Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS19577.roa
File:                     AS19577.roa (raw, json)
Hash identifier:          yWA05+6Li5qgYeFOKE2YG+l2Z8G4NFET2tllcaE13CU=
Subject key identifier:   D5:0E:F0:09:C0:2B:4A:1C:90:7E:73:E3:1D:BD:83:56:1A:CF:76:25
Certificate issuer:       /CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
Certificate serial:       669415B7D915DA0EB5C09438C13C67CD4593FE44
Authority key identifier: 9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS19577.roa
Signing time:             Thu 01 May 2025 11:23:18 +0000
ROA not before:           Thu 01 May 2025 11:18:18 +0000
ROA not after:            Thu 30 Apr 2026 11:23:18 +0000
asID:                     19577
IP address blocks:        46.202.33.0/24 maxlen: 24
                          46.202.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 08:22:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            66:94:15:b7:d9:15:da:0e:b5:c0:94:38:c1:3c:67:cd:45:93:fe:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bd813391e4af2ae3103c1891b2272d4d5c13b5f
        Validity
            Not Before: May  1 11:18:18 2025 GMT
            Not After : Apr 30 11:23:18 2026 GMT
        Subject: CN=D50EF009C02B4A1C907E73E31DBD83561ACF7625
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f1:03:f4:7d:f3:13:67:99:07:0f:bc:7d:cc:
                    6e:08:0c:0b:43:03:6c:32:56:b8:4f:27:24:8e:8c:
                    22:15:ce:5a:85:18:61:ec:94:f7:83:c8:c6:98:a1:
                    d7:4e:b0:4e:b2:7f:fc:18:b3:87:29:04:fb:26:d2:
                    db:d5:1f:90:0f:f0:88:50:aa:09:2f:20:70:c9:51:
                    a5:85:75:9b:da:0d:cd:1c:46:1e:30:c4:fb:4e:b4:
                    63:b9:b5:b8:35:cc:62:15:ad:7c:39:95:56:86:b5:
                    ba:1b:18:48:05:85:3e:6b:a0:e2:c0:b2:f5:96:c3:
                    ca:c0:6e:c6:ae:40:98:ed:81:ef:2c:1a:8d:ce:61:
                    6d:95:e5:ad:a2:22:29:28:b6:74:3e:a0:00:f1:d5:
                    2b:15:90:ed:bf:9b:13:0a:5e:04:e8:ab:7e:5f:e6:
                    66:4c:a7:b5:31:4f:d8:a8:68:64:32:c6:b8:f9:1b:
                    7c:93:fd:9f:6d:f6:0e:65:97:b5:b5:9b:1b:d1:e0:
                    d8:5a:2a:e2:86:b0:22:4d:71:ab:e3:83:18:04:eb:
                    88:4d:9d:82:9b:a3:3e:11:f7:a3:91:11:ba:62:29:
                    f1:31:75:74:90:a5:de:ef:fc:e5:e8:d9:b7:69:9d:
                    55:2c:40:dd:ca:5f:1a:d0:a0:60:ec:aa:4d:b5:63:
                    ba:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:0E:F0:09:C0:2B:4A:1C:90:7E:73:E3:1D:BD:83:56:1A:CF:76:25
            X509v3 Authority Key Identifier:
                keyid:9B:D8:13:39:1E:4A:F2:AE:31:03:C1:89:1B:22:72:D4:D5:C1:3B:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/9BD813391E4AF2AE3103C1891B2272D4D5C13B5F.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m9gTOR5K8q4xA8GJGyJy1NXBO18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/c478f6f5-449a-4827-99d5-bf6b93a8f6b4/0/AS19577.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.202.33.0/24
