:5a:36:de:a0:20:65:3a:89:
         7e:a4:32:67:f2:4e:fc:6b:e6:47:b2:7a:e7:da:b9:b5:92:40:
         5c:91:ef:8c:d3:87:c2:a7:d4:06:b4:c2:ec:69:e4:98:50:9b:
         d5:1f:82:7a:c7:84:71:fd:56:fd:ac:e9:f5:f3:eb:9b:34:bf:
         62:94:67:ff:b6:5f:aa:81:ca:7e:4f:9d:75:6b:ba:59:38:51:
         5f:04:75:d2:5b:52:3e:aa:99:89:ab:68:12:07:80:a2:28:57:
         f6:4d:70:bd:54:54:c7:5f:6d:90:6d:18:98:0a:da:26:7a:d5:
         05:6a:4c:87:96:a3:2f:cd:8c:13:5c:dd:5f:16:e0:36:f8:c1:
         10:4b:dd:c1:1a:e6:ba:0a:85:6d:37:db:79:22:c2:e5:12:11:
         7a:75:61:44:65:5a:3e:4b:e7:0a:85:18:19:8d:5d:92:2d:92:
         40:00:34:23:77:47:2d:04:6d:83:a4:c6:df:72:fe:2d:70:6e:
         54:84:ae:ea:46:19:0a:79:e7:36:2e:21:2b:04:45:b7:a2:d7:
         39:73:64:c6
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUbT0e0b1T3WMms4qqnW/AtXhpIx4wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNGZjMzM2YmY5ZjNkZTVjZTQxNDE0YmQxOTcxOTQ1ZjRi
MjQ2YmZjYzAeFw0yNTA1MDMxMjE3NTFaFw0yNjA1MDIxMjIyNTFaMDMxMTAvBgNV
BAMTKDIwMjlDNDM3OTk4REUwMDEwMDE3QUMyQTNDNDZBN0I2NDBCNDRDRDAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC8mrQxvkPHhoaleJlvoEAHOJK5
HRxjjNCZpj1Gkm61YRvEFNDPRsXJItBPaPwB5wDXfgoaEKetxVcDcUi8EcuBFEUU
g0GbO54PjAfpW2UlJ7jJGuraGZ9xwQF7B3alKMFjDsJ9CC3DxOP0z9HIY+zl6nE3
aCo4A64PCnE39s1BDQulg8YwOC1Fz6I+ZxYNunuUNkQjZh1W0Y0sm+Zg9zQbrG2n
7B6npwdGLJcl3IOMdiWgV+QSieehNvLbKY8ROs+5SofJr6iEq12LsbmF8PdHx7h3
ZiP8Il35ZGY32RxG/LwVhibOS5EjNAor2LBE2sJxMw+Pj1a7tWxIAB0NnD+vAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQUICnEN5mN4AEAF6wqPEantkC0TNAwHwYDVR0j
BBgwFoAUT8M2v5895c5BQUvRlxlF9LJGv8wwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMDliZTNhYWUtYWVhMS00MWRjLWIxYjktOTVhYzU5MTgy
NDRkLzAvNEZDMzM2QkY5RjNERTVDRTQxNDE0QkQxOTcxOTQ1RjRCMjQ2QkZDQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1Q4TTJ2NTg5NWM1QlFVdlJseGxGOUxK
R3Y4dy5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzA5YmUzYWFlLWFlYTEt
NDFkYy1iMWI5LTk1YWM1OTE4MjQ0ZC8wL0FTNDQ1OTIucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBACTTxsD
BACbdfAwDQYJKoZIhvcNAQELBQADggEBAKHPEnnHhj/cvzssKRba58TDmSNTX/Aw
IPKk7aFVAha4iAigEeBibb/7WOhe3yBaNt6gIGU6iX6kMmfyTvxr5keyeufaubWS
QFyR74zTh8Kn1Aa0wuxp5JhQm9UfgnrHhHH9Vv2s6fXz65s0v2KUZ/+2X6qByn5P
nXVrulk4UV8EddJbUj6qmYmraBIHgKIoV/ZNcL1UVMdfbZBtGJgK2iZ61QVqTIeW
oy/NjBNc3V8W4Db4wRBL3cEa5roKhW0323kiwuUSEXp1YURlWj5L5wqFGBmNXZIt
kkAANCN3Ry0EbYOkxt9y/i1wblSErupGGQp55zYuISsERbei1zlzZMY=
-----END CERTIFICATE-----