Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa
File:                     AS20473.roa (raw, json)
Hash identifier:          PUG1LZlSEZHnjKqSHd36UySjmjzJgxGWGB3gNt4tEDk=
Subject key identifier:   90:1E:9D:1E:E4:3E:93:25:58:44:AC:96:C9:CF:7F:0D:6A:CA:46:E9
Certificate issuer:       /CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
Certificate serial:       64BF29F7BD520E5AFD1DDDCBEFFFA9BEF9C66201
Authority key identifier: A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa
Signing time:             Wed 18 Jun 2025 11:12:12 +0000
ROA not before:           Wed 18 Jun 2025 11:07:12 +0000
ROA not after:            Wed 17 Jun 2026 11:12:12 +0000
asID:                     20473
IP address blocks:        2a14:7581:f70::/48 maxlen: 48
                          2a14:7581:f71::/48 maxlen: 48
                          2a14:7584:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 10:55:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            64:bf:29:f7:bd:52:0e:5a:fd:1d:dd:cb:ef:ff:a9:be:f9:c6:62:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a83d48652f3b2df74f6bf9baa8a9c174ccfd3772
        Validity
            Not Before: Jun 18 11:07:12 2025 GMT
            Not After : Jun 17 11:12:12 2026 GMT
        Subject: CN=901E9D1EE43E93255844AC96C9CF7F0D6ACA46E9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1f:f0:52:28:13:27:2f:e2:e3:a3:7e:4c:8d:
                    b2:81:96:75:82:f9:45:a1:4f:36:0c:bc:3c:a7:bc:
                    aa:f2:e9:20:e9:0f:80:db:86:66:25:e7:98:31:0a:
                    d4:2f:fb:8e:45:87:08:6a:0e:7a:d3:13:0c:61:02:
                    61:b9:7a:49:dc:17:0b:f2:a6:f3:78:97:2d:db:7e:
                    a7:62:fb:d1:07:b8:c5:7a:8c:c9:b9:44:37:8f:35:
                    22:43:49:6c:3e:97:0b:63:4c:5a:84:08:30:13:0c:
                    42:30:c4:15:4d:54:e9:20:c3:77:b7:50:0b:9b:04:
                    74:9c:a3:ed:a7:c5:2a:c4:35:13:67:b8:62:bc:f3:
                    24:d1:a9:7e:d4:5d:76:b3:4a:eb:8b:16:56:2d:cb:
                    c9:c7:58:b4:f3:f3:4d:41:b3:a4:5f:d9:ce:5e:a1:
                    72:34:64:0e:40:18:c9:8f:7e:ed:3a:45:49:1f:dd:
                    09:15:ec:d9:b2:65:9d:48:c8:d0:0a:1d:d2:70:db:
                    7d:44:e4:fc:b1:03:6a:d4:22:a6:b9:fd:99:ca:3e:
                    e2:8c:82:c3:33:79:b7:ff:da:ec:9f:b4:3e:44:9f:
                    8c:40:27:68:5c:d2:36:6a:6c:ec:ff:53:54:1a:72:
                    f5:73:c6:c8:2c:0b:c7:79:6a:c5:5a:76:2a:3d:dc:
                    49:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1E:9D:1E:E4:3E:93:25:58:44:AC:96:C9:CF:7F:0D:6A:CA:46:E9
            X509v3 Authority Key Identifier:
                keyid:A8:3D:48:65:2F:3B:2D:F7:4F:6B:F9:BA:A8:A9:C1:74:CC:FD:37:72