                  46.202.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a5:6a:d9:a2:1c:c2:35:e9:23:ca:30:0e:8c:66:51:60:7b:09:
         81:a7:77:66:0e:85:9d:47:b1:de:45:c5:ab:a6:40:04:6c:8c:
         45:9d:f0:11:b6:58:bf:e9:f4:e4:75:86:98:23:25:fb:3c:ee:
         44:83:65:67:2e:62:57:01:89:1e:78:c2:d5:97:d3:c7:94:99:
         94:ad:19:49:1e:8b:6a:e2:cd:9b:f9:d3:86:f0:b2:b1:38:85:
         c3:d9:4d:b5:6e:48:0c:3a:67:0b:19:00:e9:98:1c:ab:8f:ba:
         a3:5f:3d:b3:f3:9b:4a:0f:fe:a0:e8:95:a1:e6:26:bb:1a:7b:
         3a:63:2c:24:a0:9f:10:5c:30:ae:d1:d3:d1:6b:b0:79:3e:b8:
         34:ba:6b:c1:ae:bd:0d:f6:97:e4:1b:1b:dc:27:99:8a:14:ae:
         61:28:db:88:3d:e8:97:e8:6f:54:49:13:4d:7f:ba:ed:1c:49:
         de:a2:d8:25:25:ae:f9:9f:c2:e2:62:33:af:e3:44:30:4a:5f:
         17:f1:72:c5:6c:17:72:f3:56:c4:a0:12:c5:68:4a:76:44:aa:
         f0:16:d2:f0:a8:33:e1:e2:0b:35:d5:a5:3a:3e:09:f7:ec:ed:
         86:9d:bf:cd:34:4b:51:0c:67:e1:e1:b9:4d:30:26:df:22:c5:
         00:d0:f4:32
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgIUZpQVt9kV2g61wJQ4wTxnzUWT/kQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWJkODEzMzkxZTRhZjJhZTMxMDNjMTg5MWIyMjcyZDRk
NWMxM2I1ZjAeFw0yNTA1MDExMTE4MThaFw0yNjA0MzAxMTIzMThaMDMxMTAvBgNV
BAMTKEQ1MEVGMDA5QzAyQjRBMUM5MDdFNzNFMzFEQkQ4MzU2MUFDRjc2MjUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCU8QP0ffMTZ5kHD7x9zG4IDAtD
A2wyVrhPJySOjCIVzlqFGGHslPeDyMaYoddOsE6yf/wYs4cpBPsm0tvVH5AP8IhQ
qgkvIHDJUaWFdZvaDc0cRh4wxPtOtGO5tbg1zGIVrXw5lVaGtbobGEgFhT5roOLA
svWWw8rAbsauQJjtge8sGo3OYW2V5a2iIikotnQ+oADx1SsVkO2/mxMKXgToq35f
5mZMp7UxT9ioaGQyxrj5G3yT/Z9t9g5ll7W1mxvR4NhaKuKGsCJNcavjgxgE64hN
nYKboz4R96OREbpiKfExdXSQpd7v/OXo2bdpnVUsQN3KXxrQoGDsqk21Y7ptAgMB
AAGjggIPMIICCzAdBgNVHQ4EFgQU1Q7wCcArShyQfnPjHb2DVhrPdiUwHwYDVR0j
BBgwFoAUm9gTOR5K8q4xA8GJGyJy1NXBO18wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvYzQ3OGY2ZjUtNDQ5YS00ODI3LTk5ZDUtYmY2YjkzYThm
NmI0LzAvOUJEODEzMzkxRTRBRjJBRTMxMDNDMTg5MUIyMjcyRDRENUMxM0I1Ri5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL205Z1RPUjVLOHE0eEE4R0pHeUp5MU5Y
Qk8xOC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L2M0NzhmNmY1LTQ0OWEt
NDgyNy05OWQ1LWJmNmI5M2E4ZjZiNC8wL0FTMTk1Nzcucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuyiED
BAAuyigwDQYJKoZIhvcNAQELBQADggEBAKVq2aIcwjXpI8owDoxmUWB7CYGnd2YO
hZ1Hsd5FxaumQARsjEWd8BG2WL/p9OR1hpgjJfs87kSDZWcuYlcBiR54wtWX08eU
mZStGUkei2rizZv504bwsrE4hcPZTbVuSAw6ZwsZAOmYHKuPuqNfPbPzm0oP/qDo
laHmJrsaezpjLCSgnxBcMK7R09FrsHk+uDS6a8GuvQ32l+QbG9wnmYoUrmEo24g9
6Jfob1RJE01/uu0cSd6i2CUlrvmfwuJiM6/jRDBKXxfxcsVsF3LzVsSgEsVoSnZE
qvAW0vCoM+HiCzXVpTo+Cffs7Yadv800S1EMZ+HhuU0wJt8ixQDQ9DI=
-----END CERTIFICATE-----