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/A83D48652F3B2DF74F6BF9BAA8A9C174CCFD3772.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qD1IZS87LfdPa_m6qKnBdMz9N3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/89270f6c-a3fe-4299-b079-309ed97f3824/0/AS20473.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7581:f70::/47
                  2a14:7584:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:d3:a4:54:23:e1:34:30:ea:c2:9b:d5:7b:09:8d:77:2f:de:
         9e:91:9f:1e:01:89:ae:80:aa:9b:f7:ac:f7:8a:fa:3e:e2:f4:
         8c:66:44:37:4c:2f:30:4b:2b:04:5f:59:10:e2:6e:b5:5c:53:
         50:41:ad:2d:aa:75:90:aa:3c:1f:9b:45:56:4e:8d:88:70:0c:
         a4:ad:a4:27:2d:67:ad:25:88:07:0a:cf:51:e6:9a:a2:f7:b4:
         b5:da:eb:f8:79:7c:0b:a4:86:55:6e:5f:1c:03:6b:fe:18:77:
         90:4b:21:86:01:4f:3f:6b:68:56:7b:a3:9d:ab:1a:db:b9:a1:
         1b:cf:60:4d:b2:22:ac:6e:6e:43:bb:53:7b:68:1d:50:60:01:
         cd:0d:51:d2:34:42:58:c5:a2:27:a2:0b:92:74:46:39:eb:4c:
         82:ab:f5:1b:39:29:90:f6:4e:09:62:fe:b7:4f:5a:3b:7c:b1:
         ee:94:74:fb:6e:49:55:e9:0e:12:99:ab:3d:96:8b:57:0d:c3:
         88:f4:76:7e:1c:a8:48:b2:ab:24:a1:56:66:1c:ec:f5:a6:47:
         a6:ed:4c:ae:17:d1:47:23:90:c3:01:4b:89:33:bb:71:32:bb:
         44:3c:3b:d4:8a:53:9c:84:cb:09:92:fc:01:f4:fe:e2:dc:dc:
         c8:50:46:69
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgIUZL8p971SDlr9Hd3L7/+pvvnGYgEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoYTgzZDQ4NjUyZjNiMmRmNzRmNmJmOWJhYThhOWMxNzRj
Y2ZkMzc3MjAeFw0yNTA2MTgxMTA3MTJaFw0yNjA2MTcxMTEyMTJaMDMxMTAvBgNV
BAMTKDkwMUU5RDFFRTQzRTkzMjU1ODQ0QUM5NkM5Q0Y3RjBENkFDQTQ2RTkwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAH/BSKBMnL+Ljo35MjbKBlnWC
+UWhTzYMvDynvKry6SDpD4DbhmYl55gxCtQv+45FhwhqDnrTEwxhAmG5ekncFwvy
pvN4ly3bfqdi+9EHuMV6jMm5RDePNSJDSWw+lwtjTFqECDATDEIwxBVNVOkgw3e3
UAubBHSco+2nxSrENRNnuGK88yTRqX7UXXazSuuLFlYty8nHWLTz801Bs6Rf2c5e
oXI0ZA5AGMmPfu06RUkf3QkV7NmyZZ1IyNAKHdJw231E5PyxA2rUIqa5/ZnKPuKM
gsMzebf/2uyftD5En4xAJ2hc0jZqbOz/U1QacvVzxsgsC8d5asVadio93EkXAgMB
AAGjggIUMIICEDAdBgNVHQ4EFgQUkB6dHuQ+kyVYRKyWyc9/DWrKRukwHwYDVR0j
BBgwFoAUqD1IZS87LfdPa/m6qKnBdMz9N3IwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvODkyNzBmNmMtYTNmZS00Mjk5LWIwNzktMzA5ZWQ5N2Yz
ODI0LzAvQTgzRDQ4NjUyRjNCMkRGNzRGNkJGOUJBQThBOUMxNzRDQ0ZEMzc3Mi5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL3FEMUlaUzg3TGZkUGFfbTZxS25CZE16
OU4zSS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5Lzg5MjcwZjZjLWEzZmUt
NDI5OS1iMDc5LTMwOWVkOTdmMzgyNC8wL0FTMjA0NzMucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKgYIKwYBBQUHAQcBAf8EGzAZMBcEAgACMBEDBwEqFHWB
D3ADBgQqFHWEgDANBgkqhkiG9w0BAQsFAAOCAQEAINOkVCPhNDDqwpvVewmNdy/e
npGfHgGJroCqm/es94r6PuL0jGZEN0wvMEsrBF9ZEOJutVxTUEGtLap1kKo8H5tF
Vk6NiHAMpK2kJy1nrSWIBwrPUeaaove0tdrr+Hl8C6SGVW5fHANr/hh3kEshhgFP
P2toVnujnasa27mhG89gTbIirG5uQ7tTe2gdUGABzQ1R0jRCWMWiJ6ILknRGOetM
gqv1GzkpkPZOCWL+t09aO3yx7pR0+25JVekOEpmrPZaLVw3DiPR2fhyoSLKrJKFW
Zhzs9aZHpu1MrhfRRyOQwwFLiTO7cTK7RDw71IpTnITLCZL8AfT+4tzcyFBGaQ==
-----END CERTIFICATE-----